On 16/03/15 15:01, Vikas Tara wrote:
On 16/03/15 04:08, Manokaran K wrote:Although this looks interesting and suggested it can perform dynamic scans
They work good for the application with no login or with HTTPYou shouldn?t have problems with either webscarab or w3af, both of these
authentication.
But, our web applications have custom login form.
AFAIK support
you executing logins over http.
webscarab or any http proxy will grab the relevant information for you -
you can then manipulate those values in order
to pen test your application.
http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/
The proprietary tools make this step a bit more point and click, but
essentially do the same thing.