Deploying AcuSensor for ASP .NET
AcuSensor Network Prerequisites |
How to deploy AcuSensor for ASP .NET websites
This section describes how to deploy AcuSensor to an ASP.NET (including .NET core) web application.
- Download the AcuSensor agent for your Target.
- Install Prerequisites on the server hosting the website. (The AcuSensor Injector.exe application requires Microsoft .NET Framework 3.5 or higher).
- Copy the AcuSensor installation file dotnet-acusensor.zip to the server hosting the .NET website.
- Extract the dotnet-acusensor.zip file, navigate to the .NET Framework subfolder, and launch the Injector.exe file.
- On start-up, the Injector will retrieve a list of .NET applications installed on your server. Select which applications you would like to enhance with the AcuSensor Technology and click Install Sensor to install the AcuSensor Technology sensor in the selected .NET applications.
- Once the sensor has been installed, close the confirmation window and also the AcuSensor manager.
How to disable and remove AcuSensor for ASP .NET websites
To remove and disable AcuSensor from your website:
- Launch Injector.exe.
- Select the website where the AcuSensor agent is deployed and click Remove Sensor to remove the AcuSensor agent from the site.
- Close the Injector.exe application.
How to deploy and remove AcuSensor using the command line
After copying and extracting the dotnet-acusensor.zip file to the server hosting the .NET website, you can deploy and remove the AcuSensor agent to your web application, and also list available web applications, as follows:
C:\Users\Administrator\Desktop\dotnet-acusensor>injector -m inject -t http://localhost:86/yaf_forums Target Found. Injecting sensor to: http://localhost:86/yaf_forums C:\Users\Administrator\Desktop\dotnet-acusensor>injector -m uninject -t http://localhost:86/yaf_forums Target Found. Uninjecting sensor from: http://localhost:86/yaf_forums C:\Users\Administrator\Desktop\dotnet-acusensor>injector -m list http://localhost:86/ http://localhost:86/yaf_forums http://localhost:86/kartris http://localhost:86/bugnet C:\Users\Administrator\Desktop\dotnet-acusensor> |
- The -m switch can be:
- inject - to inject the AcuSensor agent into a web application
- uninject - to remove the AcuSensor agent from a web application
- list - to list the web application on the web server
- The -t switch should specify the URL for which you wish to inject or remove the AcuSensor agent
NOTE:
|
How to deploy .NET AcuSensor manually
- Download the AcuSensor agent for your Target.
- Extract the downloaded ZIP file in any directory. For this illustration, we used the following folder: C:\ProgramData\Acunetix\Acusensor
- Open Powershell or CMD with administrator privileges.
- Navigate to the .NET Framework folder.
- Run the following command: Injector.exe -m extract
- Copy the newly created DLLs and settings.ini to the target application’s bin folder similar to the following:
- Open settings.ini and edit the entry ‘log.path’ to reflect ‘log.path=C:\inetpub\temp\IIS Temporary Compressed Files\logs’
- To install the IIS HTTP Module, add the following to the web application’s web.config:
<configuration> <system.webServer> <modules> <add name="InvictiSensorModule" type="SensorModule.RequestsHandlerModule, SensorModule, version=5.0.0.0, culture=neutral, publicKeyToken=068f0ac6f5c4405b" /> </modules> </system.webServer> </configuration> |
- To load the SensorModule.dll .NET profiler, you need to add the following environment variable; do this by changing the IIS application-host config file: “%windir%\System32\inetsrv\config\applicationHost.config”
SENSOR_SETTINGS_PATH=<SensorRoot>/settings.ini |
- Restart the test application in IIS. (You might need to restart W3SVC service for the changes to take effect.)
Running a scan on this Target will now display AcuSensor used for this scan in the Activity section of the Scan Information.
AcuSensor should generate logs inside the directory you entered in the settings.ini file. If you experience any issues, submit a ticket through our Help Center and include these logs.
