Dynamic Auth

[tarunKoyalwar]

Dynamic Auth

Dynamic Auth is auth specification where a secret is exchanged for another.
Example: Login using username and password will return a Session cookie or header which represents the state
Here both username,password and obtained session cookie/header are secrets

Dynmaic Auth is now supported in nuclei by leveraging nuclei-templates and its extensive library of default login templates etc. Below is format of dynamic auth

id: pd-nuclei-auth-test

info:
  name: ProjectDiscovery Test Dev Servers
  author: pdteam
  description: |
    This is a auth file for ProjectDiscovery dev servers.
    It contains auth data of all projectdiscovery dev servers.

# Note: this is a dummy example file. none of the secrets here are real.

# dynamic secrets (powered by nuclei-templates)
dynamic:
  - template-path: /path/to/wordpress-login.yaml
    variables:
      - name: username
        value: pdteam
      - name: password
        value: nuclei-v3.2.0
    type: Cookie
    domains:
      - localhost:8080
    cookies:
      - raw: "{{wp-global-cookie}}"
      - raw: "{{wp-admin-cookie}}"
      - raw: "{{wp-plugin-cookie}}"

Flow / Execution

• If a domain / domain-regex is matched then callback for dynamic secret fetching is triggerred
• template present at given path is first executed using variables defined in variables section
• after successful execution of template the obtained extractor values ( both dynamic and named ) are used to evaluate fields defined below (i.e cookies.raw here which contains a placeholder for value of wp-global-cookie )
• a validation is done to verify all secrets are valid by checking if there still exists a unresolved variable