Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Scans

Invicti Standard – Form authentication – Create and verify custom scripts

This document is for:
Invicti Standard

This document describes how to open the custom scripts editor, create custom scripts for form authentication, and execute scripts on multiple pages in Invicti Standard.

How to open the custom scripts editor

To open the Custom Scripts Editor and create custom scripts you can either watch this video (on YouTube) or follow the steps below:

  • From the Home tab, select New.

  • Select Form from the Authentication section on the dialog window that appeared.

  • Check the Enabled checkbox.
  • Enter the Login Form URL.

  • Under the personas section, click to add the Username and Password.

  • Select Custom Scripts.

  • The Custom Scripts editor is displayed and ready for your input.

To configure custom scripts, follow the steps in the next section.

How to create custom scripts

Invicti Standard has a built-in Java script generator. On the right side of the window, the preview of the login form page is displayed.

  • On the left side, click Clear to clear out the default script.

  • In the preview on the right, right-click on the form elements and select Generate CSS Code. Repeat this for the remaining fields and the Submit button. You can set a delay time for the Submit buttons by clicking Generate CSS Code with Delay.

  • When you right-click the menu items, a single line of code is inserted into the script editor in the left panel. The generated code for each element may be different.

  • Apart from generating the JavaScript code, you can write your own code in the script editor in the left panel. Any html, JavaScript, DOM API that is supported on a modern browser is supported here, too.
  • To amend the delay, locate the code value for this, and amend it as needed. The default value is set to 2000.

NOTE:

Invicti generates a JavaScript code that sets a value for the input fields. For other elements, such as a button or an anchor, the generated JavaScript code allows Invicti Standard to click on that element.

  • Select Test Script. Depending on the complexity of the form, the length of the generated code, and any delays you may introduce in the script, the testing process may take time.

  • If your script is working as expected, click OK.
  • Back on the Start a new website or web service scan > Form Authentication window, click Verify login & logout, and wait for Invicti Standard to complete the verification process.

  • Select OK once you see a logged-in view in the left panel.

How to execute scripts on multiple pages

You can write and use custom scripts if your form authentication consists of multiple pages or has redirects. For most of these scenarios, a single page of custom script will help you authenticate with the website.

The video below shows a form authentication scenario where the username (an email address in this example) is entered on the first page and the password is entered on the next page.

Since there is a brand new document context after each page is loaded, you need to enter your custom script code to separate pages dedicated to that page. Invicti Standard provides you with the opportunity to execute your custom script code after each page navigation during the form authentication process. All you need to do is create script pages on this window and write the corresponding piece of code for that page.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports