Get a demo
Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Scans

Manual Authentication

This document is for:
Invicti Standard

Manual Authentication in Invicti Standard is an authentication configuration that allows you to import requests from various file formats, such as Postman and Fiddler. Invictireplays these requests at the beginning of a scan to implement authentication. You can also configure the logout detection so that Invicti replays these requests while the scan is in progress if logout occurs.

Manual Authentication Fields

This table lists and explains the fields in the Manual Authentication section.

Field

Description

Enabled

Select to enable Manual Authentication. Once enabled, the Authentication Settings and Logout Detection fields are clickable.

Test Credentials

Click to test the configured settings.

Authentication Settings

These are authentication settings you can add, edit, delete, clear, search import or enter.

Add

Click to add a new link.

Edit

Click to edit a selected link.

Delete

Click to delete a selected link.

Clear

Click to clear imported links.

Search

Click to toggle the find panel.

Import From File

Click to select file type from dropdown list.

Enter Links

Click to enter links manually.

Method

This is the method of imported HTTP requests.

URL

This is the URL from the imported requests.

Logout Detection

This section contains the logout detection options.

None

This is if you want no logout detection.

Redirect Based

This enables redirect based detection by entering a Redirect URL.

Keyword Based

This enables keyword based detection by entering a Keyword Pattern and checking Is Regex, if the pattern is a RegEx pattern.

For further information, see How Does Logout Detection Work?, How to Configure Redirect-Based Logout Detection in Invicti Standard, and How to Configure Keyword-Based Logout Detection in Invicti Standard.

How to Configure Manual Authentication with Authentication Settings in Invicti Standard

  1. Open Invicti Standard.
  2. The Start a New Website or Web Service Scan dialog is displayed.
  3. Click the Manual tab. The Manual Authentication section is displayed.

  1. Check Enabled.

The Authentication Settings tab is displayed.

  1. To add your requests, click:
    • Add to display the Add New Link dialog
    • Import From File to display the Import from File dropdown
    • Enter Links to display the Enter Links/HTTP Requests dialog

(See Configuring Additional Websites for information on how to import links for additional websites in Invicti Standard.)

  1. Click Start Scan.

How to Configure Manual Authentication with Logout Detection in Invicti Standard

  1. Open Invicti Standard.
  2. From the Home tab, click New. The Start a New Website or Web Service Scan dialog is displayed.
  3. Click the Manual tab.
  4. Check Enabled.
  5. Click the Logout Detection tab.

  1. To add your requests, click:
    • None for no logout detection
    • Redirect Based for display the Redirect URL field
    • Keyword Based to display the Keyword Pattern and Is Regex check

See Logout Detection.

  1. Click Start Scan.
Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Not found what you're looking for?

Open a ticket and our technical support team will assist you quickly.

Open a ticket This will redirect you to the ticketing system.