Configure HTTP authentication

By modifiying the profile file, it is possible to create an authenticated scan. There are various kinds of Authentication:

  • Authenticated cookie
  • Configure an HTTP Basic/Digest authentication
  • Configure a Bearer (token based) authentication

Authenticated cookie

This method is probably the easiest one. The first step is to obtain a cookie that was authenticated. In order to do so, you can login into your web application and then extracts the value of the cookie that was returned by the server in order to identify your session. To grab the cookie, you can use one the many available HTTP proxies.

Once you have the cookie, you need to modify the given scan profile. In the profile, you have to identify the XML element AdditionalCookies which is a child of the XML element HttpRequestorSettings:

Profile > HttpRequestorSettings > AdditionalCookies

Once identified, you have to add a new XML child named Cookie with two other children named Name and Value. An example of configuration is the following:

<AdditionalCookies>
    <Cookie>
        <Name>Cookie Name</Name>
        <Value>Cookie Value</Value>
    </Cookie>
</AdditionalCookies>
If you need more than one cookie for the authentication just add more Cookie elements to the AdditionalCookies element. Once you've done that, Taipan will insert the configured cookie in all its requests.

Configure an HTTP Basic/Digest authentication

To configure an HTTP Basic/Digest authentication, it is necessary to modify the scan profile used. You need to identify the XML element AuthenticationInfo which is a child of the XML element HttpRequestorSettings:

Profile > HttpRequestorSettings > AuthenticationInfo

Once identified, you have to add the children Type, Username and Password, where Type must assume one of the value:

  • Basic
  • Digest

All the other items must be empty. An example of configuration is the following:

<AuthenticationInfo>
    <Type>Basic</Type>
    <Username>admin</Username>
    <Password>admin</Password>
    <Token></Token>
    <Enabled>true</Enabled>
    <LoginPattern />
    <LogoutPattern />
    <DynamicAuthParameterPatterns />
</AuthenticationInfo>

Configure a Bearer (token based) authentication

To configure a Bearer authentication (also known as token based authentication), it is necessary to modify the scan profile used. You have to identify the XML element AuthenticationInfo which is a child of the XML element HttpRequestorSettings:

Profile > HttpRequestorSettings > AuthenticationInfo

Once identified, you have to add the children Type and Token, where Type must get the Bearer value. All other items must be empty. An example of this configuration is the following:

<AuthenticationInfo>
    <Type>Bearer</Type>
    <Username></Username>
    <Password></Password>
    <Token>1234567890qwertyuiop</Token>
    <Enabled>true</Enabled>
    <LoginPattern />
    <LogoutPattern />
    <DynamicAuthParameterPatterns />
</AuthenticationInfo>

By clicking "Continue" or continuing to use our site, you acknowledge that you accept our Privacy Policy. We also use cookies to provide you with the best possible experience on our website. Feel free to check out our policies anytime for more information. Continue