How to Check Password Protected Websites with HTML-based Authentication

In case of HTML-based authentication (with the <FORM> tag), you can verify the secured area using the POST method (Action -> Profile -> Starting URLs).

For example, your web page's HTML code looks like the following:

The procedure is as follows:

1. Press the down arrow by the New button and select New Profile on the list that appears.

2. Click the Add button.

3. Enter the Starting URL:

https://www.example.com/member/login.asp

The Starting URL value can be always found in the form code:

4. Select the POST Method option.

5. Enter the POST Query String:

Username=JohnDoe&Password=12345&Submit=Log+in

where "JohnDoe" is your user name, "12345" is your password.

The "Username" and "Password" variables are also specified in the form code:

The Query String adds another variable -- "Submit" -- with the value "Log in", also defined in the form code:

There can be a number of such valuables or none of them just as well -- depending on your authentication form.

Each variable with its assigned value (key/value pairs) are delimited with the "&" sign and thus make up the "Query String":

Username=JohnDoe&Password=12345&Submit=Log+in

6. Open the Exclude Links section and add the mask (or masks) that exclude the "Log Out" links; e.g.:

https://www.example.com/*logout*

You can skip the next step if the secured area is "internal" in relation to the Starting URL. For more information on how Starting URL affects the verification, read the Internal Links chapter.

7. Open the Internal Links section and add the following mask:

https://www.example.com*