With the new version of arachni, that uses Chrome browser instead of decommissioned PhantomJS, I have noticed that the crawler sends Authorization: Negotiate header regardless of --http-authentication-type parameter (I have tried all of them) in every request the moment I start it. This breaks my entire scan, because the application already expects Authorization: Bearer JWT header, and fails receiving request with 2 identical name headers.
Is there any way to instruct arachni not to send that Authorization: Negotiate header at all?
With the new version of arachni, that uses Chrome browser instead of decommissioned PhantomJS, I have noticed that the crawler sends Authorization: Negotiate header regardless of
--http-authentication-type
parameter (I have tried all of them) in every request the moment I start it. This breaks my entire scan, because the application already expects Authorization: Bearer JWT header, and fails receiving request with 2 identical name headers.Is there any way to instruct arachni not to send that Authorization: Negotiate header at all?