Authentication Scripts

Authentication Scripts

Authentication scripts automate login processes for authenticated scanning. These scripts handle various authentication mechanisms from simple forms to complex OAuth flows:

# Authentication script for form-based login
def authenticate(helper, paramsValues):
    # Login URL
    login_url = "https://example.com/login"
    
    # Create login request
    msg = helper.prepareMessage()
    msg.setRequestHeader("POST " + login_url + " HTTP/1.1")
    
    # Set form parameters
    username = paramsValues.get("username")
    password = paramsValues.get("password")
    
    body = "username=" + username + "&password=" + password
    msg.setRequestBody(body)
    msg.getRequestHeader().setContentLength(msg.getRequestBody().length())
    msg.getRequestHeader().setHeader("Content-Type", "application/x-www-form-urlencoded")
    
    # Send login request
    helper.sendAndReceive(msg)
    
    # Check if login succeeded
    if "Welcome" in msg.getResponseBody().toString():
        print("Authentication successful")
        
        # Extract session cookie
        cookies = msg.getResponseHeader().getHeaders("Set-Cookie")
        for cookie in cookies:
            if "sessionid" in cookie:
                # Store session for future requests
                helper.getCorrespondingHttpState().addCookie(cookie)
                
        return True
    else:
        print("Authentication failed")
        return False

Authentication scripts must handle various success/failure indicators, session management, and re-authentication when sessions expire. Robust authentication scripts include error handling for network failures, implement retry logic, and provide clear debugging output for troubleshooting failed authentications.