{"id":16717,"date":"2021-11-23T15:55:05","date_gmt":"2021-11-23T10:25:05","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=16717"},"modified":"2024-04-30T15:29:25","modified_gmt":"2024-04-30T09:59:25","slug":"astra-login-recorder","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/astra-product\/astra-login-recorder\/","title":{"rendered":"Astra Login Recorder &#8211; A Better Way to Secure Websites"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Gone are the days when organizations used to run and scale their offline businesses at three-toed sloth\u2019s speed. The inception of the Internet turned into a really pervasive and groundbreaking force in our life, with millions of Websites serving billions of web pages to people on a daily basis. <strong>Through various advancements, web and SaaS applications have become intelligent, dynamic and asynchronous.<\/strong> The Web&#8217;s pervasiveness and our dependence on it have made it basic to guarantee the quality and security rightness of these applications. To ensure this, <strong>the<a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/web-application-security-testing\/\" target=\"_blank\" rel=\"noreferrer noopener\"> testing of web<\/a> and <a href=\"https:\/\/www.getastra.com\/saas-vapt\" target=\"_blank\" rel=\"noreferrer noopener\">SaaS applications <\/a>have become a generally utilized strategy for validation. It is a long-standing, dynamic and diverse technique.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Today\u2019s websites and web applications are categorized as static, dynamic, animated, single-page or multi-page applications. These applications require a comprehensive set of test cases that should ensure all the quality and security checks are met and the web application is completely secured against any kind of hacking attempt or vulnerability exploit. This is where <a href=\"https:\/\/www.getastra.com\/blog\/astra-product\/introducing-our-new-security-scan-platform\/\"><strong>Astra Pentest<\/strong><\/a><strong> <\/strong>comes in.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Today, we are celebrating the launch of the Astra Login Recorder extension.<\/strong> This is the latest feature we recently added into our Astra Pentest solution (as a part of our automated vulnerability scanner) and is now available to our users.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/THLTlFOeMuleqiQL9IswYk1lfdj_MebWOSDnbXjrLbDZ90lVvp_TDMd4zCPXEqN60hZp8FsEVAfW8MKfwTci3cllrhnY4SRlPYxIePbWrvfIzcMjZu-A8tDVdllgiSzx7enpMtC5\" alt=\"Celebrating the birth of the Astra Login Recorder extension.\" width=\"433\" height=\"433\"\/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">In order to scan a website thoroughly for security weaknesses, our vulnerability scanner requires desired authentication privilege (entered by a user) so that the scanner can smoothly perform the security checks behind the login pages as well. Previously, our users needed to enter the login details into Astra\u2019s Pentest dashboard manually and it was becoming a quite time-consuming task. To solve this problem and make the process more hassle-free, <strong>we heard our users and decided to announce Astra Login Recorder into our Pentest solution.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Astra Login Recorder is available as a Google Chrome extension <\/strong>which allows you to instruct Astra\u2019s vulnerability scanner on how to automatically authenticate into your website by recording your login sequence.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"To_set_up_Astra_Login_Recorder_follow_these_steps\"><\/span><strong>To set up Astra Login Recorder, follow these steps:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 1:<\/strong> <strong>Log in<\/strong> to your Project in Astra Pentest<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 2:<\/strong> <strong>Go to <\/strong>the \u201cStart an Audit\u201d section by clicking on the <em>\u201cStart an Audit\u201d<\/em> button in the main dashboard.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/UXF31WcogLh4io6g-I7GEknDZqI8QzbT96CTlKJNxacMToIjs25k1Pjlifo9erdauqKV-QjijwmAKU1V3_LIp6dyJb5irHzv32hV1Gk-8FiMaisPzaUd-nW_AdY2UynxRRGhAlcG\" alt=\"Step 1:Log in to your Project in Astra Pentest Step 2:Go to the \u201cStart an Audit\u201d section by clicking on the Start an Audit button in the main dashboard.