how the spider start with authentication using python API

319 views
Skip to first unread message

liuxi...@gmail.com

unread,
May 8, 2015, 5:10:21 AM5/8/15
to zaproxy...@googlegroups.com
hello,everyone.

I use zap2.3.1 and python api to scan  websites.
how to write the code that spider start with authentication.
and also try some ways,but all failed.
I am a newer to ZAP,only guess that the "HttpSession" API could help me,but i don't understand how to use this API.
please help.

kingthorin+owaspzap

unread,
May 8, 2015, 9:12:25 AM5/8/15
to zaproxy...@googlegroups.com
What's "python$20login"?

Was that supposed to be "python+login" or "python%20login"? Either way what's that got to do with google groups? You're not trying to test something you have no permission or authority to test are you?

liuxi...@gmail.com

unread,
May 13, 2015, 2:15:56 AM5/13/15
to zaproxy...@googlegroups.com
I have the authority to test the website which on my own.
i really mean that i dont understand the  authentication of ZAP,I have the username and password,but i try many times as ZAP video demonstrated,no one succeed.
so,i try to ask for the help.
By the way,thank you for you answers,but not help .
"python+login" or "python%20login" ,what do you mean?
I also try for help again.
anybody can help ?
在 2015年5月8日星期五 UTC+8下午9:12:25,kingthorin+owaspzap写道:

kingthorin+owaspzap

unread,
May 13, 2015, 8:18:38 AM5/13/15
to zaproxy...@googlegroups.com
My questions were based on your first post, you included a google groups URL in the middle of which was the value "python$20login".

liuxi...@gmail.com

unread,
May 14, 2015, 5:10:13 AM5/14/15
to zaproxy...@googlegroups.com
sorry,it could be some mistake between us.

I think it maybe a solution could help me,but it cannot help.

I ask for logging in website through python API when zap spider crawl the website's html files,By the way the website is my own,i have the right.

I really read some blogs for solving the problem,but not work until now,may be it will be my misunderstand which leads logging in failed.

So,I still try for the help from this group.Believe that some one can help me .
I need the python code which implements the logging in function when zap spider crawl html files.






在 2015年5月13日星期三 UTC+8下午8:18:38,kingthorin+owaspzap写道:

kingthorin+owaspzap

unread,
May 14, 2015, 8:18:34 AM5/14/15
to zaproxy...@googlegroups.com
Ok that makes more sense.

If you haven't seen it already this might help you:
http://stackoverflow.com/questions/27596775/zap-authentication-using-api-calls

There's also this, which you probably have seen, and is a more basic example (without auth) but if you happened to have missed it might still provide some good ideas:
https://code.google.com/p/zaproxy/wiki/ApiPython

