This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
bn_pep
Commander Commander
Commander
‎2021-01-13 20:36
208 views

WebInspect - Custom Headers in Login Macro

Jump to solution

Hello,

Is there a way to add custom request headers to a login macro (5.1)? We can add the custom headers to the scan configuration, but cannot find a way to add any custom headers to an event based login macro. 

WebInspect 20.2

Login Macro Builder 5.1

Thanks!

Labels (2)
Labels
Tags (2)
0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
bn_pep
Commander Commander
Commander
‎2021-01-13 21:17

Jump to solution

I found a way that seems to work. TruClient has an API for adding headers. I added my headers as the first steps in the login macro. Once the macro was finished, I made these "Evaluate Javascript" calls transactions that run through all of the steps of the macro. FYI, I used "false" for the last parameter of the function.

Evaluate Javascript

Utils.addAutoHeader (header, value, merge);

Utils.addAutoHeader (myHeader, myValue, false);

I found this information here:

https://softwaresupport.softwaregrp.com/doc/KM00702517

 

View solution in original post

0 Likes
Reply
Report Inappropriate Content
4 Replies
ebell
Micro Focus Expert
Micro Focus Expert
‎2021-01-13 20:48

Jump to solution

The only way I know of to do this would be with a proxy. What problem are you trying to overcome?

0 Likes
Reply
Report Inappropriate Content
bn_pep
Commander Commander
Commander
‎2021-01-13 21:00

Jump to solution

Hey!

I've tried that and it creates a session based macro which cannot be used in WebInspect 20.2 when using the 5.1 scanning engine. 

We have a site to scan that is protected by a firewall. The firewall can be bypassed by adding some specific headers to the request. Without the headers, you are redirected to a gatekeeper screen that is not part of the website to be scanned. 

The scanner can reach the site by adding the request headers. But this site requires authentication so we need to create a login macro for that purpose. The custom headers added to the scan setup are not sent with the macro builder's requests. This also true of the automated macro generator.

So WebInspect can reach the site, but not authenticate to it.  

0 Likes
Reply
Report Inappropriate Content
bn_pep
Commander Commander
Commander
‎2021-01-13 21:17

Jump to solution

I found a way that seems to work. TruClient has an API for adding headers. I added my headers as the first steps in the login macro. Once the macro was finished, I made these "Evaluate Javascript" calls transactions that run through all of the steps of the macro. FYI, I used "false" for the last parameter of the function.

Evaluate Javascript

Utils.addAutoHeader (header, value, merge);

Utils.addAutoHeader (myHeader, myValue, false);

I found this information here:

https://softwaresupport.softwaregrp.com/doc/KM00702517

 

View solution in original post

0 Likes
Reply
Report Inappropriate Content
ebell
Micro Focus Expert
Micro Focus Expert
‎2021-01-13 21:41

Jump to solution

One of the things I enjoy about this product is you learn something new everyday. Being in support, the frustrating thing is not finding the answer before the customer! 🙂

Good information. If it doesn't work open a ticket with support and we can take a "closer look".

Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.