Authentication Test

This site contains some examples of the ways web applications accept authentication. You can use these to test your scripts ability to authentication to them.

Authentication

Simple Form Authentication

Simple Form Auth

Authentication

Basic HTTP/NTLM Authentication

HTTP/NTLM Auth

Authentication

Complex Form Authentication

Complex Form Auth

Authentication

Interactive Authentication

Interactive Auth

Challenges

Challenge

Old School Cool - Delayed Login

Log into a site that sets random tarpits

Delay Challenge

Challenge

OCR a Simple CAPTCHA

Leverage in-browser OCR to bypass simple CAPTCHA codes

OCR Challenge

Challenge

Multi-Page Challenge

Log into a site that uses multiple pages to authenticate

Multi-Page Challenge

Challenge

New Window Challenge

Challenge

IFrames in Authentication

IFrame Challenge

Challenge

Cross-Site Request Forgery Tokens

Log into a site that uses XSRF tokens

XSRF Challenge

Challenge

Dynamic Field Names

Log into a site that uses dynamic field name changes

Dynamic Field Challenge

Challenge

"Security" Questions

Log into a site that uses the worst security mechanism possible

Security Question Challenge

Challenge

Time-Based One-Time Password Multi-Factor Authentication

TOTP MFA Challenge

Other Authentication

Some times of authentication do not deal with modifying form values. Sometimes you have to modify headers or even talk to third party servers to get this done.

Other Authentication

Session Hijacking

Log into a site using a hijacked session

Other Authentication

Bearer Token

Set the Authorization: Bearer t0k3nId and see if it succeeds below.

Token Not Set