Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to pass user credentials through Wapiti Web Application Vulnerability Scanner

I would like to test our web application with the Wapiti scanner. In my scenario, I am assuming the attacker would be an authenticated user. How do I configure Wapiti to use a specific username and password on our login form so I can test the pages behind it?

Note: this is not http or domain based authentication.

like image 408
gidmanma Avatar asked Apr 07 '11 16:04

gidmanma


1 Answers

You need to use wapiti-getcookie first to collect the cookies associated with logging in. These typically get collected to a file, which can then be passed on subsequent runs to wapiti.

The following is verbatim from the Wapiti example on the site.

Example

First, I use wapiti-getcookie to login in the restricted area and get the cookie in cookies.json:

$ python bin/wapiti-getcookie /tmp/cookies.json http://127.0.0.1/vuln/login.php
<Cookie PHPSESSID=OLPNLIEBPEFELBIFGMKJEKOD for 127.0.0.1/>
Please enter values for the following form: 
url = http://127.0.0.1/vuln/login.php
username (default) : admin
password (letmein) : secret
<Cookie PHPSESSID=OLPNLIEBPEFELBIFGMKJEKOD for 127.0.0.1/>

It can also be done with wapiti-cookie this way:

$ python bin/wapiti-cookie /tmp/cookies.json \
       http://127.0.0.1/vuln/login.php username=admin password=secret

Then, I scan the vulnerable website using the cookie and excluding the logout script:

$ wapiti http://127.0.0.1/vuln/ -c cookies.json -x http://127.0.0.1/vuln/logout.php

References

Wapiti Example

like image 160
slm Avatar answered Sep 25 '22 15:09

slm