Basic Authentication with Escape¶
Description¶
The 'Basic' authentication preset is designed for straightforward authentication scenarios:
- Credentials Encoding: User's credentials (username and password) are encoded in base64.
- Header Attachment: The encoded credentials are attached to the request headers.
- Authorization Header: The client sends these credentials in the Authorization header of the HTTP request.
This method provides a simple and direct way to authenticate users, without requiring additional server requests for user creation or authentication. It is best suited for scenarios where simplicity and ease of implementation are prioritized.
Note: While this method is straightforward, it's less secure compared to more advanced authentication methods.
Examples¶
presets:
- type: basic
users:
- username: user1
main_user: false
password: pass1
- username: user2
main_user: false
password: pass2
Extensive Configuration¶
| Property | Type | Default | Description |
|---|---|---|---|
type * | Const[basic] | basic | |
users * | List[BasicUserPreset] | A list of users with basic credentials to create |
Objects¶
BasicUserPreset¶
| Property | Type | Default | Description |
|---|---|---|---|
basic | string | null | The basic to attach Reach the Login Page and attack to the HTTP requests sent for this user. |
cookies | Dict[string, string] | null | Optional cookies injected during the authentication process and in authentified requests. |
digest | string | null | The digest to attach Reach the Login Page and attack to the HTTP requests sent for this user. |
headers | Dict[string, string] | null | Optional headers injected during the authentication process and in authentified requests. |
main_user | boolean | false | When running a frontend DAST scan, this indicates that the scanner must use this user when crawling. There must be only one main user per scan. If none is provided, a random user will be selected. |
password * | string | The Basic password of the user. | |
query_parameters | Dict[string, string] | null | Optional query parameters injected during the authentication process and in authentified requests. |
username * | string | The Basic username of the user. |