Run authenticated scans against web applications that use popup login forms

Problem to solve

Many websites use a popup/modal for the login form. The process to login is navigation to the home page, click sign in, and enter the username/password into the popup.

This issue proposes adding an option to the authentication configuration to allow users to click an element prior to entering the login details.

Intended users

• Sasha (Software Developer)
• Sam (Security Analyst)

Proposal

When Browserker navigations to AuthDetails.LoginURL, it should check to see if the new configuration value AuthDetails.LoginSelector exists on the page. If it is present, the selector should be clicked. The resulting form should be filled out by the normal Browserker authentication process.

This should work for manual and auto login attempts.

Update: The user should be able to supply a list of selectors. Each selector will be clicked on. This allows user to click to open the menu, then click on sign in, as an example.

Documentation

Please update the Browserker configuration documentation.

What is the type of buyer?

Gold/Ultimate

Implementation plan

• After loading the login URL in captureLoginPage, actions should be followed using crawler.Process
• For each new processed action, new Navigations should be captured
• A section should be added to the report for each login action step
• Add an end-to-end test to ensure that users can log in with popup login forms
• Likely have to adjust an end to end test fixture (pancakes?) to have a login form
• Add documentation for the feature in the browser-based DAST configuration section.

Assigning a weight of 5.