I have an issue on Nessus. I'm performing a Web App Scan with Credentials for a client. The method I used is a HTTP login form.
The pattern is as follows :
I have a first website called for example, "example.com". I've entered its IP address for the audit. When I go on this website, it automatically redirects me to a second website, let's say "access-example.com" that has another IP address. I enter my credentials on this second website and when I submit them, after analyzing the traffic, I can see the POST request is sent to a third website that I'll call "account-example.com". This third website has the same IP Address than the first one.
Configuration of the HTTP login form :
- I've entered my Username and Password.
- The page where I enter my credentials is the second one, "access-example.com". So I've put its URL onto "Login Page"
- Then, the login submission page is the page where the POST "request" is sent, so "account-example.com".
- Login parameters : I've entered the parameters that I can see in the POST request (with a loginID, password, sessionExpiration, etc.)
- Check authentication on page : "example.com/dashboard" so I've entered "/dashboard"
- Regex to verify successful authentication : I've entered a word in the "/dashboard" page that I can read from my browser's console.
With that configuration, I got an error in the Vulnerabilites menu : HTTP login page which the output is "HTTP login failed : post-authentication test failed"
I have to precise that when I log in successfully, I have a GET response : a JWT authorisation from the IP address of "example.com".
In fact there are two authentication methods : one with the cookie (login + password) and another one with the JWT authorisation.
Thank you very much for your help,