HTML forms are logins you see on most websites like facebook or detectify.com.
To authenticate Detectify with HTML forms, you need to record the log-in sequence (trail) and upload it to Detectify under Domain settings. The sequence should be recorded with our Chrome extension and will be replayed by our scanner to log in.
Please note that this is a beta feature. Although it works for a majority of our users, we cannot guarantee that beta features will work in all scenarios. Your testing and feedback is very helpful to help us improve our functionality.
1. Install Detectify Chrome Extension
First, you need to install our Chrome extension that can be found here. When the extension is installed, a Detectify icon should show up in the address bar.
2. Record the login
Navigate to your domain in Chrome and click on the Detectify icon in the address bar to open up the extension. Two options will be shown, Record log in and Other scenario.
Select Record log in and click Start recording. The page will refresh and the popup will automatically close but it will still remember which step it's at.
Go to your login page and log in as you normally do. When you are logged in and the page have stopped loading, open up the extension again and select Stop recording.
Your login sequence is now recorded and the next step is logging out.
3. Record the logout
The logout needs to be recorded to make sure our scanner doesn't accidentally log out while performing a test. To start recording the logout sequence, select Start log out recording and log out. The page will refresh and the popup will automatically close.
When the logout sequence is recorded, open our extension again and click on Stop and review recording. A new tab will be opened.
This will bring you to a review state where all the recorded requests are be listed. Since we will blacklist/not visit the links recorded for the logout, make sure only requests necessary for the logout are marked with a checkmark. Here you can also confirm that the trail file is working by replaying the login scenario. Click the Replay icon for the login URL.
When you’ve confirmed that the login scenario worked, click Mark as reviewed.
4. Upload and enable trail
When the review of logout links is completed, the recorded trail can be saved. Select your scan profileyou want to use the trail file for and click on Basic under Settings.
You will see the Scan Behind Login card, where you can upload your trail and apply it to a target.
5. Run a test!
Everything is now done and you are ready to run a test!