\" width=\"350\" height=\"350\"\/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">And then click on <strong><em>Edit<\/em><\/strong> (<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/gaCHXAb0ZQi0ZcEzZI_2k8IX6sMVrAp-a3uLoSbkkSMuWRYTiXTYApIkQl-cXbOREjvoPp4vwZT4Ey8RyK-TP4FhnQQPL-lO4NKqhs6lzaN2joM4yp9nVV8pZ55mmR-2ylk8nTxx\" width=\"21\" height=\"20\">) button to set up and configure the Scan Behind Login feature.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 3: Enter Test Credentials <\/strong>for User Roles (Eg. Admin, Customer, Super Admin etc)<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/l1QoGo8gk3L2rwNSr8dHH0LSggo7GLvb-rUacGzZItDmf856TmW7Ve9uQEtAGJkmx9te_xSMA5CFz7_HmnezJf45U8kzZNMZNAmf8zYOIAPylz_MpAkS00IdIZFAx-e3onextSE8\" alt=\"Step 3: Enter Test Credentials for User Roles\" width=\"735\" height=\"413\"\/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Click on<strong> \u201c<\/strong><strong><em>Save &amp; Next\u201d<\/em><\/strong><strong> <\/strong>button.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 4:<\/strong> Follow the steps mentioned in the Login Recording (Step 2 in dashboard) to <strong>download and configure the extension<\/strong>.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/FjnI2ucvZ-yHVb4G_Udi5SrTf4W5jtfNeQBKalVnlCMFRApfl8h8RTJhxmw7uRdZjeh69rW7FT2tFcDOlkLPqBVXgC1Kg_jSJFh57o23W3EWAsjeg7IGc3Mdx8dPYZOi5NZ1ypEk\" alt=\"Follow the steps mentioned in the Login Recording (Step 2 in dashboard) to download and configure the extension.\" width=\"730\" height=\"411\"\/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">To download and install the login recording extension from the Chrome web store, <strong>click on the Astra Login Recorder hyperlinked text<\/strong>. Upon clicking the text, It will redirect you to the Astra Login Recorder page of Google\u2019s Chrome web store.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/Mse8-fHDefVA38n1MPgfStUaeUeIgs4vXpHBs97ASrPCciBtWPDk3nto1zSscwF2vNriztVsRc6L5tzwTN8_YwlKWXd0KklVKOEPtT0OIYcWKKbds1nFrXRma_qB18VjWXkAxZ6O\" alt=\"To download and install the login recording extension from the Chrome web store, click on the Astra Login Recorder hyperlinked text.\" width=\"715\" height=\"402\"\/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">When you <strong>Add to Chrome, <\/strong>the extension will be installed on your browser. Once it is installed, you&#8217;ll be able to see the Astra Security icon in your browser.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/bzNjQMNa1fTOCl3bCCzmzeZtI22IsVM2_gSBugRAxqlqlB-oXK0pFv2GB_e4OnWJpQJESqQYN5QAtPmEbZJZvAtBn1eBnSWVBXf8zeQXYYVgYTfJ2zozc82VPgWV4clN1bA_Up-Z\" alt=\"Once added to Chrome, the extension will be installed on your browser. Once it is installed, you'll be able to see the Astra Security icon in your browser.\" width=\"716\" height=\"402\"\/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">You can now click on the extension and it will open the Login Recorder window where you can <strong>enter the login URL of your site<\/strong>. (For example: If your site is running on WordPress, your login URL might look like this: <em>www.yourwebsite.com\/login\/<\/em>)<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/HQjvyUinhddtw-n_WTYOhUdoJsUqxostezLT5VHFnaF0xlSGTAwpuPysHPYM5MrMeTRVyGfCACBDpa2E5PMTO3eaQg5eea7W3cPR2QDXvIWW7UGmRZYnCuEbS9Bj16Q25dwzxIaD\" alt=\"click on the extension and it will open the Login Recorder window where you can enter the login URL of your site. \" width=\"460\" height=\"460\"\/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Now, <strong>click on <\/strong><strong><em>\u201cStart Recording\u201d<\/em><\/strong> button after entering your login URL.&nbsp;<\/li><li>After clicking the Start Recording button, your <strong>Astra Pentest dashboard will be launched<\/strong>.&nbsp;<\/li><li>After successful login, simply click on <em>\u201cStop Recording\u201d<\/em> button.<ul><li><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/YF9CG75lpyVs5HlgdigPaBcefTOcAzLmm5Y7L5_NiXbQtWI_e51k4eFNpYba7Ipb-2nrqh8TlUbFMV6tIHYedVi31t-0Z6Lj6MrNVkVpNSl-RAzHo7XTdkBzGi3XnfxoBFrdIeuv\" width=\"161\" height=\"55\"><\/li><\/ul><\/li><li>Now, you\u2019ll be asked to verify the recording. You can verify it by clicking the <em>\u201cVerify Recording\u201d&nbsp; <\/em>button.