search

fcavallarin / htcap

htcap is a web application scanner able to crawl single page application (SPA) recursively by intercepting ajax calls and DOM changes.
GNU General Public License v2.0
610 stars 114 forks source link

[Question] Working with login forms #62

Closed anonymous-lama closed 4 years ago

anonymous-lama commented 5 years ago

Hi Htcap team,

Thanks for the wonderful work (really, your tool is awesome). I'd just like to ask a quick question:

Do you know how can we work with applications that require user login? I'm able to know precisely on which page the login page is. I've got some credentials to test. But, I don't know where in the tool I can tell to use those credentials for login. By default, the tool is using default credentials, which don't work on my application.

As I believe that many other people are also asking this question, it can also be worth adding it on a wiki or some documentation page.

Thanks a lot

fcavallarin commented 5 years ago

Hi! Thanks, it's always pleasant to get feedback like this!

To work with apps that require authentication you could either add a session cookie with -c or -C option or add an authentication header with the -E options.

I agree that I should add documentation and/or features to achieve authentication with less pain.

In the next weeks I will update this project with new features and bugfixes.

fcavallarin commented 4 years ago

Added support for login sequence! Now it should be easy to login to both form-based pages and to ajax ones (see doc on website)