Re: [W3af-users] Authenticated spider issues and questions
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-users] Authenticated spider issues and questions
|
From: Volker S. <vol...@re...> - 2018-04-26 10:31:13
|
Hello Andres,
I created a cookie file and tried again. Now it seems to use the cookie, but spider is still not successful. I can see that it spidered several pages but it does not follow the links inside. Looks like it does not even try to spider the page that was found in login page result like this:
<script type="text/javascript">
window.setTimeout("window.location.href = 'phpAccountSummary.php';", 0);
</script>
It just inspects the few pages linked on the start and login page. But it does not spider the pages behind. I thought it would also use the page I set for login verification (phpAccountSummary.php). It opens it, even successful after login, but it does not spider the links inside there.
Again, if I set the spider target directly to https://vsprovider2.de.mysystem.com/phpAccountSummary.php, the "Results"->"URLs" stays completely empty.
I also have to restart w3af GUI each time I scanned because any further action leads to crashes, strange GUI behaviour (missing values in scan config fields) or missing logs and URL's in "Results" view occasionally. The GUI seems very buggy to me.
Is there some other, more stable version available? And is there a more sophisticated authentication/spider PlugIn available?
Thanks,
Kukulkan
|
