Form-Based Authentication
- Username and Password
- This allows you to configure the username and password for a User that may be used during Attack Mode actions (Spider Scan and Active Scan).
- This allows you to configure the username and password for a User that may be used during Attack Mode actions (Spider Scan and Active Scan).
- Logged in Indicator
- The Logged in indicator, when present in a response message (either the header or the body), signifies that the response message corresponds to an authenticated request.
e.g. presence of a logout link or a Welcome back, User X pattern.
Info: Indicator should be a Regex in the form of:
.\Qlogout=\E.
- The Logged in indicator, when present in a response message (either the header or the body), signifies that the response message corresponds to an authenticated request.
- Login Form Target URL
- The URL to which the authentication request is done by submitting a form or performing a GET request using a username/password pair of authentication credentials.
- The URL to which the authentication request is done by submitting a form or performing a GET request using a username/password pair of authentication credentials.
- Username Parameter and Password Parameter
- Parameter that contains the value for the username and password of the User respectively. See here for more information.
- Parameter that contains the value for the username and password of the User respectively. See here for more information.
- Extra POST Data
- Additional post data to be sent with the authentication request.
Info: If the login request is in the form of:
username=admin&password=secret&login=true
, then the value for Extra POST Data should be:action=Login
- Additional post data to be sent with the authentication request.