Form authentication troubleshooting, tips, and tricks
Fix common Acunetix 360 Form authentication issues with these troubleshooting steps, tips, and tricks for seamless scanning.
TIP: Utilize the functions from the Acunetix 360 Form Authentication API (netsparker.auth) to set input values or click elements. These functions do more than just set values or simulate clicks—they also trigger any necessary JavaScript events that are fired when a user performs these actions. Some JavaScript frameworks rely on these events, so simply setting input values or clicking elements may not be sufficient. |
This document covers the most frequently asked questions. Check the section below for answers to your queries.
KNOWN ISSUE: Acunetix 360 does not support scripting for popups triggered during the form authentication process. If possible, use the URL loaded in the popup window as your Login form URL. |
Q: The login form is dynamically rendered inside an inline dialog, and Acunetix 360 cannot find it. How can it be filled?
A: Create a custom script that clicks the link or button to open the dialog, then fills in the login form after a delay. The script first opens the login dialog, enters the username and password after 2 seconds, and clicks the login button on the 3rd second.
netsparker.auth.clickByQuery('#header > div.row > a:nth-child(1)'); // Trigger the login dialog netsparker.auth.setValueByQuery('#email', username, 2000); netsparker.auth.setValueByQuery('#password', password, 2000); netsparker.auth.clickByQuery('#login-button', 3000); |
TIP: You do not always need to click the Login button on your page. If a JavaScript function handles the login process, you can directly call that function after filling out the login form. Use the following script: netsparker.auth.setValueByQuery('#Username', username); netsparker.auth.setValueByQuery('#Password', password); MyApp.LoginController.DoLogin(); |
Q: How can additional fields in the login form, along with the username and password, be filled?
A: Create a custom script to fill in the username and password using current persona variables while hardcoding the remaining credentials.
netsparker.auth.setValueByQuery('#Username', username); netsparker.auth.setValueByQuery('#Password', password); netsparker.auth.setValueByQuery('#LoginCode', '4815162342'); // Hard-coded extra credential netsparker.auth.clickByQuery('#LoginButton'); |
Q: How to add custom cookies for form authentication?
A: Set the required cookies in the Custom Cookies section under General in your scan profile. These cookies will be used during form authentication request
Q: How to set custom header values or change the user agent string during form authentication?
A: Create a scan policy with the desired header values and user agent string, then apply it to the current profile during form authentication.
Q: The script executes too quickly. How to add a delay to allow a page to load before proceeding to the next step?
A: Use the await instruction to pause the script for a specified number of milliseconds before executing the next command.
var username = "myusername"; var password = "mypassword"; netsparker.auth.setValueByQuery( '#content > div:nth-child(1) > form > table > ' + 'tbody > tr:nth-child(1) > td:nth-child(2) > input[type="text"]', username); netsparker.auth.setValueByQuery( '#content > div:nth-child(1) > form > table > tbody > ' + 'tr:nth-child(2) > td:nth-child(2) > input[type="password"]', password); netsparker.auth.clickByQuery( '#content > div:nth-child(1) > form > table > ' + 'tbody > tr:nth-child(3) > td > input[type="submit"]'); // the next command waits for 2000 milliseconds await netsparker.auth.waitTimeoutAsync(2000); // continue your script here |
Q: The site requires visiting certain pages before the login form URL appears, and I cannot use the login form URL directly. How should I authenticate?
A: Set the first required page as the Login Form URL. Then, use custom scripting to navigate through each required page. You can either click the necessary HTML elements or use code like the following to handle the navigation:
document.location = 'https://mysite.com/login/next_page.htm'; |
Q: My site performs several redirects before reaching the login form. How can I write custom script code for the login form?
A: Create custom script pages for each redirect, leaving the script editor empty. Write the custom script for the login form on the final page, as Acunetix 360 won’t execute any code on the redirect pages.
Q: How can I run script code after a certain delay?
A: Use the built-in setTimeout JavaScript function to execute the code after a specified amount of time.
setTimeout(function() { // Write your JavaScript code here to execute after 2000 milliseconds }, 2000); |