

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hello,
Is there a way to add custom request headers to a login macro (5.1)? We can add the custom headers to the scan configuration, but cannot find a way to add any custom headers to an event based login macro.
WebInspect 20.2
Login Macro Builder 5.1
Thanks!
Accepted Solutions


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
I found a way that seems to work. TruClient has an API for adding headers. I added my headers as the first steps in the login macro. Once the macro was finished, I made these "Evaluate Javascript" calls transactions that run through all of the steps of the macro. FYI, I used "false" for the last parameter of the function.
Evaluate Javascript
Utils.addAutoHeader (header, value, merge);
Utils.addAutoHeader (myHeader, myValue, false);
I found this information here:
https://softwaresupport.softwaregrp.com/doc/KM00702517

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
The only way I know of to do this would be with a proxy. What problem are you trying to overcome?


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hey!
I've tried that and it creates a session based macro which cannot be used in WebInspect 20.2 when using the 5.1 scanning engine.
We have a site to scan that is protected by a firewall. The firewall can be bypassed by adding some specific headers to the request. Without the headers, you are redirected to a gatekeeper screen that is not part of the website to be scanned.
The scanner can reach the site by adding the request headers. But this site requires authentication so we need to create a login macro for that purpose. The custom headers added to the scan setup are not sent with the macro builder's requests. This also true of the automated macro generator.
So WebInspect can reach the site, but not authenticate to it.


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
I found a way that seems to work. TruClient has an API for adding headers. I added my headers as the first steps in the login macro. Once the macro was finished, I made these "Evaluate Javascript" calls transactions that run through all of the steps of the macro. FYI, I used "false" for the last parameter of the function.
Evaluate Javascript
Utils.addAutoHeader (header, value, merge);
Utils.addAutoHeader (myHeader, myValue, false);
I found this information here:
https://softwaresupport.softwaregrp.com/doc/KM00702517

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
One of the things I enjoy about this product is you learn something new everyday. Being in support, the frustrating thing is not finding the answer before the customer! 🙂
Good information. If it doesn't work open a ticket with support and we can take a "closer look".