Is Possible Running Nuclei in website authenticate? #2149
-
Is Possible Running Nuclei in website authenticate? With owasp zap or burp suite? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Depending on the authentication scheme, you can pass in a valid authorization/session etc. header (e.g. see #1608). If you are creating your own template, you can add a "manual" authentication step, and use an extractor to retrieve the value to be reused, or if the target application uses cookies, you could probably also create a dedicated template only for authenticating to a specific host and make it part of a workflow. This should also work since nuclei stores all the cookies in a cookie jar. |
Beta Was this translation helpful? Give feedback.
Depending on the authentication scheme, you can pass in a valid authorization/session etc. header (e.g. see #1608).
If you are creating your own template, you can add a "manual" authentication step, and use an extractor to retrieve the value to be reused, or if the target application uses cookies, you could probably also create a dedicated template only for authenticating to a specific host and make it part of a workflow. This should also work since nuclei stores all the cookies in a cookie jar.