Website with login
348 views
Skip to first unread message
Sơn Trương Ngọc
Oct 9, 2012, 12:13:23 AM10/9/12
to iron...@googlegroups.com
:) I want to scan a website but it require login first.
Can you show me ?
Thanks !
Lavakumar Kuppan
Oct 9, 2012, 11:26:59 AM10/9/12
to iron...@googlegroups.com
Hi, you can set IronWASP as the proxy in your browser and then browse through the authenticated parts of the website first.
Once you have done that, just right-click on the sitemap and select 'Scan Branch'.
This is covered in one of thewalk-through videos - http://ironwasp.org/learn.html
Hope this helps!
Cheers,
Lava
The Viola
Oct 10, 2012, 4:00:09 AM10/10/12
to iron...@googlegroups.com
Thanks you !
But some website can't crawler without login.
Try http://ohay.vn
You can use acount user: 0936363636 pass: 12345678
Cheers !
Lavakumar Kuppan
Oct 10, 2012, 3:00:03 PM10/10/12
to iron...@googlegroups.com
That is true, so you have to crawl them manually.
Crawling the authenticated section of the site with an automated crawler is very ineffecient and even dangerous.
Post-authenticated sections of the site have complex logic and critical functionality, an automated crawler calling these functions without understanding them is a bad idea.
That is why it is best that you do the crawling manually for these sections and then let the scanner scan only those sections of the site that you feel are safe. At this point you can use Session Plugins to help you handle authentication. More details about session plugins are available here - http://ironwasp.org/learn/CustomSessionPlugin.html
The next version of IronWASP will make it very easy to create session plugins, even without any programming knowledge :)
Hope this helps!
Cheers,
Lava
The Viola
Oct 10, 2012, 9:38:42 PM10/10/12
to iron...@googlegroups.com
Thanks !
Reply all
Reply to author
Forward
0 new messages