New eXtension Available - Privilege Escalation Runner
8 views
Skip to first unread message
Watchfire AXF
Jul 18, 2007, 3:47:01 AM7/18/07
to axf-general...@googlegroups.com
Hi,
The Privilege Escalation Runner automates the
scanning with different login credentials,
and then continues to perform the Privilege Escalation tests available in AppScan.
and then continues to perform the Privilege Escalation tests available in AppScan.
To use it, first record a login sequence with each
user role.
This can be done by following these steps:
1. Open the Scan Configuration (Shortcut: F10)
2. Make sure the Starting URL is configured
3. Select the Login/Logout tab
4. Select the 'Recorded Login' Radio Button
5. Press the 'New' button, and record a login sequence
6. Save the login sequence to a file using the 'Save As' button at the bottom
7. Record additional login sequences by repeating steps 5-6
This can be done by following these steps:
1. Open the Scan Configuration (Shortcut: F10)
2. Make sure the Starting URL is configured
3. Select the Login/Logout tab
4. Select the 'Recorded Login' Radio Button
5. Press the 'New' button, and record a login sequence
6. Save the login sequence to a file using the 'Save As' button at the bottom
7. Record additional login sequences by repeating steps 5-6
Once the login sequences are recorded, open the
extension's main form from Tools->Extensions->'Privilege Escalation
Runner'.
In the form, perform the following steps:
- Browse to a Scan configuration template to use when performing the scans (must include the starting URL).
This can be done by configuring the current scan, and then choosing 'Save As Template' within the Scan Configuration Dialog.
- Browse to the primary recorded login file, marking a standard user (average permission level)
- Add any additional login sequences for logins with different permissions (e.g. admin, other users, etc.)
- Optionally change the max URLs per scan, scan files location, and results file
- Hit 'Run!'
- Browse to a Scan configuration template to use when performing the scans (must include the starting URL).
This can be done by configuring the current scan, and then choosing 'Save As Template' within the Scan Configuration Dialog.
- Browse to the primary recorded login file, marking a standard user (average permission level)
- Add any additional login sequences for logins with different permissions (e.g. admin, other users, etc.)
- Optionally change the max URLs per scan, scan files location, and results file
- Hit 'Run!'
The eXtension will proceed to run individual scans,
once with no login and once with each login sequence, and save those
scans into the configured folder.
When all the scans have run, the scan with the primary login will be configured for Privilege Escalation testing with the
other scans, and the test phase will be run with these tests only.
Finally, the results will be saved to the results scan file.
scans into the configured folder.
When all the scans have run, the scan with the primary login will be configured for Privilege Escalation testing with the
other scans, and the test phase will be run with these tests only.
Finally, the results will be saved to the results scan file.
Reply all
Reply to author
Forward
0 new messages