Authentication Test

This site contains some examples of the ways web applications accept authentication. You can use these to test your scripts ability to authentication to them.
Authentication
Simple Form Authentication

Log in to a site using very basic form authentication

Simple Form Auth
Authentication
Basic HTTP/NTLM Authentication

Log in to a site using HTTP or NTLM authentication
U=user, P=pass

HTTP/NTLM Auth
Authentication
Complex Form Authentication

Log in to a site that requires form manipulation

Complex Form Auth
Authentication
Interactive Authentication

Log in to a site requiring Multi-Factor Authentication or CAPTCHAs that are difficult or impossible to automate

Interactive Auth

Challenges

Challenge
Old School Cool - Delayed Login

Log into a site that sets random tarpits

Delay Challenge
Challenge
OCR a Simple CAPTCHA

Leverage in-browser OCR to bypass simple CAPTCHA codes

OCR Challenge
Challenge
Multi-Page Challenge

Log into a site that uses multiple pages to authenticate

Multi-Page Challenge
Challenge
New Window Challenge

Log in to a site that pops up a new window with a login form

New Window Challenge
Challenge
IFrames in Authentication

Log in to a site that uses IFrames to show the login form

IFrame Challenge
Challenge
Cross-Site Request Forgery Tokens

Log into a site that uses XSRF tokens

XSRF Challenge
Challenge
Dynamic Field Names

Log into a site that uses dynamic field name changes

Dynamic Field Challenge
Challenge
"Security" Questions

Log into a site that uses the worst security mechanism possible

Security Question Challenge
Challenge
Time-Based One-Time Password Multi-Factor Authentication

Log in to a site that has TOTP MFA

TOTP MFA Challenge

Other Authentication

Some times of authentication do not deal with modifying form values. Sometimes you have to modify headers or even talk to third party servers to get this done.
Other Authentication
Session Hijacking

Log into a site using a hijacked session

Other Authentication
Bearer Token

Set the Authorization: Bearer t0k3nId and see if it succeeds below.

Token Not Set