Two-factor authentication (2FA) strengthens authentication with an additional layer of security that requires presenting an extra piece of evidence (the factor) to an authentication mechanism of a website or application. To obtain that factor, a third-party authenticator (TPA) provides a random code that changes frequently. This random and temporary code is also known as One Time Password (OTP).
Probely allows configuring 2FA to scan websites or applications with 2FA enabled.
Configuring 2FA in Probely involves two steps:
Obtain information on the 2FA configuration of the website or application.
Configure 2FA in Probely for the respective target.
This article describes these steps in detail.
Step 1: Obtain the 2FA Configuration Information
The configuration of 2FA in Probely requires some information from the 2FA configuration of the website or application, namely:
So, first, go to the 2FA configuration of the website or application.
The seed / secret is obtained when the QR Code is displayed to be scanned by the TPA app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Obtain the secret in one of the following ways:
The secret is available on the page together with the QR Code.
For example, GitHub has a link to show the secret.
Use a QR Code scanner app on the phone to scan the QR Code.
The QR Code link that is obtained contains the secret in it.
After scanning the QR Code with the TPA app, it will start providing OTP codes, allowing you to complete the 2FA configuration for the website or application.
Now, Probely needs the following information:
CSS Selectors (if the Login Form is configured)
So that Probely can use the OTP code in the 2FA form, login to the website or application, and when the 2FA form requests the OTP code, obtain the following information:
The CSS selector of the input widget of the OTP code.
The CSS selector of the submit button.
body > form > p:nth-child(3) > button
Learn more about how to obtain CSS selectors.
OTP code (if the Login Sequence is configured)
So that Probely can use the OTP code in a login sequence, record a new login sequence of the website or application with 2FA, and save the OTP code used for later.
Step 2: Configure 2FA in Probely
With the information obtained in Step 1, configure 2FA in Probely as follows:
Go to the target settings.
Select the AUTHENTICATION tab and
In the TWO-FACTOR AUTHENTICATION (2FA) section, fill out the configuration values:
With the 2FA configuration complete, Probely should be able to authenticate with 2FA and scan the target.