Auto login plugin doesn't fill <select> tag

Holger's Avatar

Holger

18 Nov, 2014 01:38 PM

Hi guys,
I tried to set up the auto login plugin without success. Tha problem seems to be a select tag within the login mask.

i wrote a test html case with a form that contains such a tag with a lot of items and configured the auto plugin to change the selected item.

 [!] Session: Found login form: form:post:http://192.168.56.101:8080/:[["Login", ""], ["form_Employee", "GB"], ["form_Password", ""], ["form_UID", ""]]
 [!] Session: Updated form inputs: {"form_UID"=>"userNAME", "form_Password"=>"changeMe", "form_Employee"=>"AY", "Login"=>""}
 [!] Session: Submitting form.
 [!] Browser: fire_event: submit ({:inputs=>{"form_UID"=>"userNAME", "form_Password"=>"changeMe", "form_Employee"=>"AY", "Login"=>""}}) <form action="http://192.168.56.101:8080" method="post">
 [!] Client: ------------
 [!] Client: Queued request.
 [!] Client: ID#: 1
 [!] Client: Performer:
 [!] Client: URL: http://192.168.56.101:8080/
 [!] Client: Method: post
 [!] Client: Params: {}
 [!] Client: Body: form_Employee=GB&form_UID=userNAME&form_Password=changeMe

As you can see the default value for form_Employee is GB. The browser logs that the form_Employee is changed to => "AY" but in fact on the last line the request body shows, that form_Employee contains the old default value, which is "GB".

  1. Support Staff 1 Posted by Tasos Laskos on 18 Nov, 2014 02:33 PM

    Tasos Laskos's Avatar

    Hey Holger,

    I think I know what's wrong and I'm looking into this right now.
    In the meantime, consider using the login_script plugin via the HTTP request method as in the example in its description:

    http.post( 'http://testfire.net/bank/login.aspx',
        parameters:     {
            'uid'   => 'jsmith',
            'passw' => 'Demo1234'
        },
        mode:           :sync,
        update_cookies: true
    )
    

    Cheers

  2. Support Staff 2 Posted by Tasos Laskos on 18 Nov, 2014 02:43 PM

    Tasos Laskos's Avatar

    I just updated the relevant KB article to include the new login_script plugin: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...

  3. 3 Posted by Holger on 18 Nov, 2014 03:44 PM

    Holger's Avatar

    Thanks a lot :)

  4. Support Staff 4 Posted by Tasos Laskos on 19 Nov, 2014 01:23 AM

    Tasos Laskos's Avatar

    No problem. Nightlies are up and include the fix, please test it and let me know.

    Cheers

  5. 5 Posted by Holger on 19 Nov, 2014 04:40 PM

    Holger's Avatar

    Yep,

    that fix did it. Could successfully login :)

  6. 6 Posted by Holger on 19 Nov, 2014 04:47 PM

    Holger's Avatar

    Now i am getting during the scan. Doesn't seems to be critical but it is also relateted to select tags and watir

    [2014-11-19 17:40:35 +0100] [Watir::Exception::NoValueFoundException] "GB<some_dangerous_input_7fc8da557d634ca985afec44a7d4d59e/>" not found in select list
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:218:in `no_value_found'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:152:in `rescue in select_by_string'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:149:in `select_by_string'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:131:in `select_by'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:78:in `select_value'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:913:in `block in fill_in_form_inputs'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/element_collection.rb:29:in `each'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/element_collection.rb:29:in `each'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:908:in `fill_in_form_inputs'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:621:in `block in fire_event'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/page/dom/transition.rb:151:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/page/dom/transition.rb:151:in `start'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/page/dom/transition.rb:106:in `initialize'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:617:in `new'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:617:in `fire_event'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/element/form/dom.rb:27:in `trigger'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/element/capabilities/auditable/dom.rb:90:in `block in submit'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/jobs/browser_provider.rb:20:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/jobs/browser_provider.rb:20:in `run'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/job.rb:88:in `configure_and_run'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:92:in `block (2 levels) in run_job'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:90:in `block in run_job'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:948:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:948:in `block in with_timeout'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:91:in `block in timeout'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `block in catch'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `catch'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `catch'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:106:in `timeout'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:947:in `with_timeout'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:89:in `run_job'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:229:in `block (3 levels) in start'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:229:in `block (2 levels) in start'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:227:in `block in start'
    [2014-11-19 17:40:35 +0100] 
    [2014-11-19 17:40:35 +0100] Parent:
    [2014-11-19 17:40:35 +0100] Arachni::BrowserCluster::Worker
    [2014-11-19 17:40:35 +0100] 
    [2014-11-19 17:40:35 +0100] Block:
    [2014-11-19 17:40:35 +0100] #<Proc:0x000000053d6e90@/home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:90>
    [2014-11-19 17:40:35 +0100] 
    [2014-11-19 17:40:35 +0100] Caller:
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:90:in `block in run_job'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:948:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:948:in `block in with_timeout'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:91:in `block in timeout'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `block in catch'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `catch'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `catch'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:106:in `timeout'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:947:in `with_timeout'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:89:in `run_job'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:229:in `block (3 levels) in start'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:229:in `block (2 levels) in start'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
    [2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:227:in `block in start'
    [2014-11-19 17:40:35 +0100] --------------------------------------------------------------------------------
    
  7. Support Staff 7 Posted by Tasos Laskos on 19 Nov, 2014 05:02 PM

    Tasos Laskos's Avatar

    Yeah that sounds about right, it's not critical at all, doesn't even affect the scan. I think I better downgrade this to a debugging message rather than an error one. :)

    Thanks fore the feedback.

    Cheers

  8. Tasos Laskos closed this discussion on 19 Nov, 2014 05:02 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac