N-Stalker Support Articles
How to start the Web Proxy to intercept HTTP Cookies
In this article, you will get an overview on how to start the Web Proxy to intercept HTTP Cookies. For more details, see N-Stalker User's Guide under "N-Stalker Web Proxy" section.
1. Open the N-Stalker Security Scanner 2009.
2) Click on "Web Proxy" button under "Miscellaneous Tools".
3) Click on "Start Proxy" button.
Tip: You can modify IP address (as long as you have that IP bound to your network interface - by default it works on localhost and port 8080) and TCP Port that proxy will be in listening. "Threads" option is the number of simultaneous connections allowed to the Web Proxy.
Important Note: If you are required to use a web proxy to access applications, you must configure it in "Global Options"
4) Once enabled, click on "Start Browser" to automatically configure and start your browser.
Tip: If your browser does not support automatic configuration, you should manually enter chosen IP address and port within browser's proxy connection settings.
5) If everything is working properly, you should see URLs in the website tree (left side tree) and a transaction log (right side panel)
6) You must necessarily have events created. If you don't, see "Creating an Interception Events". Click on "Intercept Off" button, located in the top area of N-Stalker Web Proxy.
7) A context menu will pop up. You must click on the appropriate action according to the description below:
Choose the "Intercept HTTP Cookies only". Once an event is found, N-Stalker Web Proxy will search for HTTP cookies available in the communication. If found, they will be displayed to user. This is useful if you want to retrieve a valid session token to be used within a scanning session.
8) After you finish the interception, start a new scan using the HTTP cookies.
9) Click on "New Scan" button on the upside bar.
10) Enter the Web Application URL and choose one scan policy and click on "Next" button.
11) Then click on the "Scan Settings" button.
9) On the "Scanner Engine" section, click on "Header & Cookies" section.
10) Now, add a new custom cookie on "Plus/Minus" button. Copy and paste the Cookie Name and Cookie Value returned on HTTP Cookies interception in order to use it to a default communication into your scanning tests.
11) After included the custom cookies, click on the "Back" button.
12) If you want to optimize your scan click on "Optimize" button or click on "Next" button to start scan tests.
13) Now, it's possible to check in the "Review Summary" all the scan settings configured and click on "Start Session" button to perform scan tests.