Message has been deleted

liuxi...@gmail.com

unread,
Jun 1, 2015, 3:56:09 AM6/1/15
to zaproxy...@googlegroups.com
thanks for  your reply,i used this method as "http://stackoverflow.com/questions/27596775/zap-authentication-using-api-calls" ,but i donot think it helps,because the spider not fetch the url (no links after authention fetched by the spider).
please help me see the logs,i want to know where is the problem.
the logs:
2015-06-01 15:15:58,276 DEBUG SessionManagementAPI - handleApiAction setSessionManagementMethod {"methodConfigParams":"","apikey":"","contextId":"1","methodName":"cookieBasedSessionManagement"}
2015-06-01 15:15:58,277 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,298 DEBUG AuthenticationAPI - handleApiAction setAuthenticationMethod {"authMethodConfigParams":"loginUrl=http%3A%2F%2F10.1.5.30%2Fphpbb%2Fucp.php%3Fmode%3Dlogin&loginRequestData=username%3D%7B%25username%25%7D%26password%3D%7B%25password%25%7D","apikey":"","contextId":"1","authMethodName":"formBasedAuthentication"}
2015-06-01 15:15:58,305 DEBUG SiteMap - findChild Sites / http://10.1.5.30
2015-06-01 15:15:58,306 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,309 DEBUG AuthenticationAPI - handleApiAction setLoggedInIndicator {"loggedInIndicatorRegex":"mode=logout","apikey":"","contextId":"1"}
2015-06-01 15:15:58,310 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,313 DEBUG AuthenticationAPI - handleApiAction setLoggedOutIndicator {"apikey":"","contextId":"1","loggedOutIndicatorRegex":"mode=login"}
2015-06-01 15:15:58,313 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,317 DEBUG ReauthAPI - handleApiAction setLoginUrl {"url":"http://10.1.5.30/phpbb/ucp.php?mode=login","contextId":"1","postData":"username=admin&password=admin"}
2015-06-01 15:15:58,317 DEBUG SiteMap - findChild Sites / http://10.1.5.30
2015-06-01 15:15:58,318 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,321 DEBUG API - handleApiRequest http://zap/JSON/auth/action/setLoginIndicator/?indicator=logout&contextId=1
2015-06-01 15:15:58,321 DEBUG ReauthAPI - handleApiAction setLoginIndicator {"indicator":"logout","contextId":"1"}
2015-06-01 15:15:58,322 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,325 DEBUG API - handleApiRequest http://zap/JSON/auth/action/setLoggedOutIndicator/?indicator=login&contextId=1
2015-06-01 15:15:58,325 DEBUG ReauthAPI - handleApiAction setLoggedOutIndicator {"indicator":"login","contextId":"1"}
2015-06-01 15:15:58,325 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,328 DEBUG API - handleApiRequest http://zap/JSON/auth/action/login/?contextId=1
2015-06-01 15:15:58,328 DEBUG ReauthAPI - handleApiAction login {"contextId":"1"}
2015-06-01 15:15:58,339 DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2015-06-01 15:15:58,339 DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2015-06-01 15:15:58,340 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2015-06-01 15:15:58,341 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2015-06-01 15:15:58,341 DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2015-06-01 15:15:58,341 DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2015-06-01 15:15:58,341 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2015-06-01 15:15:58,341 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2015-06-01 15:15:58,341 DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = true
2015-06-01 15:15:58,341 DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = true
2015-06-01 15:15:58,342 DEBUG HttpSender - sendAndReceive POST http://10.1.5.30/phpbb/ucp.php?mode=login start
2015-06-01 15:15:58,380 DEBUG HttpSessionsSite - No session tokens for: 10.1.5.30:80
2015-06-01 15:15:58,380 DEBUG HttpSender - Sending message to: http://10.1.5.30/phpbb/ucp.php?mode=login
2015-06-01 15:15:58,394 DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.0
2015-06-01 15:15:58,402 DEBUG MultiThreadedHttpConnectionManager - HttpConnectionManager.getConnection:  config = HostConfiguration[host=http://10.1.5.30], timeout = 0
2015-06-01 15:15:58,403 DEBUG MultiThreadedHttpConnectionManager - Allocating new connection, hostConfig=HostConfiguration[host=http://10.1.5.30]
