TechQA.

Authenticated Web App Scanning in Nessus using HTTP login form and HTTP cookies import issues

301 views Asked by At

Context: Run Nessus web application scan using Authentication credentials HTTP login form (Login Form Authentication);

Official guide does not help me with figuring out how to determine the login parameters of a web page;

I have already attempted the using JSON key value pairs (for example, {"username": "%USER%","password": "%PASS%"}) and

also followed steps to resolve the issue, using information from below listed pages:

  1. Web Application Vulnerability Testing with Nessus presentation; page number: 96
  2. https://stackoverflow.com/a/50199945/10053482
  3. https://www.tenable.com/blog/scanning-web-applications-that-require-authentication
  4. https://community.tenable.com/s/article/How-to-Configure-Web-Application-Authentication-in-Tenable-io-WAS
  5. https://community.tenable.com/s/article/Credentialed-Web-App-Scanning-in-Nessus-6

But nothing helped for a web page which does not supports http URI query-string parameters based login.

Another issue that I am encountering is I am not able to debug why Authentication / Credential Info (Hosts) using HTTP cookies import (Cookie Authentication) is Failing

For this I tried changing the logs settings as listed below

log_details: yes
log_whole_attack: yes
backend_log_level: debug

But I dont see any useful information in logs to understand why the authenticated scan is failing with using Cookie Authentication

Kindly advice

security web-applications nessus application-security
Original Q&A
0

There are 0 answers

Related Questions in SECURITY

Related Questions in WEB-APPLICATIONS

Related Questions in NESSUS

Related Questions in APPLICATION-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions