Headers Authentication with Escape¶
Description¶
The 'Headers' authentication preset is a straightforward, manual authentication method:
- Manual Token Injection: Authentication is achieved by manually injecting tokens or credentials into the request headers. No authentication request is necessary.
- Static Credentials: User credentials are static and defined in advance, making setup simple.
- Optional Cookies: Cookies can be injected as well, directly encoded in the
Cookie
header or one by one in thecookies
key. - Token Expiry Consideration: A key aspect to consider is that since tokens are manually set, they may expire, necessitating regular manual updates to maintain access.
This preset is ideal for scenarios where authentication can be handled via predefined headers, but users should be mindful of the need to regularly update tokens or credentials to avoid access issues.
Examples¶
presets:
- type: headers
users:
- username: user1
main_user: false
headers:
Authorization: Bearer user1Token
- username: user2
main_user: false
cookies:
session_id: '1234567890'
headers:
Authorization: Bearer user2Token
Extensive Configuration¶
Property | Type | Default | Description |
---|---|---|---|
type * | Const[headers] | headers | |
users * | List[ HeadersUserPreset] | A list of users with basic credentials to create |
Objects¶
HeadersUserPreset¶
Property | Type | Default | Description |
---|---|---|---|
basic | string | null | The basic to attach Reach the Login Page and attack to the HTTP requests sent for this user. |
cookies | Dict[string, string] | null | Optional cookies injected during the authentication process and in authentified requests. |
digest | string | null | The digest to attach Reach the Login Page and attack to the HTTP requests sent for this user. |
headers * | Dict[string, string] | The headers of the user. | |
main_user | boolean | false | When running a frontend DAST scan, this indicates that the scanner must use this user when crawling. There must be only one main user per scan. If none is provided, a random user will be selected. |
query_parameters | Dict[string, string] | null | Optional query parameters injected during the authentication process and in authentified requests. |
username * | string | The name of the user. |