[W3af-svn-notify] [Task #147987] Be session aware
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
[W3af-svn-notify] [Task #147987] Be session aware
|
From: SourceForge.net <no...@so...> - 2008-04-23 01:47:51
|
Task #147987 has been updated. Project: w3af Subproject: TODO v1.10 Summary: Be session aware Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: Comment by Gerry Eisenhaur: """First, I read a short thread on form based authentication and if I remember correctly there was no way to have w3af automatically log in. I found having a 'session aware' spider/auditor was very helpful for certain applications when performing an audit. For example, when fuzzing url variables I have run into applications that will invalidate a session when certain malformed requests are made. Being session aware will allow w3af to relogin in that case. """ My answer: """ w3af can use a session, but as you say, w3af is not session aware; it won't know when the session died :( I agree with you that this kind of behavior *must* be fixed in the future, and we should go to a more "session aware" model. """ ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147987&group_id=170274&group_project_id=54341 |
