Webinspect: open a browser with different credentials
Hello. I am trying to scan a site that doesn't allow elevated accounts when browsing their sites. Is there a way that WI can open a browser that is not using the admin account? For example, if I "run as" IE as a regular user I can get to the site just fine. If I use IE under my admin acccount, the site will not allow me to get to it. Is there a way to "run as" in Webinspect.
Re: Webinspect: open a browser with different credentials
WebInspect uses its own internal browser to make the HTTP Requests, so it will not operate your browser directly, except in the case of using the Manual Step-Mode scan type found under the Basic Scan wizard. The WebInspect application will operate on the local machine as the current Windows user, which must be a local Administrator, but I have not seen that as an issue before regarding the browser.
When you configure the authentication to be used by WebInspect during the scan, we prefer that you use a normal user account rather than an administrator, merely for the effects that may have on the target web application. For more details on that, please see the WebInspect Help Guide (F1) > Getting Started > "Preparing Your System for Audit".
* There is a way to run a Privilege Escalation scan in WebInspect, utilizing two user accounts of differing permission levels, or one account and "No Account".
* There is a way to run a single scan faster using multiple User accounts, provided all of those account have the Same User Access levels, not differing ones.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify