Hello team! I need to configure login page for brute-force protection of application.
It was easy for a web browser because the HTML form is easy to configure and works well.
But the authentication type for the mobile app is JSON / AJAX. I'm facing a problem: I'm unable to select the correct values for the username and password JSON elements from the entire server response. Should I use <map>, <string> and other tags in these fields, or should I only use keywords? I only found one example using JSON / AJAX authentication https://clouddocs.f5.com/training/community/waf/html/waf241/module4-login-protect/lab1/lab1.html, without any tags, but this example doesn't work in our environment.
For example, after trying to sign in from a mobile app with incorrect credentials, ASM received a large request. I found the password I entered, in the following context:
Which part of this line should we insert into the Password field? Same question about the the login field.