Run authenticated scans against web applications that use popup login forms
Problem to solve
Many websites use a popup/modal for the login form. The process to login is navigation to the home page, click sign in, and enter the username/password into the popup.
This issue proposes adding an option to the authentication configuration to allow users to click an element prior to entering the login details.
When Browserker navigations to
AuthDetails.LoginURL, it should check to see if the new configuration value
AuthDetails.LoginSelector exists on the page. If it is present, the selector should be clicked. The resulting form should be filled out by the normal Browserker authentication process.
This should work for manual and auto login attempts.
Update: The user should be able to supply a list of selectors. Each selector will be clicked on. This allows user to click to open the menu, then click on sign in, as an example.
Please update the Browserker configuration documentation.
What is the type of buyer?
After loading the login URL in
captureLoginPage, actions should be followed using
For each new processed action, new Navigations should be captured
A section should be added to the report for each login action step
Add an end-to-end test to ensure that users can log in with popup login forms
Likely have to adjust an end to end test fixture (pancakes?) to have a login form
Add documentation for the feature in the browser-based DAST configuration section.
Assigning a weight of