2015-06-01 15:15:58,407 DEBUG HttpConnection - Open connection to 10.1.5.30:80
2015-06-01 15:15:58,413 DEBUG HttpMethodBase - Adding Host request header
2015-06-01 15:15:58,426 DEBUG EntityEnclosingMethod - Request body sent
2015-06-01 15:15:58,497 DEBUG CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
2015-06-01 15:15:58,497 DEBUG HttpMethodBase - Cookie accepted: "$Version=0; phpbb3_j2uyv_u=1; $Path=/; $Domain=10.1.5.30"
2015-06-01 15:15:58,498 DEBUG CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
2015-06-01 15:15:58,498 DEBUG HttpMethodBase - Cookie accepted: "$Version=0; phpbb3_j2uyv_k=; $Path=/; $Domain=10.1.5.30"
2015-06-01 15:15:58,499 DEBUG CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
2015-06-01 15:15:58,499 DEBUG HttpMethodBase - Cookie accepted: "$Version=0; phpbb3_j2uyv_sid=88c17b8fa85a5b7fbe716403b221cbca; $Path=/; $Domain=10.1.5.30"
2015-06-01 15:15:58,502 WARN  HttpMethodBase - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
2015-06-01 15:15:58,502 DEBUG HttpMethodBase - Buffering response body
2015-06-01 15:15:58,502 DEBUG HttpMethodBase - Should close connection in response to directive: close
2015-06-01 15:15:58,502 DEBUG HttpConnection - Releasing connection back to connection manager.
2015-06-01 15:15:58,503 DEBUG MultiThreadedHttpConnectionManager - Freeing connection, hostConfig=HostConfiguration[host=http://10.1.5.30]
2015-06-01 15:15:58,503 DEBUG IdleConnectionHandler - Adding connection at: 1433142958503
2015-06-01 15:15:58,503 DEBUG MultiThreadedHttpConnectionManager - Notifying no-one, there are no waiting threads
2015-06-01 15:15:58,503 DEBUG HttpSender - SUCCESSFUL
2015-06-01 15:15:58,506 DEBUG HttpSender - sendAndReceive POST http://10.1.5.30/phpbb/ucp.php?mode=login took 164
2015-06-01 15:15:58,521 DEBUG HttpSessionsSite - No session tokens for: 10.1.5.30:80
2015-06-01 15:15:58,521 DEBUG ExtensionReauth - isLoggedIn http://10.1.5.30/phpbb/ucp.php?mode=login found auth pattern logout
2015-06-01 15:15:58,521 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,524 DEBUG API - handleApiRequest http://zap/JSON/auth/action/autoReauthOn/
2015-06-01 15:15:58,525 DEBUG ReauthAPI - handleApiAction autoReauthOn {}
2015-06-01 15:15:58,525 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,528 DEBUG API - handleApiRequest http://zap/JSON/users/action/newUser/?apikey=&contextId=1&name=user
2015-06-01 15:15:58,529 DEBUG UsersAPI - handleApiAction newUser {"apikey":"","contextId":"1","name":"user"}
2015-06-01 15:15:58,530 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,533 DEBUG UsersAPI - handleApiAction setAuthenticationCredentials {"apikey":"","contextId":"1","userId":"0","authCredentialsConfigParams":"username=admin&password=admin"}
2015-06-01 15:15:58,534 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,537 DEBUG UsersAPI - handleApiAction setUserEnabled {"enabled":"True","apikey":"","contextId":"1","userId":"0"}
2015-06-01 15:15:58,538 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,540 DEBUG API - handleApiRequest http://zap/JSON/forcedUser/action/setForcedUser/?apikey=&contextId=1&userId=0
2015-06-01 15:15:58,541 DEBUG AuthenticationAPI - handleApiAction setForcedUser {"apikey":"","contextId":"1","userId":"0"}
2015-06-01 15:15:58,545 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,549 DEBUG AuthenticationAPI - handleApiAction setForcedUserModeEnabled {"apikey":"","boolean":"True"}
2015-06-01 15:15:58,549 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,552 DEBUG API - handleApiRequest http://zap/JSON/spider/action/setOptionMaxDepth/?Integer=5&apikey=
2015-06-01 15:15:58,553 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,556 DEBUG API - handleApiRequest http://zap/JSON/spider/action/setOptionPostForm/?apikey=&Boolean=True
2015-06-01 15:15:58,557 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,560 DEBUG API - handleApiRequest http://zap/JSON/spider/action/setOptionProcessForm/?apikey=&Boolean=True
2015-06-01 15:15:58,561 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,564 DEBUG ContextAPI - handleApiAction includeInContext {"regex":"http://10.1.5.30/\\S*","apikey":"","contextName":"1"}
2015-06-01 15:15:58,617 DEBUG User - Encoded user: 0;1;true;dXNlcg==
;2;YWRtaW4=
~bmV0ZXll
~
2015-06-01 15:15:58,622 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,626 DEBUG ContextAPI - handleApiAction excludeFromContext {"regex":"http://10.1.5.30/phpbb/ucp.php?mode=logout\\S*","apikey":"","contextName":"1"}
2015-06-01 15:15:58,663 DEBUG User - Encoded user: 0;1;true;dXNlcg==
;2;YWRtaW4=
~bmV0ZXll
~
2015-06-01 15:15:58,668 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,671 DEBUG API - handleApiRequest http://zap/JSON/users/view/getUserById/?contextId=1&userId=0
2015-06-01 15:15:58,672 DEBUG UsersAPI - handleApiView getUserById {"contextId":"1","userId":"0"}
2015-06-01 15:15:58,675 DEBUG API - handleApiRequest returning: {"id":"0","enabled":"true","contextId":"1","name":"user","credentials":{"username":"admin","type":"UsernamePasswordAuthenticationCredentials","password":"admin"}}
2015-06-01 15:15:58,678 DEBUG API - handleApiRequest http://zap/JSON/users/view/usersList/?contextId=
2015-06-01 15:15:58,679 DEBUG UsersAPI - handleApiView usersList {"contextId":""}
2015-06-01 15:15:58,682 DEBUG API - handleApiRequest returning: {"usersList":[{"id":"0","enabled":"true","contextId":"1","name":"user","credentials":{"username":"admin","type":"UsernamePasswordAuthenticationCredentials","password":"admin"}}]}
2015-06-01 15:15:58,686 DEBUG SpiderAPI - Request for handleApiAction: scan (params: {"url":"http://10.1.5.30/phpbb/","apikey":""})
2015-06-01 15:15:58,686 DEBUG SpiderAPI - API Spider scanning url: http://10.1.5.30/phpbb/
2015-06-01 15:15:58,686 DEBUG SiteMap - findChild Sites / http://10.1.5.30
2015-06-01 15:15:58,686 DEBUG SiteMap - findChild Sites / http://10.1.5.30
2015-06-01 15:15:58,688 DEBUG SpiderThread - Initializing spider thread for site: API
2015-06-01 15:15:58,688 DEBUG API - handleApiRequest returning: {"Result":"OK"}
2015-06-01 15:15:58,688 INFO  SpiderThread - Starting spidering scan on API at Mon Jun 01 15:15:58 CST 2015
2015-06-01 15:15:58,689 INFO  SpiderThread - Using start URI: http://10.1.5.30/phpbb/
2015-06-01 15:15:58,690 INFO  Spider - Spider initializing...
2015-06-01 15:15:58,707 DEBUG Spider - New Exclude list: null
2015-06-01 15:15:58,707 INFO  Spider - Starting spider...
2015-06-01 15:15:58,725 DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2015-06-01 15:15:58,725 DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2015-06-01 15:15:58,725 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2015-06-01 15:15:58,725 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2015-06-01 15:15:58,725 DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2015-06-01 15:15:58,726 DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2015-06-01 15:15:58,726 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2015-06-01 15:15:58,726 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2015-06-01 15:15:58,726 DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = true
2015-06-01 15:15:58,726 DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = true
2015-06-01 15:15:58,726 DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2015-06-01 15:15:58,726 DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2015-06-01 15:15:58,726 INFO  Spider - Adding seed for spider: http://10.1.5.30/phpbb/
2015-06-01 15:15:58,728 DEBUG SpiderTask - New task submitted for uri: http://10.1.5.30/phpbb/
2015-06-01 15:15:58,733 DEBUG SpiderTask - Spider Task Started. Processing uri at depth 0 using already constructed message:  http://10.1.5.30/phpbb/
2015-06-01 15:15:58,735 DEBUG HttpSender - sendAndReceive GET http://10.1.5.30/phpbb/ start
2015-06-01 15:15:58,735 DEBUG HttpSessionsSite - No session tokens for: 10.1.5.30:80
2015-06-01 15:15:58,736 DEBUG ExtensionForcedUser - Modifying request message (http://10.1.5.30/phpbb/) to match user: User [id=0, name=user, contextId=1, enabled=true]
2015-06-01 15:15:58,736 INFO  User - Authenticating user: user
2015-06-01 15:15:58,738 DEBUG FormBasedAuthenticationMethodType - Authentication request header: 
Host: 10.1.5.30
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded


