613 views

WebInspect: Create a Login Macro in Application with Pop-ups?

Hi fellow Fortify users,

Ever since the WebInspect version 20.1.0 update back in May 2020, I have not been able to scan certain applications for my internal customers. These applications very greatly, but the most problematic appear to be those that display a pop-up window after a successful login.

In the WebInspect  version 19.2.0 I was able to use the Web Proxy Tool to successfully create a login macro for these scenarios. This no longer functions in 20.1.0, as when I try to use the macro, I get an "Error recording Web Macro:  A Traffic Based Login Macro cannot be used." I opened a support ticket back in August 2020, but I was told to read the "Running a Basic Scan" section of the User Guide (less than helpful when you're struggling to determine if the problem is user error or software limitation).

So I'm reaching out to all of you in hopes that someone understands my issue. Is there a way to successfully create a login macro (other than Web Proxy Tool) for an application that presents a pop-up immediately after logging in?

Thanks,

Liz

Labels (1)
0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

Yes, the functionality of using session-based macros for login purposes has changed a bit with 20.1. In order to use a session-based macro, you will need to change the Rendering Engine from Macro Engine 5.0 to Session-Based.

session-based_basic-scan.png

session-based_guided-scan.png

This is mentioned in the Fortify WebInspect User Manual

0 Likes
Micro Focus Expert
Micro Focus Expert

Well, I answered the "other" question instead of dealing with the pop-up in the Event-Based Login Macro. If you received the pop-up during recording of the macro you should be able to click on the pop-up to dismiss it. If the pop-up is actually a new tab, there is a way to close that as well. We have a template for the second scenario if you are interested.

0 Likes

@ebell Yes, I would love assistance with the second scenario. It sounds like it aligns more with my issue. Thank you for mentioning it as an option.

0 Likes
Micro Focus Expert
Micro Focus Expert

What you will do is add a step to automatically close that tab (or the unneeded tab):

ebell_0-1602886891290.jpeg

I've attached a sample macro demonstrating how this will be done and what the step looks like.

0 Likes

Hi @ebell . When I tried testing the macro, I get a TC error, specifically "Activate browser window#2 failed - Window Not Found Window Not Found," even after ensuring that the pop-up blocker in IE is now off. Is there a way to turn off the pop-up blocker in TruClient?

This web application depends on several pop-ups to complete actions, so closing the pop-ups is not what I need. Essentially, I need to get the macro to jump to the pop-up window to complete the login process. The main window in the background automatically navigates to "...close.html." This is why the Web Proxy Tool was so helpful. Any guidance is greatly appreciated!

~Liz

0 Likes
Micro Focus Expert
Micro Focus Expert

I would have to see the site and its behavior in order to determine best actions. At this point, I would recommend opening a ticket with support or if the site is publicly accessible, if you can PM me with additional information.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.