Skip to main content

How to set up target authentication with a login form

When a target has a login form, you can configure the target so that Probely can authenticate to reach and scan areas reserved for authenticated users only.

Step 1: Get the identifiers of the login form input fields

For Probely to fill out the login form, you need to get the identifiers of the credentials input fields in the login form, namely:

  • The identifier of the username input field.
  • The identifier of the password input field.

For more information on obtaining an identifier, see this article on how to obtain a CSS selector.

Step 2: Set up target authentication with a login form

With the login form input fields identified, you can set up the target authentication using the following parameters:

  • Enable target authentication with a login form ("has_form_login": true).
  • The URL of your login form (in "form_login_url").
  • The input fields identifiers and values in your login form (in "form_login").
  • Ensure the target authentication with a login sequence is disabled ("has_sequence_login": false).
  • Enable the target authentication ("auth_enabled": true).

In this request, we use an existing target with the identifier 2oirKt8AKxdr, and the following values:

  • URL of the login form: "http://example.com/login.jsp".
  • The input fields identifiers and values:
    • Username: "uid" and "admin".
    • Password: "passwd" and "admin".
Request
curl https://api.probely.com/targets/2oirKt8AKxdr/ \
  -X PATCH \
  -H 'Content-Type: application/json' \
  -H 'Authorization: JWT <YOUR_API_TOKEN>' \
  -d '{
    "site":{
      "has_form_login":true,
      "form_login_url":"http://example.com/login.jsp",
      "form_login":[
        {   
          "name":"uid",
          "value":"admin"
        },
        {
          "name":"passwd",
          "value":"admin"
        }
      ],
      "has_sequence_login":false,
      "auth_enabled": true
    }
  }'

The response will return the target with the following:

  • The login form is enabled ("has_form_login": true).
  • The login form URL is configured (in "form_login_url").
  • The login credentials are configured (in "form_login").
  • The login sequence is disabled ("has_sequence_login": false).
  • The target authentication is enabled ("auth_enabled": true).
Response
{
  "id": "2oirKt8AKxdr",
  "site": {
    "id": "UYzK6mLxffx9",
    "name": "My Example",
    "desc": "",
    "url": "https://example.com",
    "host": "example.com",
    "has_form_login": true,
    "form_login_url": "http://example.com/login.jsp",
    "form_login_check_pattern": "",
    "form_login": [
      {
        "name": "uid",
        "value": "admin"
      },
      {
        "name": "passwd",
        "value": "admin"
      }
    ],
    ...
    "has_sequence_login": false,
    ...
    "auth_enabled": true,
    ...
  },
  ...
}

Now, with the target authentication set, Probely scans on the target will be able to reach restricted areas meant for authenticated users only.