Form authentication – Create custom scripts

Form authentication – Create custom scripts

This document describes how to view the custom script editor, how to create custom scripts for form authentication, and how to execute scripts on multiple pages.

How to view the custom script editor

To open the Custom Scripts Editor and create custom scripts you can either watch this video (on Youtube) or follow the steps below:

  • Select Scans > New Scan from the left-side menu.
  • Enter the Target URL and the Scan Profile.
  • From the Authentication section, select Form.

  • Select the Form Authentication checkbox.

  • Enter the Login Form URL.
  • Under the personas section, click + New Persona, and fill in the Username and Password fields.

  • Click Custom Script.

The Custom Script editor opens and is ready for your input.

To configure custom scripts, follow the steps in the next section.

How to create custom scripts

Acunetix 360 has a built-in Java script generator. On the right side of the window, the preview of the login form page is displayed.

  • On the left side, click Clear to clear out the default script.

  • In the preview on the right, right-click on the form elements and select Generate CSS Code. Repeat this for the remaining fields and the Submit button. You can set a delay time for the Submit buttons by clicking Generate CSS Code with Delay.

  • When you right-click the menu items, a single line of code is inserted into the script editor in the left panel. The generated code for each element may be different.

  • Apart from generating the JavaScript code, you can write your own code in the script editor in the left panel. Any html, JavaScript, DOM API that is supported on a modern browser is supported here, too.
  • To amend the delay, locate the code value for this, and amend it as needed. The default value is set to 2000.

NOTE:

Acunetix 360 generates a JavaScript code that sets a value for the input fields. For other elements, such as a button or an anchor, the generated JavaScript code allows Acunetix 360 to click on that element.

  • Select Test Script. Depending on the complexity of the form and the length of the generated code, the testing process may take time.

  • If your script is working as expected, click OK.
  • Back on the New Scan > Form Authentication window, click Verify login & logout, and wait for Acunetix 360 to complete the verification process.

  • Select OK once the authentication verification complete message appears.

How to execute scripts on multiple pages

You can write and use custom scripts if your form authentication consists of multiple pages or has redirects. For most of these scenarios, a single page of custom script will help you authenticate with the website.

The video below shows a form authentication scenario where the username (an email address in this example) is entered on the first page and the password is entered on the next page.

Since there is a brand new document context after each page is loaded, you need to enter your custom script code to separate pages dedicated to that page. Acunetix 360 provides you with the opportunity to execute your custom script code after each page navigation during the form authentication process. All you need to do is create script pages on this window and write the corresponding piece of code for that page.

Logout detection

For more information, refer to Logout Detection.