Loading ...
Sorry, an error occurred while loading the content.

Re: [xenu-usergroup] Suggestions for using with htaccess

Expand Messages
  • Tilman Hausherr
    Other things to try: - set cookies (don t do it if hits can delete something) - try with a computer that has XP - if you can, set up test login for me that
    Message 1 of 10 , Mar 31, 2011
    • 0 Attachment
      Other things to try:
      - set cookies (don't do it if hits can delete something)
      - try with a computer that has XP
      - if you can, set up test login for me that can't do much and doesn't
      give away any trade secrets, but would show the behaviour even with
      threads set to 1
      - and of course what I already said "look into the protocols" - try with
      "fiddler". As far as I remember, .htaccess doesn't encrypt.
      Maybe the cause is that MSIE sees all the authentication requests as a
      different one?

      Tilman

      On Thu, 31 Mar 2011 17:53:10 -0600, Craig Talbert wrote:

      >FYI, if anyone is holding their breath, I'm having the same problem on
      >Windows 7 that I did non Vista.
      >
      >I also tried this: http://support.microsoft.com/kb/820780 but didn't have
      >any success. :(
      >
      >- Craig
      >
      > Mon, May 18, 2009 at 1:16 PM, Tilman Hausherr <tilman@...> wrote:
      >
      >>
      >>
      >> I don't know. The dialogbox from IE has a checkbox to "remember" the
      >> password (you mention it). Maybe you're running some weird personal
      >> firewall? They often suck. Look into the protocols, maybe you'll find
      >> something...
      >>
      >> Tilman
      >>
      >>
      >> On Mon, 18 May 2009 13:07:01 -0600, Craig Talbert wrote:
      >>
      >> >So, does anyone have an idea of how to fix this? I had to enter a
      >> >password in the authentication box several hundred times today to get
      >> >the report to generate.
      >> >
      >> >- Craig
      >> >
      >> >On Fri, Apr 17, 2009 at 4:02 PM, Craig Talbert <craig.talbert@...>
      >> wrote:
      >> >> Hey Xenu Users,
      >> >>
      >> >> So, I'm trying this again. My idea this time was to set the number of
      >> >> threads to 1, so I could check the page that was pending.
      >> >>
      >> >> What I'm finding is this - there is a root directory that most people
      >> >> access our page with. For EVERY FILE it that directory or in the
      >> >> subdirectories I'm being prompted for the same username and password.
      >> >> Selecting "Remember my password" doesn't make a difference. This
      >> >> doesn't happen when I normally navigate this website (I'm just
      >> >> prompted once, and it works).
      >> >>
      >> >> It seems like there's got to be a Xenu setting or an IE setting to
      >> >> have it attempt to use the same username/password for all files and
      >> >> subdirectories of a root directory.
      >> >>
      >> >> - Craig
      >> >>
      >> >> On Wed, Dec 3, 2008 at 11:16 AM, Tilman Hausherr <tilman@...>
      >> wrote:
      >> >>> There's nothing I can do with Xenu, because the dialogbox is popped
      >> open
      >> >>> by a MSIE component that Xenu uses. Xenu itself does not even "know"
      >> the
      >> >>> passwords, because this is all encapsulated in MSIE.
      >> >>>
      >> >>> What you could try is to access the protected URLs with MSIE, and check
      >> >>> "remember for next time" (don't know the exact language), and then run
      >> >>> Xenu.
      >> >>>
      >> >>> Tilman
      >> >>>
      >> >>> On Wed, 3 Dec 2008 00:38:11 -0700, Craig Talbert wrote:
      >> >>>
      >> >>>>I probably should have said: I don't have write access to all of these
      >> >>>>sites, although I need to audit them anyway.
      >> >>>>
      >> >>>>- Craig
      >> >>>>
      >> >>>>On Wed, Dec 3, 2008 at 12:31 AM, Tilman Hausherr <tilman@...>
      >> wrote:
      >> >>>>> You'd need to set AuthName in the .htaccess file.
      >> >>>>>
      >> >>>>> Tilman
      >> >>>>>
      >> >>>>> On Tue, 2 Dec 2008 23:41:13 -0700, Craig Talbert wrote:
      >> >>>>>
      >> >>>>>>Hello,
      >> >>>>>>
      >> >>>>>>I've been using xenu to scan a large website that forks in to several
      >> >>>>>>pages (that I'd also like to scan) protected with htaccess.
      >> >>>>>>
      >> >>>>>>The problem is that it's difficult for me to tell which page it's
      >> >>>>>>hitting, and consequently what password to enter. Is there anyway to
      >> >>>>>>get it to display the URL of the page along with the htaccess
      >> >>>>>>authentication window?
    Your message has been successfully submitted and would be delivered to recipients shortly.