Headers Authentication with Escape¶

Description¶

The 'Headers' authentication preset is a straightforward, manual authentication method:

Manual Token Injection: Authentication is achieved by manually injecting tokens or credentials into the request headers. No authentication request is necessary.
Static Credentials: User credentials are static and defined in advance, making setup simple.
Optional Cookies: Cookies can be injected as well, directly encoded in the Cookie header or one by one in the cookies key.
Token Expiry Consideration: A key aspect to consider is that since tokens are manually set, they may expire, necessitating regular manual updates to maintain access.

This preset is ideal for scenarios where authentication can be handled via predefined headers, but users should be mindful of the need to regularly update tokens or credentials to avoid access issues.

Examples¶

presets:
-   type: headers
    users:
    -   username: user1
        main_user: false
        headers:
            Authorization: Bearer user1Token
    -   username: user2
        main_user: false
        cookies:
            session_id: '1234567890'
        headers:
            Authorization: Bearer user2Token

Extensive Configuration¶

Property	Type	Default	Description
`type` *	`Const[headers]`	`headers`
`users` *	`List[`HeadersUserPreset`]`		A list of users with basic credentials to create

Objects¶

HeadersUserPreset¶

Property	Type	Default	Description
`basic`	`string`	`null`	The basic to attach Reach the Login Page and attack to the HTTP requests sent for this user.
`cookies`	`Dict[string, string]`	`null`	Optional cookies injected during the authentication process and in authentified requests.
`digest`	`string`	`null`	The digest to attach Reach the Login Page and attack to the HTTP requests sent for this user.
`headers` *	`Dict[string, string]`		The headers of the user.
`main_user`	`boolean`	`false`	When running a frontend DAST scan, this indicates that the scanner must use this user when crawling. There must be only one main user per scan. If none is provided, a random user will be selected.
`query_parameters`	`Dict[string, string]`	`null`	Optional query parameters injected during the authentication process and in authentified requests.
`username` *	`string`		The name of the user.