3. Using the Vega Proxy Scanner
The Vega Proxy Scanner allows for Vega to perform scanning (active and passive) on targets observed during client-server interaction through the Vega proxy.
A user configures their browser (or any other HTTP client) to use the Vega proxy, adds the target host/paths to the scope, and then enables proxy scanning. Any page that is accessed by the client through the proxy that matches the scope will be actively scanned by Vega.
This is useful in the following cases: * Client-side active content that sends requests to targets the crawler would not see (Java, ActiveX, Flash, AJAX..) * Automated crawling is not possible or inappropriate, such as server sensitivity to load, specific paths within testing scope
Using the proxy scanner
1. Configure the HTTP client to use the Vega proxy
To use the proxy scanner, the first step is to configure the HTTP client to use the proxy.
2. Select modules to scan
The user can select modules to be run during proxy scanning by clicking the outlined icon. Note that changing this list will require stopping and restarting the proxy and disabling/re-enabling proxy scanning:
3. Add the proxy scanning target(s) to the scope
The user must then add the site or path to be scanned to the target scope. That can be done manually or in the web view, by right clicking on any path or host and using the tooltip menu option to add the selection to scope.
4. Start the proxy
Start the Vega proxy, if you have not already done so.
5. Enabling proxy scanning
The proxy scanner must then be toggled to the on state. This can be done by clicking the proxy scanner icon:
Any request made to a resource that matches the target scope will be actively scanned with the injection modules.
6. Reviewing alerts
The icon in the bottom left corner will blink to notify the user of an alert generated by a Vega module during proxy scanning. Clicking on the icon will open the proxy alerts fastview:
Continue to: Authenticated Scanning with Identities (pt. 4 of 4)
Have feedback on Vega? Our documentation? Please tell us.