WebInspect: Create a Login Macro in Application with Pop-ups?
Hi fellow Fortify users,
Ever since the WebInspect version 20.1.0 update back in May 2020, I have not been able to scan certain applications for my internal customers. These applications very greatly, but the most problematic appear to be those that display a pop-up window after a successful login.
In the WebInspect version 19.2.0 I was able to use the Web Proxy Tool to successfully create a login macro for these scenarios. This no longer functions in 20.1.0, as when I try to use the macro, I get an "Error recording Web Macro: A Traffic Based Login Macro cannot be used." I opened a support ticket back in August 2020, but I was told to read the "Running a Basic Scan" section of the User Guide (less than helpful when you're struggling to determine if the problem is user error or software limitation).
So I'm reaching out to all of you in hopes that someone understands my issue. Is there a way to successfully create a login macro (other than Web Proxy Tool) for an application that presents a pop-up immediately after logging in?
Yes, the functionality of using session-based macros for login purposes has changed a bit with 20.1. In order to use a session-based macro, you will need to change the Rendering Engine from Macro Engine 5.0 to Session-Based.
This is mentioned in the Fortify WebInspect User Manual
Well, I answered the "other" question instead of dealing with the pop-up in the Event-Based Login Macro. If you received the pop-up during recording of the macro you should be able to click on the pop-up to dismiss it. If the pop-up is actually a new tab, there is a way to close that as well. We have a template for the second scenario if you are interested.
Hi @ebell . When I tried testing the macro, I get a TC error, specifically "Activate browser window#2 failed - Window Not Found Window Not Found," even after ensuring that the pop-up blocker in IE is now off. Is there a way to turn off the pop-up blocker in TruClient?
This web application depends on several pop-ups to complete actions, so closing the pop-ups is not what I need. Essentially, I need to get the macro to jump to the pop-up window to complete the login process. The main window in the background automatically navigates to "...close.html." This is why the Web Proxy Tool was so helpful. Any guidance is greatly appreciated!
I would have to see the site and its behavior in order to determine best actions. At this point, I would recommend opening a ticket with support or if the site is publicly accessible, if you can PM me with additional information.