tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/1847-auto-loginArachni: Discussion 2018-10-19T07:41:35Ztag:support.arachni-scanner.com,2012-07-01:Comment/336111662014-07-01T11:47:46Z2014-07-01T11:47:46ZAuto Login<div><p>Hi Team,</p>
<p>i have launched a scan using autologin<br>
arachni <a href="http://testfire.net">http://testfire.net</a>
--plugin=autologin:url=<a href=
"http://testfire.net/bank/login.aspx,params='uid=jsmith&passw=Demo1234',check='Sign">http://testfire.net/bank/login.aspx,params=&#39;uid=jsmith&amp;pass...</a>
Off|MY ACCOUNT' -e logout.aspx --report=json:outfile=testfire.json
,i got 74 issues</p>
<p>while i used the below code i got 28 issues<br>
opts.plugins['autologin']= {<br>
'url' => '<a href=
"http://testfire.net/bank/login.aspx&#39">http://testfire.net/bank/login.aspx&#39</a>;,
'params' => 'uid=jsmith&passw=Demo1234', 'check' =>'Sign
Off|MY ACCOUNT' } opts.exclude << 'logout.aspx' # configure
the json and stdout reports opts.reports = { 'json' => {
'outfile' => 'testfire.json' } }</p>
<p>even login url and params are same, why i am getting different
issues,please let me know the correct code.<br>
Thanks in advance</p></div>Ramakrishnatag:support.arachni-scanner.com,2012-07-01:Comment/336111662014-07-01T11:58:12Z2014-07-01T11:58:12ZAuto Login<div><p>Hi,</p>
<p>Could you show me the entire code please?</p>
<p>Cheers</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/336111662014-07-02T05:05:15Z2014-07-02T05:05:15ZAuto Login<div><p>here is code</p>
<p>#!/home/ubuntu/.rvm/rubies/ruby-1.9.3-p392/bin/ruby</p>
<h1><a name="encoding-utf-8" href="#encoding-utf-8" class="anchor"
id="encoding-utf-8"></a>encoding: utf-8</h1>
<p>class Scan<br>
require 'rubygems' require 'net/smtp' require 'json' require
'arachni' require 'arachni/ui/cli/output'</p>
<p>def launch(url,target) # shut the system up
Arachni::UI::Output.mute</p>
<pre>
<code> # get an instance of the options class
opts = Arachni::Options.instance
# this is the seed URL
opts.url = "#{target}"
opts.audit_forms = true
opts.audit_links = true
opts.audit_cookies = true
opts.only_positives = true
opts.auto_redundant = 2
opts.spawns=5
opts.exclude = ['/cgi-bin/']
opts.http_req_limit = 0.5
# opts.modules=*,['webdav'],['allowed_methods'],['interesting_responses'],['insecure_cookies'],['html_objects'],['emails'],['form_upload'],['http_only_cookies'],['captcha'],['backdoors'],['backup_files']
opts.authed_by = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22"
opts.plugins['autologin']= {
'url' => 'http://testfire.net/bank/login.aspx',
'params' => 'uid=jsmith&passw=Demo1234',
'check' =>'Sign Off|MY ACCOUNT'
}
opts.exclude << 'logout.aspx'
# configure the json and stdout reports
opts.reports = {
'json' => {
'outfile' => 'testfire.json'
}
}
# instantiate the framework
framework = Arachni::Framework.new( opts )
# load all modules
framework.modules.load( ['*'] )
# load default plugins
framework.plugins.load_defaults
# load the configured reports
framework.reports.load( opts.reports.keys )
# put the scan operation in its own thread
# so that we can do stuff while it's running -- like show progress data..
scan = Thread.new {
framework.run {
# this block will be run right after the scan has finished and
# before the reports are run
# because we selected the stdout report we have to unmute the output
Arachni::UI::Output.unmute
}
}
# the scan is finished, wait for the thread to return cleanly
scan.join</code>
</pre>
<p>end end # End of class</p>
<p>url = "testfire.net"<br>
target = "<a href="http://&quot">http://&quot</a>; +
url</p>
<p>n = Scan.new n.launch(url,target)</p>
<p>From the above code i have doubt whether autologin is working or
not?</p></div>Ramakrishnatag:support.arachni-scanner.com,2012-07-01:Comment/336111662014-07-02T12:40:23Z2014-07-02T12:40:23ZAuto Login<div><p>You haven't actually loaded the autologin plugin, just provided
options for it.<br>
You'll need to load it with:</p>
<pre>
<code> framework.plugins.load ['autologin']</code>
</pre>
<p>Cheers</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/336111662014-07-03T06:24:28Z2014-07-03T06:24:28ZAuto Login<div><p>Thanks a lot it is working .</p></div>Ramakrishna