Support
Scans

Manual Authentication in Invicti Standard

This document is for:
Invicti Standard

Manual Authentication in Invicti Standard is an authentication configuration that allows you to import requests from various file formats, such as Postman and Fiddler.

Invicti replays these requests at the beginning of a scan to implement authentication. You can also configure the logout detection so that Invicti replays these requests while the scan is in progress if logout occurs.

Manual Authentication Fields

This table lists and explains the fields in the Manual Authentication section.

FieldDescription
EnabledSelect to enable Manual Authentication. Once enabled, the Authentication Settings and Logout Detection fields are clickable.
Test CredentialsClick to test the configured settings.
Authentication SettingsThese are authentication settings you can add, edit, delete, clear, search import, or enter.
AddSelect to add a new link.
EditSelect to edit a selected link.
DeleteSelect to delete a selected link.
ClearSelect to clear imported links.
SearchSelect to toggle the find panel.
From FileSelect the file type from the list.
From URLSelect the file type from the list.
Enter LinksSelect to enter links manually.
MethodThis is the method of imported HTTP requests.
URLThis is the URL from the imported requests.
Logout DetectionThis section contains the logout detection options.
NoneThis is if you want no logout detection.
Redirect BasedThis enables redirect-based detection by entering a Redirect URL.
Keyword BasedThis enables keyword-based detection by entering a Keyword Pattern and checking Is Regex, if the pattern is a RegEx pattern.

For further information, see How Does Logout Detection Work?, How to Configure Redirect-Based Logout Detection in Invicti Standard, and How to Configure Keyword-Based Logout Detection in Invicti Standard.

How to configure Manual Authentication with Authentication Settings in InvictiStandard

  1. Open Invicti Standard.
  2. From the Home tab, select New. The Start a New Website or Web Service Scan dialog is displayed.
  3. From the Authentication section, select Manual.
  1. Check Enabled.
  1. To add your requests, select one of the following options:
    • To add a link/API definition from a file, select an option from the From File section.  
    • To add a link/API definition, select an option from the From URL section.
    • Select Enter Links to display the Enter Links/HTTP Requests dialog.

(See Importing links and API definitions for information on how to import links for additional websites in InvictiStandard.)

  1. Select Start Scan.

How to Configure Manual Authentication with Logout Detection in Invicti Standard

  1. Open Invicti Standard.
  2. From the Home tab, select New. The Start a New Website or Web Service Scan dialog is displayed.
  3. From the Authentication section, select Manual.
  4. Check Enabled.
  5. Select the Logout Detection tab.
  1. To add your requests, click:
    • None for no logout detection
    • Redirect Based for display the Redirect URL field
    • Keyword Based to display the Keyword Pattern and Is Regex check

See Logout Detection.

  1. Select Start Scan.