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/6R73OQ44_UW5gnx_1_8igEinWr4LKMbGjHgnIA3S8zUSFY4TJa20PQQft4Z63y_P6JpaK9ZiMh8MltPu02E9Thdv_eTZuOYA-t-BeRPmFGtXRdjM8nW5iQ5YceXmKuFGN75iIeVo\" alt=\"You\u2019ll be asked to verify the recording. You can verify it by clicking the \u201cVerify Recording\u201d\u00a0 button\" width=\"465\" height=\"465\"\/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>After verifying the recording,<strong> a <a href=\"https:\/\/fileinfo.com\/extension\/json\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">.json file<\/a> gets created. Download this file <\/strong>by simply clicking on <em>\u201cDownload\u201d<\/em> button.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/NWIm09DKN-XQMc8b7SZAvICAM6p6IA4DHYYapNQ9AJDw4jH0dV4LkdcO37npntOHMfdfAcpeOaPwx-W_JKVOAF7puPq2D77Pt5xFmudiOU1VSmEwUFE0lbCeSxmJvf9nl_u0murK\" alt=\"After verifying the recording, a .json file gets created. Download this file by simply clicking on \u201cDownload\u201d button.\" width=\"466\" height=\"466\"\/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 5: Upload your downloaded .json file <\/strong>into your Astra Pentest dashboard.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/-No4SJZQ68o88xw725_vteMNVOXNlrikLOs2KpN1iSXwaQMw-CWlOVWiYVGlURXylhoF9O2VJ1gBIMeUEZP9nXNbLKpy7DCJAUwAiywsoTnZ71umfB0GcwlnlcqttFUeU-y5EJco\" alt=\"Astra Pentest dashboard\" width=\"718\" height=\"403\"\/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on <em>\u201cUpload Recorded File\u201d<\/em> button to upload your .json file.<\/li><li>And click on <em>\u201cSave and Next\u201d<\/em> to save your Login Recording configuration that now includes the login sequence file.<\/li><li>Your configuration for Login Recording is successfully finished. You can now start an audit for your project.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>This new Login Recording feature authenticates your website and provides the login sequence to the vulnerability scanner in order to scan the website thoroughly for any security weaknesses and exploitable vulnerabilities. <\/strong>Astra Login Recorder compliments Astra\u2019s Vulnerability Scanner to be able to work effectively with any kind of implementation of authentication within a website or web application.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As a following step, you will need to provide a bit of information to create logged in identifiers so that the scanner knows whether its logged in or not. <br><br><strong>Here is a short video guide to help you understand this step. <\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Astra Login Recorder - Keep the Automated Scanner Logged in - Step 3\" width=\"1200\" height=\"675\" src=\"https:\/\/www.youtube.com\/embed\/QLK1vU_nGKI?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Have any questions? Want to praise our amazing development team for developing this feature? Feel free to comment below.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/chrome.google.com\/webstore\/detail\/astra-login-recorder\/cmiagfjaoankehgcljkkcfoalfiakajg\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Try Astra Login Recorder today!<\/strong><\/a> Thank you \ud83d\ude42&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gone are the days when organizations used to run and scale their offline businesses at three-toed sloth\u2019s speed. The inception of the Internet turned into a really pervasive and groundbreaking force in our life, with millions of Websites serving billions of web pages to people on a daily basis. Through various advancements, web and SaaS &#8230; <a title=\"Astra Login Recorder &#8211; A Better Way to Secure Websites\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/astra-product\/astra-login-recorder\/\" aria-label=\"Read more about Astra Login Recorder &#8211; A Better Way to Secure Websites\">Read more<\/a><\/p>\n","protected":false},"author":91,"featured_media":16730,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[],"class_list":["post-16717","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-astra-product"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/16717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/91"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=16717"}],"version-history":[{"count":5,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/16717\/revisions"}],"predecessor-version":[{"id":31342,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/16717\/revisions\/31342"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/16730"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=16717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=16717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=16717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}