Im trying to do a internal scan on a Corporate Web Application using WAS but Im unable to get authentication to work.
The application is based on Web Services.
First I tried to do a Selenium script, but Selenium doesnt save the login parameters.
The main page is something like this:
The page is developed on Flash, cant see the source code so with Burp I saw that the app do the following:
1. Call to a config file located on
If I put the WAS Scan (discover/vulnerability) since the root (http://webapp.com), with a custom authentication fields the result is that the authentication was not used.
If I put the WAS Scan (diuscover/vulnerability) since the ".asmx", only do a scan for that URL.
The body of WebApp application is over another path. I can do a selenium script navigating on the operational layer but without authentication.
Please yout help with this.