How can I troubleshoot AcuSensor Technology issues when scanning .NET applications?

When you inject a .NET application using the Acunetix .NET AcuSensor Injector, the output of the status window should look like the screen shot below.  In this example, 8 files were injected.  In some cases, not all the files/assemblies from the application can be injected.

 

There are several reasons why AcuSensor is not injected into files:

  • The file is already injected
  • The file is strong-named (Strong names provide a strong integrity check. .NET Framework checks that the contents of the assembly have not been changed after it was built.)
  • The file doesn’t contain any code which is of interest to AcuSensor.

Enabling logging

Logging must be enabled to troubleshoot situations where AcuSensor is not working.  To enable logging, open the Acunetix .NET AcuSensor Injector tool, and follow these steps:

  1. Select the application that was injected.
  2. Right click on the application directory and select ‘Open application directory’ as seen in the screenshot below.

  1. A Windows Explorer window showing the selected directory contents will be opened automatically.  Search for ‘Web.config’ file.
  2. Search for <system.diagnostics> section in the Web.config file. If it is present, it should be located inside the <configuration> section.  If it is not present, it must be added manually.
  3. Add the following lines of code in this section.

    <system.diagnostics>
    <trace autoflush=”true”>

    <listeners>
    <add name=”TestTracer” type=”System.Diagnostics.TextWriterTraceListener” initializeData=”AcuSensorLog.log” />
    </listeners>
    </trace>
    </system.diagnostics>

  4. If a <system.diagnostics>, <trace> and <listeners> sections already exist, only add the following line of code.  Otherwise, you need to add the whole <trace> section.<add name=”TestTracer” type=”System.Diagnostics.TextWriterTraceListener” initializeData=”AcuSensorLog.log” />

Checking AcuSensor Password

Start Acunetix WVS and scan again the web application with AcuSensor Technology enabled.  A log file ‘AcuSensorLog.log’ will be generated in the application directory.  If the file is not generated, double check the ‘Web.config’ configuration. Open the file ‘AcuSensorLog.log’ and search for the string ‘Invalid AcuSensor Password!’.  If the string is present in the log file, the password of the sensor and the one configured in the scanner do not match. On the target system, run again the Acunetix .NET AcuSensor Injector and un-inject all the files.  Follow the procedure on the Acunetix WVS user manual to reset the AcuSensor password and re-inject the files using the correct password.

Contacting Support

If the string ‘Invalid AcuSensor Password!’ is not found in the ‘AcuSensorLog.log’ file, AcuSensor password is correct and something else is not working.  Please send the log file to support@acunetix.com for further troubleshooting.

View all the Acunetix FAQs here.

Share this post

Leave a Reply

Your email address will not be published.


*