Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Form-Based Authentication

  1. Username and Password
     
    • This allows you to configure the username and password for a User that may be used during Attack Mode actions (Spider Scan and Active Scan).
       
  2. Logged in Indicator
     
    • The Logged in indicator, when present in a response message (either the header or the body), signifies that the response message corresponds to an authenticated request.
      Info

      e.g. presence of a logout link or a Welcome back, User X pattern.

      Info

      Info: Indicator should be a Regex in the form of: .\Qlogout=\E.

  3. Login Form Target URL
     
    • The URL to which the authentication request is done by submitting a form or performing a GET request using a username/password pair of authentication credentials.
       
  4. Username Parameter and Password Parameter
     
    • Parameter that contains the value for the username and password of the User respectively. See here for more information.
       
  5. Extra POST Data
     
    • Additional post data to be sent with the authentication request.
      Info

      Info: If the login request is in the form of: username=admin&password=secret&login=true, then the value for Extra POST Data should be: action=Login