If you have configured the Scan Behind Login feature but the login recording is giving errors, it could be because of the following reasons listed below:

Login page is protected by a Captcha

CAPTCHA solutions are designed to stop automated systems, and only allow human beings. It is often seen that these block automated vulnerability scanners.

Solution 1: Disable the captcha verification

If you are scanning a non-production site, you can choose to disable the server side captcha verification. This will require some code level changes in your application.

You can either disable the verification entirely, or choose to only disable it for the Astra Vulnerability Scanner. To identify the scanner, you can add a unique HTTP header from the Scanner Setup.

Solution 2: Use HTTP Header method

You can login to the application in your browser to capture an authenticated cookie. You can then add this in the Extra Headers step in the Scanner Setup.

If you need assistance with recording a login sequence - create a support ticket or reach out to your account manager
Was this article helpful?
Cancel
Thank you!