AI agents are now live in Website Scanner! Enter your URL and fix website issues 3x faster with AI. Explore now!
No Result Found
Connect & Get help from 6000+ developers on our Discord community. Ask the CommunityAsk the Community

Form authentication

Learn how to configure Website Scanner to log in through a standard username and password form.

Use form authentication when your website has a single login page with username and password fields.

Before you begin

Identify the following CSS selectors on your login page:

  • Username input field selector
  • Password input field selector
  • Submit button selector

For more information, see Find CSS selectors.

Configure form authentication

  1. Navigate to the Website Scanner dashboard and click New scan.

    Website Scanner dashboard showing New scan button

  2. Select a scan mode tab: Manual mode, Sitemap, or Crawler.
  3. Add pages to scan based on your selected mode:
    • Manual mode: Enter a URL in the Enter page URL field and click Add page. Repeat for each URL, or use the dropdown to upload a CSV.
    • Sitemap: Enter a domain URL or sitemap.xml URL in the Enter domain URL or sitemap.xml URL field and click Add sitemap.
    • Crawler: Enter a starting URL in the Enter page URL field and click Start Crawl. The crawler discovers linked pages automatically.

    Create a new scan page showing the Manual mode tab with the Enter page URL field

  4. Click the settings (gear icon) to open Advanced scan settings.

  5. In the General settings tab, click Add next to Test pages behind login.

    Form authentication configuration dialog showing the Login page URL, Username, Password, and CSS selector fields

  6. Enter a configuration name.

  7. Select Form authentication from the dropdown.

    Form authentication configuration dialog showing the Configuration name field and Authentication type dropdown with Form authentication selected

  8. Optionally, enable Multifactor Authentication toggle if your login requires additional verification steps.
  9. Optionally, if your login URL changes between sessions, toggle Dynamic Login URL to on and enter the Initial page URL. Otherwise, enter the static Login page URL.
  10. Enter the Login page URL of the website you want to scan.
  11. Enter the Username and Password.
  12. Enter the CSS selectors for these fields:
    • Username selector: The CSS selector for the username input field.
    • Password selector: The CSS selector for the password input field.
    • Submit button selector: The CSS selector for the login button.
  13. Click Save & Confirm.

Your form authentication is now configured. If your login also requires MFA or uses a dynamic login URL, continue with the relevant sections below.

Add MFA to form authentication

Toggle Multifactor Authentication to on if your login requires an email-based one-time password (OTP) after entering credentials.

MFA configuration fields showing Test Email Address, OTP sending email address, Subject, OTP Format, OTP Selector, and OTP submit button selector

How MFA works

When you enable MFA, Website Scanner generates a unique test email address. Register this address on the website you plan to scan. During each scan, the scanner retrieves the OTP from that mailbox, enters it into the designated field, and completes the login.

Create an account on your website using the test email address displayed in the configuration panel before running the scan.

MFA configuration fields

Follow the table below to understand the MFA configuration fields, and fill them in accordingly:

Field Description
Test Email Address Auto-generated address. Click View all emails to inspect the inbox.
OTP sending email address The sender address (or partial match) from which the OTP email arrives. Use the contains operator for partial matching.
Subject The email subject line (or partial match) that identifies the OTP message. Use the contains operator for partial matching.
OTP Format Choose 4-digit number, 5-digit number, 6-digit number, or Regex for custom patterns.
OTP Selector CSS selector for the input field where the OTP is entered on the website.
OTP submit button selector CSS selector for the button that submits the OTP.

OTP format options

The OTP Format dropdown determines how the scanner extracts the code from the email body:

  • 4-digit number: Matches a 4-digit numeric code.
  • 5-digit number: Matches a 5-digit numeric code.
  • 6-digit number: Matches a 6-digit numeric code.
  • Regex: Enter a custom regular expression to match non-standard OTP formats.

Handle dynamic login URLs

Toggle Dynamic Login URL to on if your login page URL changes every session. This applies to URLs that include session tokens or CSRF parameters.

When enabled, the scanner does not load the login URL directly. Instead, it navigates to the initial page URL you provide and follows the login flow from there.

  1. Toggle Dynamic Login URL to on.

    Dynamic Login URL toggle in add a new configuration dialog

  2. Enter the Initial page URL. This is the page from which the login flow starts.
  3. Enter the Sign in button selector. This is the CSS selector for the button that launches the login flow from the initial page.
  4. The scanner clicks the sign-in button and reaches the login form. From there, it fills in the username and password using the selectors you already configured.

Next steps

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked





Thank you for your valuable feedback

  • ON THIS PAGE

    Is this page helping you?

    Yes
    No

    We're sorry to hear that. Please share your feedback so we can do better

    Contact our Support team for immediate help while we work on improving our docs.

    We're continuously improving our docs. We'd love to know what you liked





    Thank you for your valuable feedback!

    Talk to an Expert
    Download Copy Check Circle