Is it possible to detect a login page using HTTPX?

[brave-red]

Is it possible to detect login pages using HTTPX? Generally, when we output a katana file to HTTPX, can it identify the login page directly by checking the first page that appears, using fields like username and password? There's a feature called -fpt login that does the reverse, but is there a feature I can use to detect the login page in the opposite way? Or what would you recommend in this regard?

[adilburaksen]

Yes, pipe katana output into httpx and use -mr (match-regex) to filter for login pages:

# Match by common login keywords in the response body
katana -u https://target.com -silent | httpx -mr "(?i)(type=.?password|login|sign.?in|forgot.?password)" -title -sc -silent

# Or match by page title
katana -u https://target.com -silent | httpx -title -ms "Login" -sc -silent

# Broader — catch login, signin, auth pages
katana -u https://target.com -silent | httpx -mr "(?i)(log.?in|sign.?in|type=.?password|authenticate)" -title -sc -tech-detect -silent

-mr matches against the full response body, so it catches password input fields even when the title doesn't say "Login". Combining -title with -mr gives you the most signal.

[brave-red]

Thank you for your answer, it was helpful. I will use what you wrote for verification in this process. I'm thinking of using Playwright for full verification here.