On 16/03/15 15:01, Vikas Tara wrote: > On 16/03/15 04:08, Manokaran K wrote: >> They work good for the application with no login or with HTTP >>> authentication. >>> But, our web applications have custom login form. > You shouldn’t have problems with either webscarab or w3af, both of these > AFAIK support > you executing logins over http. > > webscarab or any http proxy will grab the relevant information for you - > you can then manipulate those values in order > to pen test your application. > http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/ > > The proprietary tools make this step a bit more point and click, but > essentially do the same thing. > Although this looks interesting and suggested it can perform dynamic scans http://www.arachni-scanner.com/
-- Founder - Hamara Linux www.hamaralinux.org www.twitter.com/hamaralinux _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines