Complex web applications require the ability to load dynamic pages and components. For an automated scanner to be able to authenticate a specific asset, it is necessary to fulfill these requirements. This method uses the Recorder Panel in the Chrome Browser to record user actions when logging into the account used for scanning. This way you can record the authentication process and upload the recording to the website scanner.
Before starting the scan:
1) Open your desired login page in a new Chrome Incognito window
2) Right click anywhere on the page and select Inspect
You can also use the keyboard shortcut Ctrl/Command + Shift + C.
3) Go the the Recorder tab in the Inspector panel
4) Click on Create a new recording
5) You may give the new recording a custom name
6) Click on Start recording
7) Perform a complete login
In this current window, proceed as you would normally do (try to avoid unnecessary actions or steps).
E.g. enter the username, the password, click the “Sign in” button and end up on your user’s homepage.
8) Once the login is complete, click on End recording
9) Set a Timeout of at least 15000ms (but no more than 30000ms) to avoid any timeout errors when the recording is replayed by our scanner
10) Click on the Export recording icon and export it as JSON
11) Upload the saved JSON file to our Website Scanner and start the scan
Now the scanner should be able to target any page that requires the authentication flow you just recorded.
Need more info about Authenticated scans and why you should be performing this type of scan? Read our article in the Learning Center.