Digest Authentication with Escape¶
Description¶
The Digest authentication preset implements HTTP Digest authentication.
The supported authentication method is curl --digest -u user:password example.com.
In this example, the username is user and the password is password.
Examples¶
presets:
- type: digest
users:
- username: user1
allow_failure: false
main_user: false
password: pass1
- username: user2
allow_failure: false
main_user: false
password: pass2
Extensive Configuration¶
| Property | Type | Default | Description |
|---|---|---|---|
type * |
Const[digest] |
digest |
|
users * |
List[DigestUserPreset] |
A list of users with digest credentials to create |
Objects¶
DigestUserPreset¶
| Property | Type | Default | Description |
|---|---|---|---|
allow_failure |
boolean |
false |
If false, authentication failure for this user will fail the scan. Ignored for the main user: failures for main user are always fatal. |
basic |
string |
null |
The basic to attach Reach the Login Page and attack to the HTTP requests sent for this user. |
cookies |
Dict[string, string] |
null |
Optional cookies injected during the authentication process and in authenticated requests. |
digest |
string |
null |
The digest to attach Reach the Login Page and attack to the HTTP requests sent for this user. |
headers |
Dict[string, string] |
null |
Optional headers injected during the authentication process and in authenticated requests. |
main_user |
boolean |
false |
When running a WebApp Testing scan, this indicates that the scanner must use this user when crawling. There must be only one main user per scan. If none is provided, a random user will be selected. |
password * |
string |
The Digest password of the user. | |
query_parameters |
Dict[string, string] |
null |
Optional query parameters injected during the authentication process and in authenticated requests. |
role |
string |
null |
The role of the user (e.g., admin, user). |
username * |
string |
The Digest username of the user. |