Need advice about hooking into web form authentication


New member
Lo there.

I've written a (very basic) web security test tool. It takes a list of urls and then it tests the pagesl for XSS holes. However I can't think how I can allow for web form authentication. I.e. test pages that require you to authenticate to reach, like your email list in hotmail, or your user cp in rage.

I know it can be done, I think from creating an active session in the site in question and then having the app pick up on the cookie somehow but it doesn't seem to be doing it by default.

Any ideas?