Deploying AcuSensor for ASP .NET

🔍 AcuSensor Network PreRequisites

AcuSensor makes use of the AcuSensor Bridge. Read more information here.

Deploying AcuSensor for ASP .NET websites

First, you need to download the AcuSensor agent for your Target.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to an ASP.NET (including .NET core) web application.

  • Install Prerequisites on the server hosting the website (The AcuSensor Injector.exe application requires Microsoft .NET Framework 3.5 or higher)
  • Copy the AcuSensor installation file dotnet-acusensor.zip to the server hosting the .NET website
  • Extract the dotnet-acusensor.zip file, navigate to the .NET Framework subfolder, and launch the Injector.exe file

  • On start-up, the Injector will retrieve a list of .NET applications installed on your server. Select which applications you would like to enhance with the AcuSensor Technology and click Install Sensor to install the AcuSensor Technology sensor in the selected .NET applications.

  • Once the sensor has been installed, close the confirmation window and also the AcuSensor manager.

Disabling and Removing AcuSensor for ASP .NET websites

To remove and disable the sensor from your website:

  • Launch Injector.exe


  • Select the website where the AcuSensor agent is deployed and click Remove Sensor to remove the AcuSensor agent from the site
  • Close the Injector.exe application

Deploying and Removing AcuSensor using the command line

After copying and extracting the dotnet-acusensor.zip file to the server hosting the .NET website, you can deploy and remove the AcuSensor agent to your web application, and also list available web applications, as follows:

C:\Users\Administrator\Desktop\dotnet-acusensor>injector -m inject -t http://localhost:86/yaf_forums

Target Found. Injecting sensor to: http://localhost:86/yaf_forums

C:\Users\Administrator\Desktop\dotnet-acusensor>injector -m uninject -t http://localhost:86/yaf_forums

Target Found. Uninjecting sensor from: http://localhost:86/yaf_forums

C:\Users\Administrator\Desktop\dotnet-acusensor>injector -m list

http://localhost:86/

http://localhost:86/yaf_forums

http://localhost:86/kartris

http://localhost:86/bugnet

C:\Users\Administrator\Desktop\dotnet-acusensor>

  • The -m switch can be:
  • inject - to inject the AcuSensor agent into a web application
  • uninject - to remove the AcuSensor agent from a web application
  • list - to list the web application on the web server
  • The -t switch should specify the URL for which you wish to inject or remove the AcuSensor agent

Note: If the web application is at the root of a URL path, you MUST include a forward slash at the end of the URL (in this example, http://localhost:86/); if the web application is in a subfolder, you MUST NOT include a forward slash at the end of the URL (in this example, http://localhost:86/yaf_forums)

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor agent files are uninstalled and removed from the web application if they are no longer in use.

Deploying .NET Acusensor manually

🔍 AcuSensor Network PreRequisites

AcuSensor makes use of the AcuSensor Bridge. Read more information here.

First, you need to download the AcuSensor agent for your Target.

Now, extract the downloaded ZIP file in any directory. For this illustration, we use the following folder: C:\ProgramData\Acunetix\Acusensor

How to deploy .NET AcuSensor manually
  1. Open a powershell or CMD with administrator privileges.
  2. Navigate to the .NET Framework folder.
  3. Run the following command: run the command ‘Injector.exe -m extract’

  1. Copy the newly created DLLs and settings.ini to the target application’s bin folder as the following way:

  1. Open settings.ini and edit the entry ‘log.path’ to reflect ‘log.path=C:\inetpub\temp\IIS Temporary Compressed Files\logs’
  2. To install the IIS HTTP Module, add the following to the web application’s web.config:

<configuration>

  <system.webServer>

    <modules>

      <add name="InvictiSensorModule" type="SensorModule.RequestsHandlerModule, SensorModule, version=5.0.0.0, culture=neutral, publicKeyToken=068f0ac6f5c4405b" />

    </modules>

  </system.webServer>

</configuration>

  1. To load the SensorProfiler.dll .NET profiler, you need to add the following environment variables; do this by changing the IIS application-host config file: “%windir%\System32\inetsrv\config\applicationHost.config

COR_PROFILER={F23266E3-B53E-44EB-862C-D7DDB4C620D0}

COR_ENABLE_PROFILING=1

COR_PROFILER_PATH=<SensorRoot>/SensorProfiler.dll

SENSOR_SETTINGS_PATH=<SensorRoot>/settings.ini

  1. Restart the test application in IIS. (You might need to restart W3SVC service for the changes to take effect.)
  2. Running a scan on this target will now display ‘AcuSensor used for this scan’ in the scan’s Activity page.

The AcuSensor should generate logs inside the directory you entered in the settings.ini in the 5th step as said before. Should there be any issues, please forward these logs to Acunetix Support.

 

« Back to the Acunetix Support Page