Authenticated Scans

[Sh4d0wHunt3rX]

I'm not sure if BBOT currently supports this or not, that would be great if BBOT can login to the sites and get much info and links from logged in sections.

I noticed in Nuclei, they recently created "authenticated scans" feature as explained here:

https://docs.projectdiscovery.io/tools/nuclei/authenticated-scans

[TheTechromancer]

Interesting. I'd be curious to get @liquidsec's take on this, but I'm a bit skeptical. This seems like a huge amount of complexity to manage. The specification seems sensible, but I have a lot of questions about the code. You give it a username and password, but how does it know where the login page is? How does it know what a successful login looks like? How does it know what a valid session looks like, or when the session expires? Does it know how to get a refresh token? It's a nice idea but it seems like it would be a complete nightmare to maintain.

[Sh4d0wHunt3rX]

More info on this can be found here, maybe helpful:
https://blog.projectdiscovery.io/scanning-login-protected-targets-with-nuclei/
https://github.com/projectdiscovery/nuclei/tree/dev/pkg/authprovider/authx

Burpsuite has also authenticated scan feature, not sure how much these are related:

Also, I noticed an authenticated scan feature in a irrelated service, maybe helpful:
https://www.getstark.co/blog/authenticated-url-scanning/

[liquidsec]

I'm also extremely skeptical of this. I have a hard time imagining a lot of use cases where adding a header (which we support now) wouldn't be enough - and that those cases would justify an extremely complicated component for managing this.