Auto Login

Ramakrishna's Avatar

Ramakrishna

01 Jul, 2014 11:47 AM

Hi Team,

i have launched a scan using autologin
arachni http://testfire.net --plugin=autologin:url=http://testfire.net/bank/login.aspx,params='uid=jsmith&pass... Off|MY ACCOUNT' -e logout.aspx --report=json:outfile=testfire.json ,i got 74 issues

while i used the below code i got 28 issues
opts.plugins['autologin']= {
'url' => 'http://testfire.net/bank/login.aspx&#39;, 'params' => 'uid=jsmith&passw=Demo1234', 'check' =>'Sign Off|MY ACCOUNT' } opts.exclude << 'logout.aspx' # configure the json and stdout reports opts.reports = { 'json' => { 'outfile' => 'testfire.json' } }

even login url and params are same, why i am getting different issues,please let me know the correct code.
Thanks in advance

  1. Support Staff 1 Posted by Tasos Laskos on 01 Jul, 2014 11:58 AM

    Tasos Laskos's Avatar

    Hi,

    Could you show me the entire code please?

    Cheers

  2. 2 Posted by Ramakrishna on 02 Jul, 2014 05:05 AM

    Ramakrishna's Avatar

    here is code

    #!/home/ubuntu/.rvm/rubies/ruby-1.9.3-p392/bin/ruby

    encoding: utf-8

    class Scan
    require 'rubygems' require 'net/smtp' require 'json' require 'arachni' require 'arachni/ui/cli/output'

    def launch(url,target) # shut the system up Arachni::UI::Output.mute

       # get an instance of the options class
       opts = Arachni::Options.instance
    
       # this is the seed URL
       opts.url = "#{target}"
       opts.audit_forms = true
       opts.audit_links = true
       opts.audit_cookies = true
       opts.only_positives = true
       opts.auto_redundant = 2
       opts.spawns=5
       opts.exclude = ['/cgi-bin/']
       opts.http_req_limit = 0.5
       # opts.modules=*,['webdav'],['allowed_methods'],['interesting_responses'],['insecure_cookies'],['html_objects'],['emails'],['form_upload'],['http_only_cookies'],['captcha'],['backdoors'],['backup_files']
       opts.authed_by = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22"
       opts.plugins['autologin']= {
        'url' => 'http://testfire.net/bank/login.aspx',
        'params' => 'uid=jsmith&passw=Demo1234',
        'check' =>'Sign Off|MY ACCOUNT'
      }
      opts.exclude << 'logout.aspx'
       # configure the json and stdout reports
       opts.reports = {
         'json' => {
          'outfile' => 'testfire.json'
        }
      }
    
       # instantiate the framework
       framework = Arachni::Framework.new( opts )
    
       # load all modules
       framework.modules.load( ['*'] )
    
       # load default plugins
       framework.plugins.load_defaults
    
       # load the configured reports
       framework.reports.load( opts.reports.keys )
    
         # put the scan operation in its own thread
         # so that we can do stuff while it's running -- like show progress data..
         scan = Thread.new {
           framework.run {
               # this block will be run right after the scan has finished and
               # before the reports are run
    
               # because we selected the stdout report we have to unmute the output
               Arachni::UI::Output.unmute
             }
           }
    
       # the scan is finished, wait for the thread to return cleanly
       scan.join
    

    end end # End of class

    url = "testfire.net"
    target = "http://&quot; + url

    n = Scan.new n.launch(url,target)

    From the above code i have doubt whether autologin is working or not?

  3. Support Staff 3 Posted by Tasos Laskos on 02 Jul, 2014 12:40 PM

    Tasos Laskos's Avatar

    You haven't actually loaded the autologin plugin, just provided options for it.
    You'll need to load it with:

         framework.plugins.load ['autologin']

    Cheers

  4. 4 Posted by Ramakrishna on 03 Jul, 2014 06:24 AM

    Ramakrishna's Avatar

    Thanks a lot it is working .

  5. Tasos Laskos closed this discussion on 03 Jul, 2014 01:36 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac