I would like to test our web application with the Wapiti scanner. In my scenario, I am assuming the attacker would be an authenticated user. How do I configure Wapiti to use a specific username and password on our login form so I can test the pages behind it?
Note: this is not http or domain based authentication.
You need to use wapiti-getcookie
first to collect the cookies associated with logging in. These typically get collected to a file, which can then be passed on subsequent runs to wapiti
.
The following is verbatim from the Wapiti example on the site.
First, I use wapiti-getcookie
to login in the restricted area and get the cookie in cookies.json
:
$ python bin/wapiti-getcookie /tmp/cookies.json http://127.0.0.1/vuln/login.php
<Cookie PHPSESSID=OLPNLIEBPEFELBIFGMKJEKOD for 127.0.0.1/>
Please enter values for the following form:
url = http://127.0.0.1/vuln/login.php
username (default) : admin
password (letmein) : secret
<Cookie PHPSESSID=OLPNLIEBPEFELBIFGMKJEKOD for 127.0.0.1/>
It can also be done with wapiti-cookie this way:
$ python bin/wapiti-cookie /tmp/cookies.json \
http://127.0.0.1/vuln/login.php username=admin password=secret
Then, I scan the vulnerable website using the cookie and excluding the logout script:
$ wapiti http://127.0.0.1/vuln/ -c cookies.json -x http://127.0.0.1/vuln/logout.php
Wapiti Example
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With