Form authentication – Introduction of custom scripts
At times, you may need to adjust Invicti's automatic authentication to better fit your website. With custom scripting support, you can automate your website’s form authentication process. Below are some example scenarios:
- Your login form requires selecting a department from a box or dropdown menu instead of just entering a username and password.
- The submit button on the login form is not a standard HTML button.
- The page contains multiple forms, and Invicti detects the wrong one (e.g., identifying a signup form instead of the login form).
- The login form does not initially appear in the DOM and requires clicking a link to reveal it, such as in a virtual login dialog.
- The authentication process involves multiple steps, including visiting one page to retrieve a cookie, another to enter the username, and a third to enter the password.
- Invicti is unable to locate the login form due to other complexities.
Custom scripts for form authentication in Invicti Enterprise and Invicti Standard are written in JavaScript and run within the context of form authentication pages. This allows you to access and manipulate the page’s DOM. The script executes once the page has fully loaded, enabling you to use any modern browser-supported HTML API to locate and populate the login form elements.
TIP: |
For documents relating to custom scripts for form authenticators, refer to the following links:
- Create and verify custom scripts for form authentication in Invicti Standard
- Create custom scripts for form authentication in Invicti Enterprise
- Form authenticator custom scripts editor fields - this is a shared document for Invicti Enterprise and Invicti Standard
- Form authenticator troubleshooting, tips, and tricks - this is a shared document for Invicti Enterprise and Invicti Standard