Deploying the AcuSensor agent for .NET Core
AcuSensor enables you to carry out interactive security testing (IAST) in your web application in order to confirm more vulnerabilities and further minimize false positives.
For AcuSensor to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.
This topic explains how to download and copy the AcuSensor files to your hard disk and install the AcuSensor to your web application.
Downloading the AcuSensor agent
You can find the required instructions to download the AcuSensor agent in Deploying AcuSensor in Acunetix 360 On-Demand.
Information AcuSensor supports .NET Core 3.1 on Windows and Linux. We also tested this on Debian 10 and 11, Ubuntu 18.04, 20, 22, and CentOS Stream 9. Generally, this sensor should work on any distributions that .NET Core runtime supports. |
Preparing the .NET Core AcuSensor
- Create a folder to host the AcuSensor files. (For this example, we will assume the folder is C:\acusensor)
- Right-click on the downloaded AcuSensor ZIP file.
- Select Extract All…
- Choose a destination folder and select Extract.
- Navigate to the destination folder and enter the .NET Core subfolder.
- Select all the items inside the subfolder, right-click on them, and select Copy.
- Navigate to the C:\acusensor folder, right-click in the window, and select Paste.
Deploying into a Kestrel .NET Core website
- Navigate to your web application root folder.
- Create a new sitelauncher.bat file inside your web application root folder with the following contents:
SET DOTNET_STARTUP_HOOKS=C:/acusensor/SensorProfiler.Module/netcoreapp3.1/SensorProfiler.Module.dll axexample-dotnetcore.exe --urls http://0.0.0.0:80 |
The said content assumes that the executable file for your web application is axexample-dotnetcore.exe.
- From the command line, navigate to your web application root folder and launch your web application
Deploying into a Kestrel .NET Core website on Linux
- Navigate to your web application root folder.
- Create a new sitelauncher.sh file inside your web application root folder with the following contents:
#!/bin/bash export DOTNET_STARTUP_HOOKS="/acusensor/.NET Core/SensorProfiler.Module/netcoreapp3.1/SensorProfiler.Module.dll" export SENSOR_SETTINGS_PATH="/acusensor/.NET Core/settings.ini" dotnet ./axexample-dotnetcore.dll --urls "http://0.0.0.0:80" |
- Assuming that the executable file for your web application is axexample-dotnetcore.dll
- From the command line, navigate to your web application root folder and launch your web application
Deploying into an IIS .NET Core website
- Navigate to your web application root folder.
- Edit your web.config file to add environment variables for using AcuSensor:
<?xml version="1.0" encoding="utf-8"?> <configuration> <location path="." inheritInChildApplications="false"> <system.webServer> <handlers> <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" /> </handlers> <aspNetCore processPath="dotnet" arguments=".\axexample-dotnetcore.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess"> <environmentVariables> <environmentVariable name="DOTNET_STARTUP_HOOK" value="C:/acusensor/SensorProfiler.Module/netcoreapp3.1/SensorProfiler.Module.dll" /> <environmentVariable name="SENSOR_SETTINGS_PATH" value="C:/acusensor/settings.ini" /> </environmentVariables> </aspNetCore> </system.webServer> </location> </configuration> <!--ProjectGuid: 16505b2e-7499-4c97-a9ff-d18e39913ad5--> |
- Restart your web application from the IIS Manager.