Join GitHub today
4. Identities and Macros
Please note that we have a video on this topic: http://www.youtube.com/watch?v=Yw2UbKivkgQ
Identities store credential sets for the Vega automated scanner:
- HTTP Basic/Digest
- Form-based authentication (via Macros, see below)
To create an identity, click on the Identity icon in the lower right part of the scanner perspective.
Creating identities representing HTTP Basic, HTTP Digest, and NTLM credentials is straightforward.
Macros are stored requests representing client login sequences. Vega allows for the user to replay a login request made recorded by the proxy prior to an automated scan. This permits the automated scanner to authenticate itself to the application.
1. Log into the application through the proxy
You must do this so that Vega records the login request with the credentials, so that it can be replayed later automatically. Click here for a tutorial on how to use the Vega proxy.
2. Create a new identity (as depicted above)
Select macro as the credential type, and click Next.
3. Click Create macro
4. Click Add item and find the POST request for your login through the proxy
5. Highlight the item and click finish
6. Finish creating the identity, now bound to the macro you just created
7. You may now perform an authenticated automated scan (don't forget to exclude the application logout link..)
Have feedback on Vega? Our documentation? Please tell us.