Have a Question About the BreachLock Cloud Platform? Enter it below.

6 May, 2020

BreachLock Login Assistant

BreachLock login assistant is a user-friendly interactive method to run authenticated scans on your Web Applications.

Now, BreachLock does allow you to run an authenticated scan on your web applications even without the login assistant. You can do this by simply going to “scans” section for the Web Application Scanning (DAST) module of the BreachLock SaaS platform and providing the credentials in any one the below mentioned places:

1) Click on the “Add New scan” button on the scan section and providing the login credentials while adding the asset for the Web Application Scanning (DAST).

2) If your Web application is already present in the “Scans” section, then you can use the “edit scan” button under “Actions” to provide us the credentials and run authenticated scans

But if you don’t want to provide us the login credentials over here or think that this is too much work. You can rely on the BreachLock login assistant.

Using the BreachLock login assistant, you can either provide us with a session cookie or record your login sequence, and our Web Application (DAST) scanner will use the same data to log in to your web application.

What are the best practices to use BreachLock Login Assistant?

While using the BreachLock login assistant, we would recommend you keep a few things in mind:

1) You are not using the BreachLock login assistant in an incognito tab.

2) We recommend you use the BreachLock login assistant in an entirely new chrome window. You should be logged into the BreachLock SaaS platform in one of the tabs.

Where will you get the BreachLock Login Assistant?

To download the BreachLock Login Assistant click here.

You can also download it from the BreachLock SaaS platform by navigating to the “Edit Scan” under “Scans section

Once downloaded, you need to add it as a browser extension for chrome.

As you can see in the above image you have two methods you can choose from:

Method 1: Authentication using session token.

Method 2: Authentication using the recorded login sequence.

Authentication using session token: This will record the session cookie and use them to run authenticated scans.

1) Click on the chrome extension and choose Method 1.

2) Click on “Get Started.”

3) Go to the login page of your web application and click “Continue.”

4) Log in to your web application and click “Continue.”

5) Unselect the non- relevant cookies to do not want to share and click continue.

6) You will be asked for an “Authentication Token.”

You can get the “Authentication Token” from https://app.breachlock.com/assets/ and then clicking on the “API Key” under actions.

After entering the authentication token, we will record the session token and an authenticated DAST scan will begin on the web application in the next 10 minutes.

Authentication using the recorded login sequence: This will record the login sequence you use to login to your web application and helps our DAST scanner follow the same trail. 

1) Click on the chrome extension and choose Method 2.

2) Click on “Get Started.”

3) Click on “Start Recording.”

4) Log in to your web application and click “Stop Recording.”

5) Unselect the non- relevant steps to do not want to share and click continue.

6) You will be asked for an “Authentication Token.”

You can get the “Authentication Token” from https://app.breachlock.com/assets/ and then clicking on the “API Key” under actions.

After entering the authentication token, we will record the session token and an authenticated DAST scan will begin on the web application in the next 10 minutes.