Creating a header authentication object
Speaker 1: Welcome to NexPloit. In this video, you’ll learn how to create a header authentication object and use it for a scan. The purpose of an authentication object is to grant an exploit access to the login protected parts of your web application. Header authentication is the most straightforward method of authentication used for static authentication tokens. You simply need to specify the value of the authentication token so that an exploit can access the protected pages automatically as well as notify you if the authenticated session becomes invalid during a scan. By using an authentication object, you enable the exploit to reach complete scan coverage of the target application. When running a scan, you can read more information about authenticated scanning in our docs. Let’s get started. For this video. We’re using our benchmark application as an example. Go to the next Beloit application from the left menu, Select Authentications and then click Create Authentication. Enter a name for your authentication object. From the authentication type dropdown list. Select Header authentication in the authentication setup section. First, enter the name of your authorization header. To define it in your browser. Open the dev tools. Select the network tab and sign in to your application. Now you can find the authentication token among the login response headers. Copy paste the value of the authorization header in the value field. In the authentication triggers section, select an indicator of invalid authentication session. For our application. It will be HTTP response status 401. Great. We’ve configured the authentication object and now we need to test it to avoid errors during a scan. For that, go to the valid session tester and in the validation URL field, enter the URL of any other login protected page within your application. Click test authentication. In the test results, we can see that the validation URL was reached successfully. This confirms that the authentication object was configured correctly. Now you can click create. The created object is saved and can be selected when starting a new scan for this target. Thanks for watching and happy authenticated scanning with next ploy from all of us at NeuraLegion.