For web applications with a login module, Beagle Security allows you to submit a recording of the login sequence in order to improve the efficiency of the automated penetration tests.
To record the login sequence of an application, you'll have to first download the Beagle Login Recorder extension from the application settings.
Please note that providing user credentials for CMS websites may alter data on your website during testing.
A few points to note while recording a login sequence:
Do not use the login credentials of an admin account. It is advised to create a separate user account specifically for the automated penetration testing purpose on Beagle Security.
It is recommended to record an application's login sequence in incognito mode (Note: Extensions are not available by default in incognito mode. You'll have to enable extensions by going to More tools > Extensions).
After completing the login sequence, you don't have to navigate around the specific web application- you can stop the recording and submit it as soon as you're logged in to the application.
Using the Beagle Login Recorder Extension
To get started, install the Beagle Login Recorder extension from Recorder Login in the Authentication section from within the User Iput tab in your project dashboard. Or download the plugin here.
Once the extension is installed, you'll be able to see the Beagle Security icon in the extension section next to the address bar
Open the extension, and enter your access token and application token. More on where to find them is available here
Once you complete setting up the access token and application token, click on Rec in the extension to start recording the login sequence
Enter the URL and go to the web application that you want to record the login sequence of
After you've entered the login credentials and logged in to a user account, click on Stop and then Submit your recording through the extension
Now, log in to your Beagle Security account and go to the particular application. Then go to the application settings. In the user input section, you can find the recorded login sequence available
Click on Verify to verify the credentials of the login sequence and make sure that the recording is activated
You're now ready to run a test for the application