Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
kathyT19 Regular Contributor.
Regular Contributor.
798 views

Webinspect: open a browser with different credentials

Hello. I am trying to scan a site that doesn't allow elevated accounts when browsing their sites. Is there a way that WI can open a browser that is not using the admin account? For example, if I "run as" IE as a regular user I can get to the site just fine. If I use IE under my admin acccount, the site will not allow me to get to it. Is there a way to "run as" in Webinspect.

0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: Webinspect: open a browser with different credentials

WebInspect uses its own internal browser to make the HTTP Requests, so it will not operate your browser directly, except in the case of using the Manual Step-Mode scan type found under the Basic Scan wizard.  The WebInspect application will operate on the local machine as the current Windows user, which must be a local Administrator, but I have not seen that as an issue before regarding the browser.

When you configure the authentication to be used by WebInspect during the scan, we prefer that you use a normal user account rather than an administrator, merely for the effects that may have on the target web application.  For more details on that, please see the WebInspect Help Guide (F1) > Getting Started > "Preparing Your System for Audit".

 

Besides that...

* There is a way to run a Privilege Escalation scan in WebInspect, utilizing two user accounts of differing permission levels, or one account and "No Account".

* There is a way to run a single scan faster using multiple User accounts, provided all of those account have the Same User Access levels, not differing ones.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
kathyT19 Regular Contributor.
Regular Contributor.

Re: Webinspect: open a browser with different credentials

Thank you for the response. When running the guided scan, it allows me to pick my regular user certificate since we use PKI, but somehow it is still using http requests as the local admin. I am currently trying to see if they give me access to the application with my local admin account but regular user access to the application.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.