In targets with authentication, Probely scans must log in to reach areas reserved for authenticated users to scan them for vulnerabilities.
The problem
When running scans on a target that uses a login sequence to complete a complex authentication flow, Probely fails to log in.
Troubleshoot the problem
To troubleshoot this problem, go through the following steps to identify the possible causes and respective solutions to fix it.
Step: Check the login sequence
Check if the JSON of the login sequence is still valid as follows:
In the Probely app, go to the TARGETS tab.
Identify the target in the list and click on the cogwheel to open its settings.
In the AUTHENTICATION tab, check the LOGIN SEQUENCE configuration, and download the JSON of the login sequence.
Open a browser, type the target’s URL, and follow the login flow.
On each step:
Right-click and select Inspect to obtain the attributes / CSS selectors that identify the input fields. Learn more about how to obtain a CSS selector.
Take note of those attributes / CSS selectors and the values used in the input fields.
In the JSON of the login sequence, validate the following:
If the sequence follows the login flow.
If the attributes / CSS selectors defined to identify the input fields are correct.
If the values defined for use in the input fields are correct.
If the JSON does not reflect the login flow, Probely scans cannot authenticate.
Check the following possible causes, and apply the respective solution:
Cause | Solution |
The login sequence does not follow the login flow. | Record a new login sequence, and add it to the target authentication. Learn more about How to set up Target Authentication with a Login Sequence. |
There are input fields in the login sequence with wrong attributes / CSS selectors to identify them in the login flow. | Record a new login sequence, and add it to the target authentication. Learn more about How to set up Target Authentication with a Login Sequence.
|
There are input fields in the login sequence with wrong values to use in the login flow. | Record a new login sequence, and add it to the target authentication. Learn more about How to set up Target Authentication with a Login Sequence. |
After following these steps, identifying the causes, and applying the respective solutions, Probely scans should be able to log in to your target.
Learn more about this subject in the following articles: