Feature - Handling Authentication. How can I auth in Webapp? And can I somewhere put session cookie?

yogeshojha / rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

https://yogeshojha.github.io/rengine/

GNU General Public License v3.0

7.54k stars 1.14k forks source link

Feature - Handling Authentication. How can I auth in Webapp? And can I somewhere put session cookie? #826

Closed zinwelzl closed 1 year ago

zinwelzl commented 1 year ago

Hi.

How can I auth in Webapp with username/password?

About feature request. And can I somewhere put session cookie I copy from web browser? Or can you add this feature to rengine.

Thanks for great project!

github-actions[bot] commented 1 year ago

👋 Hi @zinwelzl, Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

m3hdigh commented 1 year ago

It is useful for whitebox pentest and recon .

psyray commented 1 year ago

Use custom header in Scan Engine YAML for that

With that you could auth to a lot of UI (Auth basic etc..) https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Authorization

And for the sessions cookie, set it in the Cookie header

Not all tools use custom header

Tools that use it

FFUF
Nuclei
Hakrawler
Katana
Gospider
Dalfox
CRLFuzz
HTTPx

It's a good coverage to launch scan in whitebox