Feature #76: Transaction system (to allow logins before scanning) - ThreatFactor NSIA - LukeMurphey.net

Feature #76

Transaction system (to allow logins before scanning)

Added by Luke Murphey about 14 years ago. Updated over 13 years ago.

Status:

New

Priority:

High

Assignee:

Category:

Scan Engine

Target version:

1.1

Start date:

Due date:

% Done:

Description

Implement a transaction system that allows steps to be defined before a rule is evaluated. This would allow a script to "login" before checking the data.

History

#1 Updated by Luke Murphey about 14 years ago

Priority changed from Normal to High

#2 Updated by Luke Murphey about 14 years ago

May want to use JavaScript to scrap the login out of a page. See the following for example:

#3 Updated by Luke Murphey about 14 years ago

The system needs to account for XSRF protection but loading the page and integrating extra fields into the field list. This will load XSRF key fields.

#4 Updated by Luke Murphey over 13 years ago

Category set to Scan Engine

#5 Updated by Luke Murphey over 13 years ago

Start date deleted (~~04/09/2010~~)

#6 Updated by Luke Murphey over 13 years ago

Subject changed from Transaction system to Transaction system (to allow logins before scanning)

Such a system needs to:

Account for XSRF prevention technologies
Capture the session ID (either in a cookie or a URL)
Provide HTTP credentials if necessary
Allow all fields (login, password, etc.) necessary to be specified
Logout of the session following the scan
Indicate that the session could not be created (log if authentication failed)

#7 Updated by Luke Murphey over 13 years ago

Target version set to 1.1

Also available in: Atom PDF

Project

General

Profile

ThreatFactor NSIA

Issues

Custom queries