All Collections
Quick how to's!
Authentication
How to set up Target Authentication with a Login Sequence
How to set up Target Authentication with a Login Sequence

Learn how to configure a target to scan behind complex authentication login flows.

Ana Pascoal avatar
Written by Ana Pascoal
Updated over a week ago

The first step to a well-secured Web Application is a sound authentication system. This keeps intruders from accessing your sensitive information and makes your systems overall safer.

If you have Authentication set up on your target, you might want Probely to scan your website further behind the login page, like an authenticated user. By doing this, you're enabling Probely to run a scan that might reveal any vulnerabilities in deeper parts of your app.

It is recommended that you create a user for the tests since Probely will submit forms and click buttons, which might "pollute" the account.

After you've successfully added a target, you can follow these steps:

  1. Go to the login configuration of the target

  2. Configure the login sequence for the target

  3. Save and enable the login configuration

This article describes these steps in detail.

Step 1: Go to the login configuration

In the Probely app, go to the login configuration of a target as follows:

  1. Select the TARGETS tab to see the list of targets.

  2. On the row of the target you wish to configure the login, click on the cogwheel to open its settings.

  3. Click on the AUTHENTICATION tab and click on the LOGIN SEQUENCE button to display the configuration form.

Step 2: Configure the login sequence

In the configuration form, click on Add Login Sequence and do the following:

  1. Type the name of the sequence.

  2. Choose how you want to provide the recorded login sequence:

    1. Paste sequence - Type or paste the sequence in plain text in JSON format.

    2. Upload sequence - Upload the sequence from a JSON file.

  3. Click on the SUBMIT SEQUENCE button.

If you haven't recorded the login sequence yet, here's how you can do it:

  1. Start by making sure you are logged out of your target.

  2. Open the Probely’s plugin to record the sequence.

  3. Provide the homepage URL of your target, not the URL of the login page.
    For example, if the URL of the login page is https://example.com/login, provide the homepage URL as https://example.com/.

  4. Start recording.

  5. Perform all the steps to reach the login page. Alternatively, if the target automatically redirects you to the login page, just wait for it.

  6. Once on the login page, fill out the fields and do all the steps to log in. Do not use values already saved and automatically filled in by your browser, and make sure you type them in. Also, make sure you click the login button or do the steps needed to finish the login.

  7. Once logged in, stop recording and either copy or download the login sequence and use it in the target configuration.

IMPORTANT NOTE: While recording a login sequence, you must use your mouse as much as possible and always type the needed values so the plugin correctly records each action you make on your target to log in.

Step 3: Save and Enable

Once you are done, click SAVE AND ENABLE, and you should be ready to start scanning!

You can disable/enable this authentication anytime with the Off/On toggle button or delete the configuration using the DELETE button.

Read the following articles to learn more about other authentication schemes for your targets:

Did this answer your question?