Jenkins : zap-plugin Form-Based Auth

Form-Based Authentication

  1. Username and Password
     
    • This allows you to configure the username and password for a User that may be used during Attack Mode actions (Spider Scan and Active Scan).
       
  2. Logged in Indicator
     
    • The Logged in indicator, when present in a response message (either the header or the body), signifies that the response message corresponds to an authenticated request.

      e.g. presence of a logout link or a Welcome back, User X pattern.

      Info: Indicator should be a Regex in the form of: .\Qlogout=\E.

  3. Login Form Target URL
     
    • The URL to which the authentication request is done by submitting a form or performing a GET request using a username/password pair of authentication credentials.
       
  4. Username Parameter and Password Parameter
     
    • Parameter that contains the value for the username and password of the User respectively. See here for more information.
       
  5. Extra POST Data
     
    • Additional post data to be sent with the authentication request.

      Info: If the login request is in the form of: username=admin&password=secret&login=true, then the value for Extra POST Data should be: action=Login

Attachments:

FORM-AUTH.png (image/png)
FORM-AUTH.png (image/png)