Form Authentication Bug

Skipfish will attempt to submit forms for authentication. However, there is no 
way to specify exactly which fields should be sent during form submission. As 
such, Skipfish will submit all fields, potentially causing authentication 
failures.

Additionally, it will try to populate fields automagically with what appear to 
be default static values even though user/password combinations are explicitly 
set in the config. Because these values are explicitly set in the config the 
expected behavior is one that would not auto populate fields. 

Example: (Broken apart for readability and slightly modified for 
confidentiality): 

This is the form fields submitted via a browser: 

master%24txtLoginEmailAddress_Header=&
master%24txtLoginPassword_Header=&
master%24masterContent%24txtLoginEmailAddress=test@test.com&
master%24masterContent%24txtLoginPassword=testpassword

How Skipfish is submitting them:

master%24txtLoginEmailAddress_Header=skipfish@example.com&
master%24txtLoginPassword_Header=skipfish&
master%24chkRememberLogin_Header=on&
master%24btnLogin_Header=skipfish&
master%24masterContent%24txtLoginEmailAddress=test@test.com&
master%24masterContent%24txtLoginPassword=testpassword&
master%24masterContent%24btnLogin=skipfish&
master%24masterContent%24chkRememberLogin=on

It would be nice if there was a way to specify exactly which fields should be 
submitted and if they should use a config/commandline provided value or the 
default value sent by the application for cases such as ViewState.
Original issue reported on code.google.com by lafk...@gmail.com on 22 Mar 2013 at 6:03
Evan-Sa / skipfish

Form Authentication Bug #174
