On 16/03/15 04:08, Manokaran K wrote: > They work good for the application with no login or with HTTP > >authentication. > >But, our web applications have custom login form.
You shouldn’t have problems with either webscarab or w3af, both of these AFAIK support you executing logins over http. webscarab or any http proxy will grab the relevant information for you - you can then manipulate those values in order to pen test your application. http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/ The proprietary tools make this step a bit more point and click, but essentially do the same thing. HTH Vik -- Founder - Hamara Linux www.hamaralinux.org www.twitter.com/hamaralinux _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines