Browser Auth Flow

Adversarial probe of a site's authentication. Drives the login flow once, records the trajectory, then runs a configurable set of probes against the captured artifacts and live page. Output is a structured findings.md inside the RVF container.

When to use

• Pre-deployment audit of a new auth flow.
• Investigating a suspected token leak or redirect issue.
• Establishing a baseline for ongoing regression checks.

Steps

1. Open a recorded session via browser-record.
2. Drive the auth flow as in browser-login (credentials come from --credentials <handle> referencing browser-cookies if the run is a re-auth probe).
3. Run probes: