fcavallarin
commented
4 years ago I'm unable to reproduce the issues. Is there any special setting or it's a standard bWAPP install?
Closed maybe-why-not closed 4 years ago
fcavallarin
commented
4 years ago I'm unable to reproduce the issues. Is there any special setting or it's a standard bWAPP install?
maybe-why-not
commented
4 years ago I'm unable to reproduce the issues. Is there any special setting or it's a standard bWAPP install?
You can try this online shooting range.(http://bwapp.ywnxs.com/sqli_6.php)
username/password: bee/bug
fcavallarin
commented
4 years ago Ok, the form issue is due to bug in puppeteer (at least I guess) so I wrote a workaround and now it's working. I'm still unable to reproduce the issue with excluded domains. In your last screenshot you typed '*logout*' instead of '.*logout.*'
maybe-why-not
commented
4 years ago 
fcavallarin
commented
4 years ago I think you should use double quotes and not single quotes... you are on windows ...
so, try with ".*logout.*"
maybe-why-not
commented
4 years ago Yes, you are right! This conversation helped me answer the unknown question in advance and avoid my troubles in the future. Bwapp has 158 levels, but only 73 requests have been collected. I think this can give you some inspiration for the linkage between select and button. Thank you for your answer.
fcavallarin
commented
4 years ago sounds good! thank you!
command:python htcap.py crawl -p http:127.0.0.1:8080 -m aggressive -c "security_level=0; PHPSESSID=1ln04buglpc7ljdt95nu0r4a75" -x '.logout.' http://192.168.88.136/bWAPP/bWAPP/sqli_6.php baidu3.db -x can't exclude (regex) logout urls, and script can't auto click button to post requests.
Short Video in https://htcap.org is so cool! But i don't know how to repeat.