I have recently discovered your tool and started using it for pen testing a SPA application based on Angular and Spring Boot. The security of the application is based on tokens, which must be provided on every HTTP request to the REST API as a header (ex. Auth: Basic tokenvalue).
Unfortunately, I am not able to correctly use the crawler, which stops at the login page. I provided the required header using the parameter -E (ex. python htcap.py crawl -E 'Auth=Basic tokenvalue' target dest) and it does not work (double checked with Wireshark, which does not show the Header being added in the requests).
I also tried using the credentials parameter (ex. python htcap.py crawl -l -A 'user:pass' target dest), but it does not work either. When trying to login to the application, the crawler uses random strings each time.
Is this is a bug or I am using your tool wrong? Could you please provide some information?
Hi htcap authors.
I have recently discovered your tool and started using it for pen testing a SPA application based on Angular and Spring Boot. The security of the application is based on tokens, which must be provided on every HTTP request to the REST API as a header (ex. Auth: Basic tokenvalue).
Unfortunately, I am not able to correctly use the crawler, which stops at the login page. I provided the required header using the parameter -E (ex. python htcap.py crawl -E 'Auth=Basic tokenvalue' target dest) and it does not work (double checked with Wireshark, which does not show the Header being added in the requests).
I also tried using the credentials parameter (ex. python htcap.py crawl -l -A 'user:pass' target dest), but it does not work either. When trying to login to the application, the crawler uses random strings each time.
Is this is a bug or I am using your tool wrong? Could you please provide some information?