How to fix Scan Behind Login errors?
If you have configured the Scan Behind Login feature but the login recording is giving errors, it could be because of the following reasons listed below:
CAPTCHA solutions are designed to stop automated systems, and only allow human beings. It is often seen that these block automated vulnerability scanners.
If you are scanning a non-production site, you can choose to disable the server side captcha verification. This will require some code level changes in your application.
You can either disable the verification entirely, or choose to only disable it for the Astra Vulnerability Scanner. To identify the scanner, you can add a unique HTTP header from the Scanner Setup.
You can login to the application in your browser to capture an authenticated cookie. You can then add this in the Extra Headers step in the Scanner Setup.
If you need assistance with recording a login sequence - create a support ticket or reach out to your account manager
Login page is protected by a Captcha
CAPTCHA solutions are designed to stop automated systems, and only allow human beings. It is often seen that these block automated vulnerability scanners.
Solution 1: Disable the captcha verification
If you are scanning a non-production site, you can choose to disable the server side captcha verification. This will require some code level changes in your application.
You can either disable the verification entirely, or choose to only disable it for the Astra Vulnerability Scanner. To identify the scanner, you can add a unique HTTP header from the Scanner Setup.
Solution 2: Use HTTP Header method
You can login to the application in your browser to capture an authenticated cookie. You can then add this in the Extra Headers step in the Scanner Setup.
If you need assistance with recording a login sequence - create a support ticket or reach out to your account manager
Updated on: 08/11/2022
Thank you!