Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Application Security Platform
Authentication

Convert Selenium scripts to Invicti LSR files

This document is for:
Invicti Platform

Selenium is a tool that allows you to automate browser actions. It is often used by QA engineers to automatically and efficiently test the functionality of web applications. You can create Selenium scripts that examine the specific functionality of a web application, ensuring that it produces the expected results.

One of the types of pages that you need to test in the case of most web applications are login pages. Selenium scripts are often used to ensure that changes in the web application do not break the login functionality. These Selenium scripts can be converted and used by Invicti Platform to log in to the site as part of the security scan.

The pre-recorded login sequence setting in Invicti supports Selenium Login Scripts. The login actions are taken from the Selenium script and the simple form feature is used to identify any restricted links, such as Logout links, and the session detection pattern. This article shows you how to convert a Selenium script into an Invicti LSR file via the Invicti UI and via the Command Line.

Prepare the Selenium login script

  1. Confirm that the Selenium Login Script is working as expected. You can do this in Selenium using the Play button to confirm that all the steps are executed correctly. Use the Timer drop-down to configure the playback speed.
  2. Save the Selenium Login Script to a file.

Convert a Selenium script using Invicti UI

  1. Select Inventory > Target > Edit target for the asset to which you want to add the Selenium Script.
  2. In Authentication > Authentication method drop-down select Login Sequence Recorder.
  3. Click New sequence drop-down > from Selenium and choose the Selenium script saved earlier.

Import Selenium login script file to Invicti Platform.

  1. The Login Sequence Recorder will open the Selenium script, convert it to a login sequence, and run through the actions identified. In addition, it will automatically identify any logout links and the session detection pattern. Click OK on the pop-up stating that the script was imported successfully.

Successfully imported Selenium script file to built-in Login Sequence Recorder.

  1. Confirm the restricted links and the identified session detection pattern. Click Save at the top of the LSR window when done.
  2. You will be taken back to the Target Settings page and the new LSR file will be attached to the target. Click Save target configuration to confirm the changes or Save and scan to launch the new scan.

Convert a Selenium script using Standalone LSR

You can also convert Selenium Login Script files to Login Sequence Recorder files using the Standalone LSR. For more information on installation of the Standalone LSR, refer to the following documents: Install the standalone LSR on Windows or Install the standalone LSR on Linux.

Convert a Selenium script to LSR file using Standalone LSR UI

  1. Open Invicti LSR Login Sequence Editor
  2. Click the Selenium Import button and upload your Selenium script file.

Import Selenium login script into standalone Login Sequence Editor.

  1. The Login Sequence Editor will open the Selenium script, convert it to a login sequence, and run through the actions identified. In addition, it will automatically identify any logout links and the session detection pattern. Click OK on the pop-up stating that the script was imported successfully.

Successfully imported Selenium script file into standalone Login Sequence Editor.

  1. Click the Save as button at the top of the screen.
  2. You can now upload the .lsr file to your Invicti Target’s settings page in the Authentication > Login Sequence Recorder section.

Uploaded *.lsr file in the Target's setting page in Invicti Platform.

Convert a Selenium script to LSR file from the Command Line

This method can be useful if you need to convert many Selenium scripts into LSR files. You can then use the Invicti Platform API to auto-attach the scripts to targets.

  1. Open Command Prompt.
  2. Change the directory to C:\Program Files (x86)\Invicti LSR\.
  3. Execute the node lsr generate command:

on Windows:

node lsr generate --sourcetype selenium
 --source your_source_selenium_file
 --destination the_destination_LSR_file

For example:

node lsr generate --sourcetype selenium
 --source "C:\users\admin\Downloads\testphp_login.side"
 --destination "C:\users\admin\Downloads\testphp_login.lsr"

on Linux:

./node lsr generate --sourcetype selenium
 --source your_source_selenium_file
 --destination the_destination_LSR_file

  1. The Login Sequence Recorder will load the Selenium file and create login actions. It will then proceed with verifying login actions as well as identifying restricted links and a valid session detection pattern. This might take some time to complete. Progress will be visible in the command prompt window.

Converting Selenium login script file using Windows Command Line and standalone Login Sequence Recorder.

  1. You can now upload the resulting .lsr files to the Authentication > Login Sequence Recorder section in a Target settings page for different targets or use the Invicti API to attach the LSR to a specific target.

Uploaded *.lsr file in the Target's setting page in Invicti Platform.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Share This Article