Context: Run Nessus web application scan using Authentication credentials HTTP login form (Login Form Authentication);
Official guide does not help me with figuring out how to determine the login parameters of a web page;
I have already attempted the using JSON key value pairs (for example, {"username": "%USER%","password": "%PASS%"}) and
also followed steps to resolve the issue, using information from below listed pages:
- Web Application Vulnerability Testing with Nessus
presentation; page number:
96 - https://stackoverflow.com/a/50199945/10053482
- https://www.tenable.com/blog/scanning-web-applications-that-require-authentication
- https://community.tenable.com/s/article/How-to-Configure-Web-Application-Authentication-in-Tenable-io-WAS
- https://community.tenable.com/s/article/Credentialed-Web-App-Scanning-in-Nessus-6
But nothing helped for a web page which does not supports http URI query-string parameters based login.
Another issue that I am encountering is I am not able to debug why Authentication / Credential Info (Hosts) using HTTP cookies import (Cookie Authentication) is Failing
For this I tried changing the logs settings as listed below
log_details: yes
log_whole_attack: yes
backend_log_level: debug
But I dont see any useful information in logs to understand why the authenticated scan is failing with using Cookie Authentication
Kindly advice