- Install and open OWASP (you have to install java before OWASP)
- Click Manual Explore | Manual Explore
- Setup Protected Mode | Protected Mode
- Put URL to explore
- Select browser Chrome
- Click Launch Browser
Note: (if there are errors in launch browser then change config brower version in OWASP equal version your Chrom browser) - Input account and login
- Select screen need to run
- Let OWASP scan your app
- Right click domain run
- Click Include in Context
- Click on New Context
- Click link *
- Click OK
→ After include context - Click menu File > Session Properties
- Select Authentication
- Select [Form-based Authentication]
- Click Select
- Click domain
- Select「POST.login」
- Click button Select
→ will show data like below - Update: email={%username%}&password={%password%}
Username Parameter * is username và Password Parameter * is password - Click Users
- Click button Add
- Input account cần run
- Click Add
→ will show data like below - Click Forced User
- Select User created
- Click Ok
→ here use is disable - Click to Enable user
- Select Active Scan
- Select context
- Select user
Select Threshold of SQL Injection to default to scan
click Start Scan
- Start Scan
- Click Active Scan to see scan process
- Click Alert too see erros
Red: High
Dark yellow: Medium
Light yellow: Low
- Click on error to see
Note: you can off error you dont want
Click icon to off
No comments:
Post a Comment