During the scan, a browser window will open and show you all the steps carried out by AppSpider while replaying your macro.
If your macro does not work correctly and you wish to debug it, you can select the Display Macro Replay checkbox. Optionally, you can test the macro by replaying it using the Test button. Close the Browser Macro Recorder tool and return to the Scan Config wizard. This will allow you to see what the scanner is seeing and help you create a regex that will work. If you are having issues with getting the “Logged-in Regex” to work we recommend that you enable traffic logs and inspect the html response returned at the end of the macro. Often times these frameworks will render these fields using javascript which can not be seen within the Document Object Model (DOM). This is especially important if your application is built using modern frameworks such as Angular, React or Ember. If the indicator for a logged-in state is hidden under a menu item, expand it so that AppSpider can examine it and check the logged-in state. Once AppSpider confirms that the authentication was successful, it will move forward with the scan. During a scan, the engine will replay the macro and then look for the patten from the "Advanced Options > Logged-in Regex" field in the page on your screen. Additionally we advise that you click into each field you are injecting data into instead of using the “Tab” or “Return” buttons. By default, AppSpider will save the macro file in the "Macro" folder under the AppSpider data directory.Īs AppSpider records your actions and translates them into XPath commands, do not perform any actions apart from those required for logging in while recording the login macro. Follow the steps for logging in to your application. The Browser Macro Recorder will open your target application by default. This will open the Browser Macro Recorder in a new tab. If you do not have a previously recorded macro, follow the next steps. If you have previously recorded a login macro on this system, you can select it by opening the file explorer with the ellipsis (.) button. Select the Use login macro (for Form Authentication) checkbox. Open the Authentication > Macro Authentication tab. If you wish to use macro authentication, you can configure it using the following steps: During a scan, AppSpider can replay the actions in this file to log in to the web application. AppSpider records these sequences in xml format within a. You can enable AppSpider to perform this sequence of steps by recording a macro.Ī macro is a sequence of actions such as the clicking of buttons or text entry in a web page. For example, the login form may be in a pop-up that gets dynamically generated with Javascript when the "Login" button is pressed from the "Administration" window. If you use SSO (Single Sign-On) to authenticate to the app, expand the Advanced Options for SSO and configure your SSO details accordingly so that AppSpider can leverage Active Directory (AD) credentials to authenticate to the app.ĪppSpider may sometimes be unable to reach the login page of your application, or the login form may become available only after a certain specific sequence of actions has been carried out on your website. Enter the User Name and Password fields with a valid set of credentials that AppSpider can use to log in to the app, crawl it, and scan for vulnerabilities.Click the checkbox Site requires Form authentication.If the URL you've defined as the scope of your scan includes forms to enter in credentials and login, you can leverage the Automated Login option: You can configure these authentication methods in the Authentication tab of the scan config wizard. AppSpider supports a number of ways to authenticate into your application. This part of the web application can only be assessed by logging in to the app, and the process for logging in is called "Authentication". Web applications often have a section for registered users only.
0 kommentar(er)
