Scan with Complex Login Form

pratik.p.parikh's Avatar

pratik.p.parikh

28 Mar, 2014 12:50 AM

Dear Arachni Support,

First thank you for providing open source software for pretension testing. I have a form that is complex because the software that i am testing is using ext-js and they are using javascript to submit the form. I did the following to kick of the form.

arachni https://XXXXXXXX/iw-cc/command/iw.ui --plugin=autologin:url=https://15.126.202.110/iw-cc/command/iw.ui,params='iw_user=tstest1&iw_password=1nterW0ven,iw_domain=WIN-8K0VAIBAJQN',check='Logout|tstest1' -e https://XXXXXXXXX/iw-cc/command/iw.base.logout


[+] Web Application Security Report - Arachni Framework


[~] Report generated on: 2014-03-28 00:31:53 +0000 [~] Report false positives at: http://github.com/Arachni/arachni/issues


[+] System settings: [~] --------------- [~] Version: 0.4.6 [~] Revision: 0.2.8 [~] Audit started on: Fri Mar 28 00:30:39 2014 [~] Audit finished on: Fri Mar 28 00:31:51 2014 [~] Runtime: 00:01:11


[~] URL: https://XXXXXXXXXXX/iw-cc/command/iw.ui [~] User agent: Arachni/v0.4.6


[*] Audited elements: [~] * Links [~] * Forms [~] * Cookies


[*] Modules: os_cmd_injection_timing, xss, code_injection, code_injection_timing, xss_path, sqli_blind_timing, csrf, file_inclusion, path_traversal, sqli_blind_rdiff, os_cmd_injection, unvalidated_redirect, sqli, session_fixation, xss_script_tag, response_splitting, source_code_disclosure, xss_event, xpath, xss_tag, ldapi, trainer, rfi, code_injection_php_input_wrapper, private_ip, unencrypted_password_forms, captcha, password_autocomplete, mixed_resource, form_upload, html_objects, cvs_svn_users, emails, ssn, insecure_cookies, credit_card, http_only_cookies, backup_files, backdoors, interesting_responses, allowed_methods, common_files, x_forwarded_for_access_restriction_bypass, htaccess_limit, localstart_asp, common_directories, http_put, xst, directory_listing, webdav


[*] Filters: [~] Exclude: ~


[*] Cookies: [~] JSESSIONID = 23F52052987E451D159A37FA67003F5F


[~] ===========================


[+] 0 issues were detected.


[+] Plugin data: [~] ---------------


[*] AutoLogin [~] ~~~~~~~~~~~~~~ [~] Description: It looks for the login form in the user provided URL, merges its input fields with the user supplied parameters and sets the cookies of the response and request as framework-wide cookies to be used by the spider later on.


[+] Could not find a form suiting the provided params at: https://XXXXXXXXXXX/iw-cc/command/iw.ui


[~] 0.0% [=> ] 100% [~] Est. remaining time: --:--:--


[~] Crawling, discovered 0 pages and counting.


[~] Sent 1 requests. [~] Received and analyzed 1 responses. [~] In 00:01:11 [~] Average: 0 requests/second.


[~] Burst response time total 0 [~] Burst response count total 0 [~] Burst average response time 0 [~] Burst average 0 requests/second [~] Timed-out requests 0 [~] Original max concurrency 20 [~] Throttled max concurrency 20

Could you pelease provide me some direction on how I can get around it.

Regards and Thanks in advance,
Pratik Parikh

  1. Support Staff 1 Posted by Tasos Laskos on 28 Mar, 2014 07:21 AM

    Tasos Laskos's Avatar

    Unfortunately there's no JavaScript support yet, you'll have to use one of the alternative ways of logging in: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...

    Cheers

  2. Tasos Laskos closed this discussion on 28 Mar, 2014 07:21 AM.

  3. pratik.p.parikh re-opened this discussion on 28 Mar, 2014 11:34 AM

  4. 2 Posted by pratik.p.parikh on 28 Mar, 2014 11:34 AM

    pratik.p.parikh's Avatar

    Do you have example of using proxy plugin? i guess i can give that a try.

    Regards,
    Pratik Parikh

  5. Support Staff 3 Posted by Tasos Laskos on 28 Mar, 2014 11:36 AM

    Tasos Laskos's Avatar

    No not really, it's pretty simple, just follow the instructions and you'll be fine.

  6. Tasos Laskos closed this discussion on 12 Apr, 2014 12:30 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac