WWWThief3.gif (2165 bytes)
NPS Software

WWWBandit FAQ


The latest version of this FAQ can be found on the WWWBandit web site


When I enter a URL in the Add Site dialog, WWWBandit says "Not a secure document"

The URL you supplied may not be secured by a username and password (e.g. the "join" or the "tour" page).
You must supply the secured URL of the members section of the site, the one that pops up the username/password dialog:

Login.gif (3206 bytes)

1. Click on the link that says "Members", "Members Entry" or something similar.
2. Enter a random username and password. Click OK.
3. The dialog will disappear and then reappear to give you another chance. This time, click Cancel.
4. Copy the URL from the Address bar at the top of your browser. This is the URL you need to feed WWWBandit.

Sometimes the URL shown in the address bar does not point to the secured web page. If WWWBandit says the document is not secure, try the following to get at the correct URL.

1. Move the mouse cursor over the link  that says "Members", "Members Entry", etc. without clicking. Most of the time the secured URL will be displayed in the status bar at the bottom of your browser. You can also use this technique to check the URL obtained by the first method.

2. Sometimes, the secured URL is embedded in the HTML source of the page.

When I enter a site in the Add Site dialog, WWWBandit says "Access forbidden"

When a site returns "Access forbidden", it will block out all further requests.  Try again later in Stealth Mode. If this doesn't work, WWWBandit can not break into your site, congratulations!

The username/password combinations reported by WWWBandit are fake

Under certain conditions proxy servers may send erroneous information back to WWWBandit resulting in fake users. Try again later in Stealth Mode. Also, be sure to update your proxies on a regular basis. Tip : check Update Proxies On Startup in General Options.

You can also log the attack session (check Log Session in General Options) and then look for the status code OK (200), marked in green. If the fake users are systematically reported by the same proxy or proxies, just remove the offending proxies and try again.