Articles on: Getting Started (Pentest)

How to record a login sequence with Astra Login Recorder Chrome extension

If you have authentication set up on your target, you can configure Astra to scan behind login like an authenticated user. You can Recording a Login Sequence using Astra's Google Chrome Extension, which will be replayed during your scan.

If you need assistance with recording a login sequence - create a support ticket or reach out to your account manager

Step 1 - Download the Chrome Extension





Visit the Chrome Web Store for Astra Login Recorder Extension and click on Add to Chrome
Once installed, you will see the blue Astra Security icon in your browser extension toolbar


Step 2 - Record the Login Sequence



Before recording, please make sure you logout of the application and clear all cookies for the application so that none of the browser settings from an existing session are present
Do NOT log out of the application, or navigate to any other pages before you stop the recording

Click on the Astra Login Recorder Extension icon to open the pop-up
Enter the URL of the Login Page of your application



Click on Start Recording button to begin recording. A new Chrome Tab will open with the login page opened.



You now have to log in to the application like you normally do. All actions you take in this tab will be captured and replayed by our scanner.

Make sure you perform all actions such as clicking in the cookie consent pop-up, entering the credentials (avoid auto-fill by the browser), clicking on the submit button etc.



Once you are successful logged in, open the extension pop-up and click on Stop Recording button

Step 3 - Verify the Login Recording



Before verifying the login recording, please make sure you logout of the application and clear all cookies for the application so that none of the browser settings from the recorded session are present

In the pop-up, click on the Verify Recording button to replay the recording & verify it.
If the extension is not able to log in to the application correctly, you may have to record the sequence again.
Now download recording file (json file) by clicking Download



Step 4 - Upload the Login Recording



Login to your Astra Dashboard, and open the Scanner Setup for your target
Navigate to Step 3 - Login Recording and upload the login recording .json file downloaded from the extension
Click on Save & Next to complete any remaining configuration

To make sure Scan behind Login is configured correctly, check the Summary step for any errors. Don't forget to configure Login credentials for different User Roles.

Updated on: 13/08/2022

Was this article helpful?

Share your feedback

Cancel

Thank you!