Logged In: false
Session ID:
Username:

Cx GabeN's DAST Testing Tools

Universal Endpoints

Common Tasks
Log Out
Payload Information
GET /auth/logout
HEAD
n/a
BODY
n/a
Get Current User Information
Payload Information
GET /api/whoami
HEAD
n/a
BODY
n/a
Generate a Token
Payload Information
GET /api/token
HEAD
n/a
BODY
n/a
Get Client ID and Client Secret
Payload Information
GET /api/clientinfo
HEAD
n/a
BODY
n/a

Classic Web Authentication Samples

"Classic" authentication methods don't use JavaScript. All the elements are present in the page source upon visiting it and none of the elements are loaded after the document loading.

Form-based Login

Form-based logins send POST requests with a content type of "x-www-form-urlencoded"

Form-based Login
Go to Example
Payload Information
POST /auth/form/standard
HEAD
Content-type: x-www-form-urlencoded
BODY
username={%username%}&password={%password%}
Form-based Login with CSRF Token
Payload Information
POST /auth/form/withcsrf
HEAD
Content-type: x-www-form-urlencoded
BODY
username={%username%}&password={%password%}&csrf=???
Form-based Login with Secret
Go to Example
Payload Information
POST /auth/form/withsecret
HEAD
Content-type: x-www-form-urlencoded
BODY
username={%username%}&password={%password%}&secret=???
JSON-based Login

Form-based logins send POST requests with a content type of "application/json"

JSON-based Login
Go to Example
Payload Information
POST /auth/json
HEAD
Content-type: application/json
BODY
{
  "username": "{%username%}",
  "password": "{%password%}"
}
JSON-based Login with CSRF Token
Payload Information
POST /auth/json/withcsrf
HEAD
Content-type: application/json
BODY
{
  "username": "{%username%}",
  "password": "{%password%}",
  "csrf": "???"
}
JSON-based Login with Secret
Payload Information
POST /auth/json/withsecret
HEAD
Content-type: application/json
BODY
{
  "username": "{%username%}",
  "password": "{%password%}",
  "secret": "???"
}

Header-based Testing

Generate a Token
GET /api/gettoken
Get Client ID and Client Secret
GET /api/getclientauthinfo
Header-based Session Testing

Header-based logins expect some data in the header to successfully authenticate.

Generate a Token
GET /api/generatetoken
Bearer Token
GET /login/json
Authorization: Bearer {%token%}
Client ID and Secret
GET /login/json
client_id: {%username%}
client_secret: {%password%}
Client ID and Secret with Cookie
POST /login/json
Content-type: application/json
Cookie: SESSID={%token%}
client_id: {%username%}
client_secret: {%password%}

Complex Authentication Samples

SSO-based Login
Azure SAML Login
Payload Information
POST /login/saml/azure
HEAD
n/a
BODY
<samlp:Response ID="_abcd-1234..." Version="2.0">
...
HMAC-based Login
HMAC Authentication
GET /login/hmac
X-API-Key: {%secret%}
X-Timestamp: {%timestamp%}
X-Signature: {%hash%}
HMAC Authentication (Second Sample)
A second hmac endpoint to ensure that the message matching is working correctly.
GET /login/hmac/additional
X-API-Key: {%secret%}
X-Timestamp: {%timestamp%}
X-Signature: {%hash%}

Token-based

Token-based via Form Auth Token-based via JSON Auth (JWT)

Classic Status Checks

Get User Info via API
[There's a secret link here when you're logged in]

Modern Web Application

Modern applications tend to use JavaScript and AJAX requests to make outbound requests to trigger actions on the pages. The contents of the page may not necessarily exist initially on the page source.

(Still working on setting these examples up)

Modern Status Checks

These appear after a second through JavaScript