Is it possible to proceed a web app scan with credentials on Nessus (free version) on a website that sends requests to other sites during the authentication phase? Or if not, maybe using the PRO version would make it possible?

Hi all,

I have an issue on Nessus. I'm performing a Web App Scan with Credentials for a client. The method I used is a HTTP login form.

The pattern is as follows :

I have a first website called for example, "example.com". I've entered its IP address for the audit. When I go on this website, it automatically redirects me to a second website, let's say "access-example.com" that has another IP address. I enter my credentials on this second website and when I submit them, after analyzing the traffic, I can see the POST request is sent to a third website that I'll call "account-example.com". This third website has the same IP Address than the first one.

Configuration of the HTTP login form :

  1. I've entered my Username and Password.
  2. The page where I enter my credentials is the second one, "access-example.com". So I've put its URL onto "Login Page"
  3. Then, the login submission page is the page where the POST "request" is sent, so "account-example.com".
  4. Login parameters : I've entered the parameters that I can see in the POST request (with a loginID, password, sessionExpiration, etc.)
  5. Check authentication on page : "example.com/dashboard" so I've entered "/dashboard"
  6. Regex to verify successful authentication : I've entered a word in the "/dashboard" page that I can read from my browser's console.

With that configuration, I got an error in the Vulnerabilites menu : HTTP login page which the output is "HTTP login failed : post-authentication test failed"

I have to precise that when I log in successfully, I have a GET response : a JWT authorisation from the IP address of "example.com".

In fact there are two authentication methods : one with the cookie (login + password) and another one with the JWT authorisation.

Thank you very much for your help,
Jeremy

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s