Closed GoogleCodeExporter closed 8 years ago
I'm sorry, I'm not sure I understand.
The -A option has nothing to do with cookies or form-based authentication. You
can use -C to specify predefined cookies, instead. Do you see skipfish deleting
-C cookies despite the use of -N?
With -I, skipfish will still access some directories outside the specified scan
scope to, for example, examine 404 behaviors; but it will not perform extensive
crawling / brute-forcing of such URLs. Are you seeing the scanner access
something completely out of scope?
Original comment by lcam...@gmail.com
on 18 Jul 2011 at 4:14
In case of cookie and session has change value everytime when change URL and
value has encryption. How to solve this problem to prevent cookie-session
deleted. (can't use -C to specify predefined cookies).
Thank you in advance.
Original comment by wiriya...@gmail.com
on 19 Jul 2011 at 6:41
I really don't quite follow, but I suspect there is nothing I can do. If your
web application uses a very unorthodox authentication model, and logs you out
at the slightest whim, you probably won't be able to scan it easily with any
automated tool.
Original comment by lcam...@gmail.com
on 19 Jul 2011 at 7:11
Thank you!!
Original comment by wiriya...@gmail.com
on 22 Jul 2011 at 2:07
Original issue reported on code.google.com by
wiriya...@gmail.com
on 18 Jul 2011 at 9:14Attachments: