Description

Brute-force exploiters prioritize credentials pairs over other combinations of credentials. That is, if a credentials collector steals a username/password combination, the exploiter will try this combination before combining the username with other passwords. The logic is that if the credentials were stolen as a pair, they're most likely to work as a pair.

The UI does not (currently) allow users to configure credentials as pairs. Rather, credentials are collections of different types of identities and secrets. Enable the user to specify identity/secret pairs in the UI. The option to specify just identities and secrets which will later be combined should be preserved

Tasks

• Modify the UI to allow the user to specify identity/secret pairs @ordabach
  • Add the table with "add row button" (0d)
  • private key cannot be empty if public key is provided (per row) (0d)
  • Add logic to identify username vs email (0d)
  • Add logic to parse rows and build credentials (0d)
  • Add logic to take file import/api response and populate the table (0.25d)
• Modify one or more of the slower ETE tests to include an identity/secret pair in its configuration. (0.25d)

Mockup