Does webinject work with ASP.NET Forms Authentication. Upon posting to the login page I do not receive a redirect. Does webinject v1.41 handle the .ASPXAUTH cookie?
I do receive and follow the original redirect in the forms authentication flow but upon posting the credentials I simply receive 200 and the login page, not a redirect.
Forms Authentication flow can be found in figure 1 of this reference:
https://msdn.microsoft.com/en-us/library/ff647070.aspx
Thanks, Dave
ASPXAUTH Authentication
Re: ASPXAUTH Authentication
Based on their documentation, I would imagine it's possible - this question may be better asked to them though. This part of the documentation refers to it - http://www.webinject.org/manual.html#sessstate
Code: Select all
Does WebInject support HTTP Authentication?
Yes. HTTP Basic Authentication is supported.
Can WebInject handle Cookies for state management between requests?
Yes. WebInject automatically handles HTTP Cookies for you. When a "Set-Cookie" is sent back in the HTTP header from the web server, the Cookie is stored and sent back with subsequent requests to the domain it was set from.
Can WebInject handle embedded Session ID's, .NET ViewStates, and other dynamic URL rewriting?
Yes. Cookieless session handling and state management is possible by parsing data from an HTTP response and storing it to be resent in subsequent requests. See the Manual section on "Session Handling and State Management" for information.
Former Nagios Employee
Re: ASPXAUTH Authentication
Thank you for your reply. I am aware of the information from the webinject manual you pointed out. Is there an example you can point be to for a testcase file that works with ASP.NET Forms Authentication?
Re: ASPXAUTH Authentication
This is a question that would be better asked of someone who actively maintains WebInject, as it is not our software. The plugin that is most often used with WebInject is basically just a wrapper around the core engine.
Unfortunately, the forums for WebInject look like they have not been in use for some time: https://groups.google.com/forum/#!forum/webinject
There is some information about the development on the webpage: http://www.webinject.org/dev.html
Unfortunately, the forums for WebInject look like they have not been in use for some time: https://groups.google.com/forum/#!forum/webinject
There is some information about the development on the webpage: http://www.webinject.org/dev.html
Former Nagios employee