The first step to a well-secured Web Application is a good authentication system. This keeps intruders from accessing your sensitive information and make your systems overall safer.
If you have Authentication set up on your target, you might want Probely to scan your website further behind the login page, like an authenticated user. By doing this you're enabling Probely to run a scan that might reveal any vulnerabilities in deeper parts of your app.
It is recommended that you create a user for the tests since Probely will submit forms and click buttons, which might "pollute" the account.
After you've added a successfully verified target, you can head to the target settings and follow these steps:
Step 1: Go to your target "Settings"
On your target settings locate the "Target Authentication" module and select "Login Sequence":
Step 2: Import your login sequence
Click on "Add Login Sequence" and, on the next screen, define a name and either paste or upload a previously recorded login sequence; if you haven’t recorded a sequence yet, here’s how you can do it:
First, start by making sure you are logged out of your target. Then, input your target’s URL on Probely’s plugin and "Start recording". If the login URL is
https://example.com/login, make sure to input the
https://example.com/ URL and click on the necessary link/button to access the login page, as if simulating a user’s action; alternatively, wait for your target to redirect you automatically to the login page, if applicable.
Once you are on your target’s login page, fill in the necessary fields in order to log in. If your credentials are already saved and automatically filled in by your browser, make sure to use your mouse to click on each field so that the plugin can record the necessary fields and their values.
After filling in the necessary fields, make sure to click on the login button or follow any steps needed to conclude the login process and access your target. Make sure to use your mouse cursor as much as possible so that each action you make within your page is correctly registered by the plugin.
Once you are logged in to your target, “Stop recording” and either copy or download your login sequence and import it to your target settings right away!
Step 3: Once you are done, submit your sequence and click "Save"
You can now run authenticated scans on your target!
Alternatively, you can set up the "login form" option instead. Learn more about it here.