#Nuclei - Authentication w/ x-www-form-urlencoded

1 messages · Page 1 of 1 (latest)

mighty escarp
#

I am trying to figure out to authenticate with my target web application, but I'm not sure Nuclei supports it.

https://docs.projectdiscovery.io/tools/nuclei/authenticated-scans#type
For authentication I only see

  • basic auth
  • query parameters
  • bearer token
  • custom request header
  • providing a cookie

but my web application is authenticated via a HTTP POST w/ Content-Type application/x-www-form-urlencoded

So, to authenticate with this web application a HTTP POST request must be made to a specific endpoint wherein the BODY contains form data.

Does anyone know how I might do this? Thanks

ProjectDiscovery Documentation
Authenticated Scans - ProjectDiscovery Documentation

Learn about scanning targets behind authentication with Nuclei

#

Nuclei - Authentication w/ x-www-form-urlencoded

vocal crescent
#

What is the out come off logging in via post. How is session maintained?

mighty escarp
#

one idea I had was to use Ansible to grab this cookie, then hand it off to Nuclei automatically