superDJM / webvulscan

Automatically exported from code.google.com/p/webvulscan
GNU General Public License v3.0
0 stars 0 forks source link

Add automated/configurable session management for tested apps (e.g support for JSESSIONID, PHPSESSID, aspsessionid.*, asp.net_sessionid, etc) #10

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Pick a test Web application which normally requires authentication
2. Point webvulscan to the test Web app and attempt a scan
3. Currently, there is no way the tool will pass login page (unless 
authentication is disabled entirely for the test app - which is unrealistic)

What is the expected output? What do you see instead?
Be able to scan an app which requires authentication and normally uses 
authorisation cookies to maintain the user session on client-side. Currently, 
this is not possible with latest version of webvulscan tool.

What version of the product are you using? On what operating system?
webvulscan_v0.12

Please provide any additional information below.

Original issue reported on code.google.com by marian.v...@gmail.com on 17 Oct 2012 at 1:09

GoogleCodeExporter commented 8 years ago

Original comment by webvuls...@gmail.com on 22 Oct 2012 at 11:13

GoogleCodeExporter commented 8 years ago

Original comment by webvuls...@gmail.com on 22 Oct 2012 at 11:16