|
| LinkScan for Windows -- Common Tasks |
| Help Reference HowTo Card |
See: LinkScan Startup Guide for Windows Systems
See: Upgrading Existing Windows Installations
Either:
Use Control Panel, Add/Remove Programs or:
Delete the LinkScan installation folder and everything within it.
If you receive an Invalid/Corrupt/Expired License Key Error, please mail the exact error message to [email protected].
From the main LinkScan Window, select a Project and click Plan. Then select the Scope Tab. See Scope.
See: File System Scanning
See: Import Scanning.
Many websites include some form of access control or user authentication features. In general, these arrangements use one of two mechanisms defined by the HTTP protocols. Both are supported by LinkScan. They are:
In the case of HTTP Authentication, when a user attempts to access a protected area, their browser will present a challenge in the form of a pop-up dialog box that requires a username and password to be entered. In the case of cookie-based arrangements, the user is normally required to login by filling out an HTML form and submitting it.
When scanning sites that require HTTP Authentication, you must configure LinkScan accordingly. From the main LinkScan Window, select a Project and press Plan. Enter your authentication credentials via the Auth Tab:
Host: The name of the host to which the credentials apply. Enter, for example, www.example.com.
Realm: HTTP Authentication allows webmasters to configure different authentication rules for different sub-sets of the site, formally known as Realms. You may specify the name of the Realm to configure Realm-specific credentials. However, in most cases, you may leave the Realm blank and LinkScan will use the supplied username/password for any and all Realms on that host.
Username: Enter the username.
Password: Enter the password.
HTTP access to some sites is controlled via authentication schemes requiring Cookies.
LinkScan will automatically accept and return all valid cookies received during the course of a scan. However, to gain access to the site, you may need to configure LinkScan to ensure that the appropriate cookies are set. This may be achieved by one of two techniques:
In both cases, adding (login) links or adding cookies to the Project Plan, you may configure these manually, and/or use values captured using the LinkScan Recorder.
Authenticating Manually via Links
LinkScan may be configured to submit a form using either the GET or POST methods. Pages that require the GET method are specified with a normal URL and query string. Pages that require the POST method are specified in a similar manner except that the query character (?) is replaced with a double-query (??). For example:
login.jsp??Name=Malcolm%20Hoar&Password=secret
Simply enter the link into the Login URL field on the Login Tab of the Project Planning property sheet.
Authenticating Manually via Cookies
The Login Tab of the Project Planning property sheet also allows you to specify Cookies that should be pre-loaded into the LinkScan cookiejar at the commencement of a scan.
Simply enter the name of the host to which the cookies should be sent, together with the cookie-name and cookie-value.
The host is the name of the server to be tested. For security reasons and in compliance with the applicable standards, LinkScan will only send the cookie when the specified host-name exactly matches the hostname portion of the requested URL. In this context, host names and their corresponding IP addresses are considered to be different (consistent with all major browsers). The cookie names and values must be reverse engineered from your server code or "discovered" via your browser by enabling the "Prompt before accepting cookies" or examination of stored cookies on disk.
You may wildcard the host name parameter as follows:
.example.com
In this case, any cookies will be sent to any/all hosts within the example.com domain.
Authenticating with Recorded Links
Use the LinkScan Recorder to capture the link(s) and then Save the recording with your Project, selecting the Project Login with Sequence option. The Recorded Links will be saved to a file (login.txt) and, by default, LinkScan will replay the sequence at the commencement of the scan to authenticate with the server.
Authenticating with Recorded Cookies
Use the LinkScan Recorder to capture the cookie(s) and then Save the recording with your Project, selecting the Project Login with Cookies option. The Recorded Cookies will be saved to a file (cookie.txt) and, by default, LinkScan will preload its cookiejar with those values at the commencement of a scan.
Important Note: In all cases, there is a significant risk that, as soon as LinkScan successfully authenticates with your server, it will see a Logout button. LinkScan will, of course, attempt to test the button and in doing so its status as an authenticated user will be destroyed.
Hence, if your site is equipped with a Logout button or function, we must tell LinkScan to avoid activating it. On the Login Tab of the Project Planning property sheet we may specify a pattern that will match any links that are likely to activate a Logout sequence. The exact pattern will depend upon your specific server but the Suggest button will automatically enter a broad pattern that will be sufficient in many if not most cases:
(?i).*(login|logoff|logout)
See: Scheduling LinkScan
LinkScan was designed from the outset to be a highly open system. Hence it is a straightforward matter to export portions of the LinkScan database into other database management systems for further analysis.
For many users, the simplest method of achieving this is via LinkScan Excel. Once a table of data has been imported into a LinkScan Excel spreadsheet, the data can easily be pushed into another relational database management system (RDBMS) such as Microsoft Access, Microsoft SQL Server or Oracle.
Others may wish to access the LinkScan database structures directly via their own program code. It is a relatively simple programming task to extract the required data using most programming languages including Perl, C, C++, Java or Visual Basic. Those users will wish to study a brief description of the LinkScan File Formats. Note that small changes in the file formats may arise if and when you install new versions of LinkScan. Such changes are generally minor and infrequent.
LinkScan for Windows -- Common Tasks
LinkScan Version 12.4
© Copyright 1997-2013
Electronic Software Publishing Corporation (Elsop)
LinkScan™ and Elsop™ are Trademarks of Electronic Software Publishing Corporation
| Help Reference HowTo Card |