Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

Form-Based Authentication

  1. Username and Password
    • This allows you to configure the username and password for a User that may be used during Attack Mode actions (Spider Scan and Active Scan).
  2. Logged in Indicator
    • The Logged in indicator, when present in a response message (either the header or the body), signifies that the response message corresponds to an authenticated request.

      e.g. presence of a logout link or a Welcome back, User X pattern.

      Info: Indicator should be a Regex in the form of: .\Qlogout=\E.

  3. Login Form Target URL
    • The URL to which the authentication request is done by submitting a form or performing a GET request using a username/password pair of authentication credentials.
  4. Username Parameter and Password Parameter
    • Parameter that contains the value for the username and password of the User respectively. See here for more information.
  5. Extra POST Data
    • Additional post data to be sent with the authentication request.

      Info: If the login request is in the form of: username=admin&password=secret&login=true, then the value for Extra POST Data should be: action=Login

  • No labels