[W3af-users] HTTP redirect

Discussion:

Blaharski, Jared

2016-09-01 14:54:26 UTC

To Whom It May Concern:

The website that we would like to scan has a SSO system and a HTTP redirect. Will your software have any trouble with handling that when doing the crawl through the website?

Taras

2016-09-01 20:46:29 UTC

Permalink

Hi, Jared!

You can try! ;)

Post by Blaharski, Jared
Â
The website that we would like to scan has a SSO system and a HTTP
redirect. Will your software have any trouble with handling that when
doing the crawl through the website?
-------------------------------------------------------------------
-----------
_______________________________________________
W3af-users mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-users

--
Taras
https://oxdef.info

Vimal SRINIVASAN

2016-09-02 00:16:22 UTC

Permalink

Nice point highlighted by Blaharski. I am curious what if the SSO have 2FA.

Regards,
Vimal.

Post by Blaharski, Jared
The website that we would like to scan has a SSO system and a HTTP
redirect. Will your software have any trouble with handling that when doing
the crawl through the website?
------------------------------------------------------------
------------------
_______________________________________________
W3af-users mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-users

Andres Riancho

2016-09-02 14:19:31 UTC

Permalink

I believe the answer is in the authentication part of docs [0], most
likely in [1].

Regarding 2FA, the way I would do it is to authenticate using a
browser, then get the cookie and set it in w3af as explained in [1]

[0] http://docs.w3af.org/en/latest/authentication.html
[1] http://docs.w3af.org/en/latest/authentication.html#setting-http-cookie

Post by Vimal SRINIVASAN
Nice point highlighted by Blaharski. I am curious what if the SSO have 2FA.
Regards,
Vimal.

Post by Blaharski, Jared
The website that we would like to scan has a SSO system and a HTTP
redirect. Will your software have any trouble with handling that when doing
the crawl through the website?
------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-users

------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-users

--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------