Authentication script problem

66 views
Skip to first unread message

Thoni A

unread,
Mar 26, 2021, 11:19:11 AM3/26/21
to OWASP ZAP User Group

Here I am facing a problem with the authentication. Below are the steps I followed for authentication:

  1. I load my authentication java script in context.
  2. Added Loggedin indicator(\QSign Off\E) in regex.
  3. Enabled force-mode browser.
  4. Loaded the url of demotestfire (https://demo.testfire.net/) in the firefox browser.
  5. Now, new firefox window is opened.

The problem is the opened browser window doesn’t load the page to enter the username and password. Its not doing anything. When I Disabled the forced-mode user. When I closed the previous window it opens another window and user gets logged in with script. But its keeps on opening multiple windows and doesn’t stop.

Here is my authentication Script:

var By = Java.type('org.openqa.selenium.By');

var Thread = Java.type('java.lang.Thread');

var extSel = org.parosproxy.paros.control.Control.getSingleton().

getExtensionLoader().getExtension(

org.zaproxy.zap.extension.selenium.ExtensionSelenium.class)

function authenticate(helper, paramsValues, credentials) {

print("Authenticating via JavaScript script...");

var msg = helper.prepareMessage();

var wd = extSel.getWebDriverProxyingViaZAP(1, "firefox");

wd.get("https://demo.testfire.net/login.jsp");

Thread.sleep(1000);

wd.findElement(By.name("uid")).sendKeys("admin")

wd.findElement(By.name("passw")).sendKeys("admin");

wd.findElement(By.name("btnSubmit")).click();

//Thread.sleep(1000);

helper.sendAndReceive(msg);

return msg;

}

// This function is called during the script loading to obtain a list of the names of the required configuration parameters,

// that will be shown in the Session Properties - Authentication panel for configuration. They can be used

// to input dynamic data into the script, from the user interface (e.g. a login URL, name of POST parameters etc.)

function getRequiredParamsNames(){

return [];

}

// This function is called during the script loading to obtain a list of the names of the optional configuration parameters,

// that will be shown in the Session Properties - Authentication panel for configuration. They can be used

// to input dynamic data into the script, from the user interface (e.g. a login URL, name of POST parameters etc.)

function getOptionalParamsNames(){

return [];

}

// This function is called during the script loading to obtain a list of the names of the parameters that are required,

// as credentials, for each User configured corresponding to an Authentication using this script

function getCredentialsParamsNames(){

return ["Username", "Password"];

}

Is anything wrong with my script? Can anyone provide the solution?


Regards,

Thoni

Reply all
Reply to author
Forward
0 new messages