2015-06-01 15:15:58,738 DEBUG FormBasedAuthenticationMethodType - Authentication request body: 
username=admin&password=admin
2015-06-01 15:15:58,738 DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2015-06-01 15:15:58,738 DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2015-06-01 15:15:58,738 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = true
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = true
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2015-06-01 15:15:58,739 DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2015-06-01 15:15:58,740 DEBUG HttpSender - sendAndReceive POST http://10.1.5.30/phpbb/ucp.php?mode=login start
2015-06-01 15:15:58,740 DEBUG HttpSessionsSite - No session tokens for: 10.1.5.30:80
2015-06-01 15:15:58,740 DEBUG HttpSender - Sending message to: http://10.1.5.30/phpbb/ucp.php?mode=login
2015-06-01 15:15:58,740 DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.0
2015-06-01 15:15:58,740 DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = compatibility
2015-06-01 15:15:58,741 DEBUG MultiThreadedHttpConnectionManager - HttpConnectionManager.getConnection:  config = HostConfiguration[host=http://10.1.5.30], timeout = 0
2015-06-01 15:15:58,741 DEBUG MultiThreadedHttpConnectionManager - Allocating new connection, hostConfig=HostConfiguration[host=http://10.1.5.30]
2015-06-01 15:15:58,741 DEBUG HttpConnection - Open connection to 10.1.5.30:80
2015-06-01 15:15:58,743 DEBUG HttpMethodBase - Adding Host request header
2015-06-01 15:15:58,744 DEBUG EntityEnclosingMethod - Request body sent
2015-06-01 15:15:58,809 DEBUG CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
2015-06-01 15:15:58,809 DEBUG HttpMethodBase - Cookie accepted: "phpbb3_j2uyv_u=1"
2015-06-01 15:15:58,811 DEBUG CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
2015-06-01 15:15:58,811 DEBUG HttpMethodBase - Cookie accepted: "phpbb3_j2uyv_k="
2015-06-01 15:15:58,812 DEBUG CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
2015-06-01 15:15:58,812 DEBUG HttpMethodBase - Cookie accepted: "phpbb3_j2uyv_sid=b4d482722bc80ded6c080fedccfb4f06"
2015-06-01 15:15:58,812 DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2015-06-01 15:15:58,813 WARN  HttpMethodBase - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
2015-06-01 15:15:58,813 DEBUG HttpMethodBase - Buffering response body
2015-06-01 15:15:58,813 DEBUG HttpMethodBase - Should close connection in response to directive: close
2015-06-01 15:15:58,813 DEBUG HttpConnection - Releasing connection back to connection manager.
2015-06-01 15:15:58,814 DEBUG MultiThreadedHttpConnectionManager - Freeing connection, hostConfig=HostConfiguration[host=http://10.1.5.30]
2015-06-01 15:15:58,814 DEBUG IdleConnectionHandler - Adding connection at: 1433142958814
2015-06-01 15:15:58,814 DEBUG MultiThreadedHttpConnectionManager - Notifying no-one, there are no waiting threads
2015-06-01 15:15:58,814 DEBUG HttpSender - SUCCESSFUL
2015-06-01 15:15:58,814 DEBUG HttpSender - sendAndReceive POST http://10.1.5.30/phpbb/ucp.php?mode=login took 74
2015-06-01 15:15:58,816 DEBUG HttpSessionsSite - No session tokens for: 10.1.5.30:80
2015-06-01 15:15:58,821 DEBUG HttpSender - Sending message to: http://10.1.5.30/phpbb/
2015-06-01 15:15:58,822 DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.0
2015-06-01 15:15:58,822 DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.1
2015-06-01 15:15:58,822 DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = compatibility
2015-06-01 15:15:58,823 DEBUG MultiThreadedHttpConnectionManager - HttpConnectionManager.getConnection:  config = HostConfiguration[host=http://10.1.5.30], timeout = 0
2015-06-01 15:15:58,823 DEBUG MultiThreadedHttpConnectionManager - Allocating new connection, hostConfig=HostConfiguration[host=http://10.1.5.30]
2015-06-01 15:15:58,823 DEBUG HttpConnection - Open connection to 10.1.5.30:80
2015-06-01 15:15:58,824 DEBUG HttpMethodBase - Adding Host request header
2015-06-01 15:15:58,865 DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2015-06-01 15:15:58,866 DEBUG HttpMethodBase - Buffering response body
2015-06-01 15:15:58,867 DEBUG HttpMethodBase - Should close connection in response to directive: close
2015-06-01 15:15:58,867 DEBUG HttpConnection - Releasing connection back to connection manager.
2015-06-01 15:15:58,867 DEBUG MultiThreadedHttpConnectionManager - Freeing connection, hostConfig=HostConfiguration[host=http://10.1.5.30]
2015-06-01 15:15:58,867 DEBUG IdleConnectionHandler - Adding connection at: 1433142958867
2015-06-01 15:15:58,867 DEBUG MultiThreadedHttpConnectionManager - Notifying no-one, there are no waiting threads
2015-06-01 15:15:58,868 DEBUG HttpSender - First try to send authenticated message failed for http://10.1.5.30/phpbb/. Authenticating and trying again...

the last logs is saying authentication failed.


在 2015年5月14日星期四 UTC+8下午8:18:34,kingthorin+owaspzap写道:
Reply all
Reply to author
Forward
0 new messages