Authenticated Scans #1203
Replies: 1 comment 1 reply
-
|
Interesting. I'd be curious to get @liquidsec's take on this, but I'm a bit skeptical. This seems like a huge amount of complexity to manage. The specification seems sensible, but I have a lot of questions about the code. You give it a username and password, but how does it know where the login page is? How does it know what a successful login looks like? How does it know what a valid session looks like, or when the session expires? Does it know how to get a refresh token? It's a nice idea but it seems like it would be a complete nightmare to maintain. |
Beta Was this translation helpful? Give feedback.
-
|
More info on this can be found here, maybe helpful: Burpsuite has also authenticated scan feature, not sure how much these are related: Also, I noticed an authenticated scan feature in a irrelated service, maybe helpful: |
Beta Was this translation helpful? Give feedback.
-
I'm not sure if BBOT currently supports this or not, that would be great if BBOT can login to the sites and get much info and links from logged in sections.
I noticed in Nuclei, they recently created "authenticated scans" feature as explained here:
https://docs.projectdiscovery.io/tools/nuclei/authenticated-scans
Beta Was this translation helpful? Give feedback.
All reactions