Browser Use Authentication with Escape
Description
Browser Use is a preset that allows you to use a browser to authenticate in Natural Language. It is a preset that allows you to use a browser to authenticate.
Examples
presets:
- type: browser_use
login_url: https://auth.example.com/login
logged_in_detector_timeout: 10
stealth_mode: false
users:
- username: frontend-user-with-totp@example.com
extra_instructions: After Login, click on "Accept" button in the pop if it
appears
password: pass
Extensive Configuration
| Property | Type | Default | Description |
auto_extraction_urls | List[string] | null | The API URLs to auto-extract requests headers from.Extracted headers will be injected automatically into every single authenticated request sent by the scanner.This is particularly useful when authentication API scans using Browser-based authentication. |
extractions | List[BrowserExtraction] | null | The extractions used to extract from the browser like page, browser_local_storage, browser_session_storage, or browser_cookies. |
injections | Union[BrowserInjection,HTTPInjection] | null | The injection configuration used to inject the tokens into either the HTTP requests, or another browser for Frontend scans. |
logged_in_detector_text | string | null | The text to detect in the last page to validate the user is logged in, case-insensitive |
logged_in_detector_timeout | integer | 10 | The timeout to wait for the logged in text to be detected (in seconds) |
login_url * | string | | The url that presents the login form |
stealth_mode | boolean | false | If true, the browser will use stealth mode to avoid CAPTCHA detection. |
type * | Const[browser_use] | browser_use | |
users * | List[BrowserUseUserPreset] | | The list of users to generate tokens for. |
Objects
| Property | Type | Default | Description |
jq | string | null | The jq expression to extract the value from the session storage item |
key * | string | | The key to use for the extracted value, depending on the location. In the case of Page location, this represents a Playwright selector |
location * | BrowserLocation | | The location of the browser where the value should be extracted. |
name * | string | | The name of the variable to store the extracted value into that will be used for injection |
origin * | string | | The URL of the page, origin of the local/session storage, or cookies where the value should be extracted. |
regex | string | null | The regex to use to extract the token from the key value. By default the entire value is taken. |
BrowserInjection
| Property | Type | Default | Description |
key * | string | | The key to use for the injected token. Its usage depends on the location. |
location * | BrowserLocation | | The location of the browser where the token should be injected |
origin * | string | | The origin of the local storage or session storage where the token should be injected |
variable * | string | | The name of a variable to retrieve to create the token's value. If not provided, the token will be infered as the first successful extraction of the procedure |
BrowserUseUserPreset
| Property | Type | Default | Description |
cookies | Dict[string, string] | null | Optional cookies injected during the authentication process and in authentified requests. |
extra_instructions | string | null | Additional instructions for Browser Use |
headers | Dict[string, string] | null | Optional headers injected during the authentication process and in authentified requests. |
password * | string | | The password that will be used to auto login |
username * | string | | The username or email that will be used to auto login |
HTTPInjection
| Property | Type | Default | Description |
key * | string | | The key to use for the injected token. Its usage depends on the location. For headers, cookies,and query parameters, this key describes the name of the header, cookie or query parameter. For a body location, the key is the field where the token should be injected within the request bodies |
location * | HTTPLocation | | The location of the HTTP request where the token should be injected |
prefix | string | null | A prefix to prepend to the token before it is injected |
variable * | string | | The name of a variable to retrieve to create the token's value. If not provided, the token will be infered as the first successful extraction of the procedure |
Enums
BrowserLocation
| Value |
page |
browser_local_storage |
browser_session_storage |
browser_cookies |
HTTPLocation
| Value |
header |
cookie |
body |
query |