search

projectdiscovery / httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
https://docs.projectdiscovery.io/tools/httpx
MIT License
7.55k stars 823 forks source link

Feature Request: SSO Redirection and Automatic Form Filling #1708

Open iamthefrogy opened 4 months ago

iamthefrogy commented 4 months ago

Summary:

Implement a feature in httpx to detect and handle redirections to standard Single Sign-On (SSO) URLs, including automatic form filling for login pages.

Description:

When navigating to a homepage that redirects to a standard SSO URL (e.g., Okta, Google, Microsoft), httpx should:

  1. Detect the redirection to the SSO login page.
  2. Automatically fill in login forms using provided credentials (if specified via -aff).
  3. Provide a unified view of the SSO login apps vs. traditional apps when someone wants to do analysis of bulk URLs.

Use Cases:

  1. Monitoring and Probing: Enhance the capability of httpx to monitor and probe web applications that utilize SSO for authentication.
  2. Security Audits: Facilitate security audits by allowing automated interaction with SSO-protected resources.
  3. Provides a unified view of the standard login vs. SSO login vs. Social media login based apps.

Proposed Implementation:

  1. Detection: Implement logic to recognize common SSO URLs.
  2. Form Filling: Use a configuration file or command-line flags to provide credentials for automatic form filling (only if this is required, if apps on home page when httpx visits and it automatically anyway goes to 302 SSO URL, then task is completed by stating that this is SSO protected)
  3. Redirection Handling: Process the redirection URL to determine the success or failure of the login attempt.
  4. Provide options to specify different SSO providers and their respective login page structures.
GeorginaReeder commented 4 months ago

Thanks so much for this feature request @iamthefrogy , we'll take a look into it!