Two-factor authentication (2FA) strengthens authentication with an additional layer of security that requires presenting an extra piece of evidence (the factor) to an authentication mechanism of a website or application. To obtain that factor, you can use an authenticator like Google Authenticator, 1Password, Authy, or Microsoft Authenticator, which provides a random code that changes frequently. This random and temporary code is called a Time-based One-time Password (TOTP).
In Probely, you can scan websites or applications that use 2FA by configuring the Time-based One-Time Password (TOTP) option under the TWO-FACTOR AUTHENTICATION (2FA) section of your target settings.
Probely also allows you to set up 2FA with Other OTP (One-time Password). To learn more about it, read this article on how to set up Target 2FA with an alternative OTP.
Obtain information on the 2FA configuration of the website or application.
Configure 2FA in Probely for the respective target.
This article describes these steps in detail.
Step 1: Obtain the 2FA Configuration
The configuration of 2FA in Probely requires some information from the 2FA configuration of the website or application, namely:
So, first, go to the 2FA configuration of the website or application.
The seed / secret is obtained when the QR Code is displayed to be scanned by the authenticator app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Obtain the secret in one of the following ways:
The secret is available on the page together with the QR Code.
For example, GitHub has a link to show the secret.
Use a QR Code scanner app on the phone to scan the QR Code.
The QR Code link that is obtained contains the secret in it.
After scanning the QR Code with the authenticator app, it will start providing TOTP codes, allowing you to complete the 2FA configuration for the website or application.
Now, Probely needs the following information:
CSS Selectors (if the Login Form is in use)
So that Probely can use the TOTP code in the 2FA form, log in to the website or application, and, when the 2FA form requests the TOTP code, obtain the following information:
The CSS selector of the input widget of the TOTP code.
The CSS selector of the submit button.
body > form > p:nth-child(3) > button
Learn more about how to obtain CSS selectors.
Step 2: Configure 2FA in Probely
With the information obtained in Step 1, configure 2FA in Probely as follows:
Go to the target settings.
Select the AUTHENTICATION tab.
In the TWO-FACTOR AUTHENTICATION (2FA) section, fill out the configuration values:
With this configuration complete, Probely should be able to authenticate with 2FA and scan the target.
Read the following articles to learn more about other authentication options for your targets: