Custom Scripts for Form Authentication
Occasionally, you will need to modify Acunetix 360's automatic authentication so that it is suited to your website. Custom scripting support enables you to automate your website’s form authentication process. Here are some sample scenarios:
- If your login form is not a regular login form with two input fields, you may need to select a department from a box or a dropdown menu
- The submit button on login form is not a regular HTML button
- There are multiple forms in the login form page and Acunetix 360 is unable to detect the correct form (for example, Acunetix 360 locates the signup form on the same page)
- The login form page is not present in the DOM by the time the page loads, but you need to click a link to make login form appear on the page, usually in a virtual login dialog
- The authentication process consists of several page navigations, where you first visit a page to get a cookie, another to enter the username and yet another to enter the password
- Acunetix 360 is unable to locate the login form for various other reasons
Custom Script Editor
The Custom Script editor is where you author your custom scripts. It consists of two parts: a script editor and an embedded browser view.
The browser view on the right helps you preview the login form page and generate code for elements on authentication pages. This window loads the login form URL when opened.
- You can right-click elements on the page to view the context menu in order to use code generation options.
- You can generate code that either works immediately or works after a delay using the Generate element code and Generate element code (delay 2000ms) menu items respectively. When you click these menu items, a single line of code will be appended to the script editor on the left.
Executing Scripts on Multiple Pages
You can write and use custom scripts if your form authentication consists of multiple pages or has redirects. For most of these scenarios, a single page of custom script will help you authenticate with the website. This screenshot shows a form authentication scenario where the username (an email address in this example) is entered on the first page and the password is entered on the next page.
Since there is a brand new document context after each page is loaded, you need to enter your custom script code to separate pages dedicated to that page. Acunetix 360 provides you with the opportunity to execute your custom script code after each page navigation during the form authentication process. So, all you need to do is create script pages on this window and write the corresponding piece of code for that page.
Form Authentication Troubleshooting, Tips and Tricks
Q: My login form is dynamically rendered inside an inline dialog and Acunetix 360 cannot find it, how can I fill that login form?
Write a custom script that first clicks the link or button that triggers the dialog and populate the login form after a delay:
acunetix.auth.clickByQuery('#header > div.row > a:nth-child(1)'); // Trigger the login dialog
acunetix.auth.setValueByQuery('#email', username, 2000);
acunetix.auth.setValueByQuery('#password', password, 2000);
The code above will first trigger the login dialog (first line), fill username & password after 2 seconds and click the login button in dialog on 3rd second.
Q: My login form has some other fields along with username and password, how can I fill that login form?
A: Write custom script to fill username and password from current persona variables, hardcode the rest of the credentials to your script:
acunetix.auth.setValueByQuery('#LoginCode', '4815162342'); // Hard-coded extra credential
Q: How can I provide custom cookies that are required during form authentication?
A: Specify the cookies in the Custom Cookies section of the General section of your current scan profile. These cookies will be issued during the form authentication requests.
Q: How can I provide custom header values or change the user agent string during form authentication?
A: You can create a scan policy with custom header values and/or modified user agent strings and select it on the current profile during form authentication.
Q: My site requires me to visit some pages before displaying the login form URL and I cannot use the login form URL directly, how should I authenticate?
A: Use the first page that is required to be visited as the Login form URL. Then, using custom scripting, write code that performs navigation for each page that needs to be visited. You can click the HTML elements via scripting or simply use code like the following to just perform the navigation:
document.location = 'https://mysite.com/login/next_page.htm';
Q: My site performs several redirects before reaching the login form, how can I write custom script code for the login form?
A: Create custom script pages for each redirect leaving the script editor empty, and write your custom script for login form on the last page. Acunetix 360 won't run any code for pages that perform the redirect.
Q: I need to run some script code after a certain amount of time, how can I do that?
- Acunetix 360 does not have scripting support for popups opened during the form authentication process. Please use the URL loaded into the popup window as your Login form URL if that is possible.
« Back to the Acunetix Support Page