Description:
The Privilege Escalation Runner automates the scanning with different login credentials, and then continues to perform the Privilege Escalation tests available in AppScan.
To use it, first record a login sequence with each user role. This can be done by following these steps:
- Open the Scan Configuration (Shortcut: F10)
- Make sure the Starting URL is configured
- Select the Login/Logout tab
- Select the 'Recorded Login' Radio Button
- Press the 'New' button, and record a login sequence
- Save the login sequence to a file using the 'Save As' button at the bottom
- Record additional login sequences by repeating steps 5-6
Once the login sequences are recorded, open the extension's main form from Tools->Extensions->'Privilege Escalation Runner'.
In the form, perform the following steps:
- Browse to a Scan configuration template to use when performing the scans (must include the starting URL).
- This can be done by configuring the current scan, and then choosing 'Save As Template' within the Scan Configuration Dialog.
- Browse to the primary recorded login file, marking a standard user (average permission level)
- Add any additional login sequences for logins with different permissions (e.g. admin, other users, etc.)
- Optionally change the max URLs per scan, scan files location, and results file
- Hit 'Run!'
The eXtension will proceed to run individual scans, once with no login and once with each login sequence, and save those scans into the configured folder. When all the scans have run, the scan with the primary login will be configured for Privilege Escalation testing with the other scans, and the test phase will be run with these tests only. Finally, the results will be saved to the results scan file.
Terms of Use | Download Extension | Download Source Code | Google Code Project
