When scanning web applications for vulnerabilities, authenticated sections often hold critical functionality and sensitive data. These areas are typically protected by login mechanisms, making them essential to include in your scans. The ZeroThreat Chrome Extension bridges this gap by enabling you to record login sequences and effectively scan these protected sections.
This extension simplifies the process of capturing login sequence. By recording your interactions during login, ZeroThreat ensures these workflows are replicated during scanning, allowing the scanner to access and test all areas of your application.
Using the Chrome Extension to record a login sequence is a straightforward process. It involves selecting your target application, navigating through the login process, and tagging the necessary actions (like login, logout, and authenticated requests). Once recorded, this sequence can be used to perform an authenticated scan, ensuring a comprehensive assessment of your application’s security.
How to perform an Authenticated Scan with Login Sequence?
Before you start
Ensure that the latest version of ZeroThreat Chrome Recorder extension is installed on your browser.
1. Select Your Target
From the ZeroThreat dashboard, click Scan the Target and choose the web application you wish to scan. Next change the scanning server if required.
Scan the Target
2. Under the Authenticated Scan Section
Now under the Scan Method, click on Start New Authenticated Scan() button. This will launch your target web application in a new tab, along with the ZeroThreat Recorder Chrome window.
Minimize the Recorder Window
You can minimize the Recorder window, but keep it open throughout the process.
Once the extension is loaded, start by clicking on the Stored Sequence Authentication button. This feature allows ZeroThreat to store and replay your authentication details, making it ideal for scheduled scans and DevOps automation.
Choose Scan Authentication Method
Next you’ll have two options Full Scan or Scan Navigation Sequence Only. A Full Scan covers the entire web application, while a navigation sequence-only scan focuses solely on the pages you visit during recording.
Choose Scan type
Click the Start Recording () button to begin recording. The ZeroThreat Recorder will capture all your actions as you interact with the application.
Sequence Recording Started
4. Login and Navigate the target application
Now Log in to the target application using your credentials.
Login
After logging in, navigate few authenticated areas of the target application. The Recorder will capture all these actions, which are crucial for scanning protected sections of the app.
Authenticated Section
Avoid performing any non-essential actions during this session to ensure only relevant interactions are recorded.
Once you have navigated few authenticated sections, log out of the target application.
Logout
Click on Stop Recording () to stop the recording.
5. Configure the Template Information
After stopping, an overview and configuration for the template will open.
Review Recorded Template Information
Here configure the following:
Name the Template: Assign a meaningful name to your recording for easy reference later.
Authentication Sequence Name
Choose the Content Rendering Type: Select whether the application uses server-side rendering (e.g., WordPress, PHP, ASP.NET) or client-side rendering (e.g., Angular, React, Vue).
Rendering Engine Type
Optionally, exclude certain hosts from being scanned. This is useful for skipping hosts with sensitive data or third-party integrations.
Allowed Hosts
The next step is Authentication Page Marking. By default, ZeroThreat automatically marks: one request for login, one for an authenticated page, and one for logout. This helps the scanner perform more thorough scanning.
Authentication Page Marking
If needed, switch to the Custom option to manually tag these requests yourself:
First, select the login request as "Login.
Tag Login Request
Then, select any request accessible only after login as "Authorized"
Tag Authenticated Request
Lastly, select the logout request as "Logout." If you don’t see the logout request, you can also mark the page from where the logout action was performed. In our case we logged out from the batch-management page so we mark that as logout.
If your logout endpoint doesn’t show up in the recorded requests, don’t worry. Simply mark the last request from where you logged out of your application. This ensures proper tracking of the session flow.
6. Review and Finalize the Recorded Data
After reviewing the recording information you will have two options.
Save Template
Click Save and Exit () to store the recording sequence for later use.
Click Save and Start Scan ()to launch the scan immediately using your selected scan server.
7. Monitor the Scan
The scan will start immediately and you can track its progress and view results in the Scans section or Recent Scans section in the ZeroThreat portal.
Recent Scans
Tips & Cautions
Accurate Tagging: Be sure to correctly tag the login, authenticated, and log-out HTTP requests. This ensures that the scanner performs a complete and accurate scan of all protected areas.
Avoid Non-Essential Actions: During the recording session, refrain from interacting with any part of the application that isn’t relevant to the authentication flow. This keeps your recorded data focused and clean.
Sensitive Data Handling: If your application interacts with third-party services or contains sensitive data, review and adjust the recorded HTTP requests carefully to avoid scanning external or protected resources unintentionally.
Your application has complex authentication mechanism like SSOs, CAPTCHA's, OTP's and more? Check out our guide on Scan MFA Appfor more advanced security testing.
) button. This will launch your target web application in a new tab, along with the ZeroThreat Recorder Chrome window.
) button to begin recording. The ZeroThreat Recorder will capture all your actions as you interact with the application.
) to stop the recording.
) to store the recording sequence for later use.
) to launch the scan immediately using your selected scan server.