mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-09 20:58:38 +02:00
v3.5.0: automated login — execute the login flow and capture the live session
- harness/creds::login(): performs the real HTTP login (POST/GET form), captures a session Cookie from Set-Cookie or a Bearer token from the JSON body, with a soft success check (no hard fail on 302). Redirects not followed so Set-Cookie is visible. - apply_creds is now async: direct material (jwt/header/cookie) used as-is; a `login:` flow is EXECUTED to obtain a live session; on failure, falls back to instructing the agents to log in themselves. - --creds + --focus added to `run` (authenticated black-box) too. - Verified live against a local mock: POST /login → 302 + Set-Cookie captured as the auth header used on subsequent requests. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -184,7 +184,7 @@ async fn run(base: &Path, s: &Session) {
|
||||
if let M::Grey { repo, .. } = &m {
|
||||
cfg.repo = Some(repo.clone());
|
||||
}
|
||||
crate::apply_creds(&mut cfg, s.creds.as_deref());
|
||||
crate::apply_creds(&mut cfg, s.creds.as_deref()).await;
|
||||
|
||||
let result = match m {
|
||||
M::Grey { .. } => crate::run_greybox_engagement(base, cfg, s.mcp).await,
|
||||
|
||||
Reference in New Issue
Block a user