Geek Answers Handbook

How to transfer user credentials through Wapiti Web Application Vulnerability Scanner

I would like to test our web application using a Wapiti scanner. In my scenario, I assume that the attacker will be an authenticated user. How do I configure Wapiti to use a specific username and password in our login form so that I can check the pages behind it?

Note. This is not http and domain based authentication.

+5
source share
2 answers

First you need to use wapiti-getcookieto collect cookies related to login. They are usually collected in a file, which can then be transferred on subsequent runs to wapiti.

Below is an example from the Wapiti example on the site.

Example

Firstly, I use wapiti-getcookieto enter a restricted area and receive a cookie in cookies.json:

$ python bin/wapiti-getcookie /tmp/cookies.json http://127.0.0.1/vuln/login.php
<Cookie PHPSESSID=OLPNLIEBPEFELBIFGMKJEKOD for 127.0.0.1/>
Please enter values for the following form: 
url = http://127.0.0.1/vuln/login.php
username (default) : admin
password (letmein) : secret
<Cookie PHPSESSID=OLPNLIEBPEFELBIFGMKJEKOD for 127.0.0.1/>

This can also be done using the wapiti cookie as follows:

$ python bin/wapiti-cookie /tmp/cookies.json \
       http://127.0.0.1/vuln/login.php username=admin password=secret

Then I browse the vulnerable site using a cookie and excluding the logout script:

$ wapiti http://127.0.0.1/vuln/ -c cookies.json -x http://127.0.0.1/vuln/logout.php

References

Wapiti example

+3
source

You can use cookie.py or getcookie.py script from Wapiti to authenticate and save cookies.

If you are running Ubuntu, check out /usr/share/wapitithese files.

cookie, Wapiti -c /path/to/cookie

0

More articles:


All Articles