Home → Problems →

Arachni_UI_Web scanning is not working for me

• Edit

Rohit

Apr 13, 2015 @ 09:26 AM

Hi Tasos Laskos
I am new to Security testing and learning arachni ui web scanner I created the profile and start the scan it initially give some error and few request was sent and recieved but then it is showing same thing and nothing happeing don't know what is going on
Please find he attachment and guide me how to use the arachni for web scanning.

Thanks
Rohit Sharma

• Arachini.jpg 458 KB

1. Support Staff 1 Posted by Tasos Laskos on Apr 13, 2015 @ 09:50 AM

   

   Hey Rahit,

   The current version of Arachni has a very high HTTP request timeout (50 seconds) so it could be that the server takes a long time to respond, making it seem as if the scan is stuck.

   Response times seem to be quite low in the statistics but you may have hit a server-side limit at that point.

   You can try lowering the timeout and re-scanning or use the CLI to get more information on how the scan is progressing?

   Cheers

   • Edit

2. 2 Posted by Rohit on Apr 13, 2015 @ 09:57 AM

   

   Hi Tasos

   Thanks for the quick reply
   Can you please guide me how to lower the timeout?

   Thanks
   Rohit

   • Edit

3. Support Staff 3 Posted by Tasos Laskos on Apr 13, 2015 @ 10:07 AM

   

   You can edit the profile you used for the scan, you can find the HTTP request timeout option in the HTTP section. That option is in milliseconds so setting to 5000 would work.

   • Edit

4. 4 Posted by Rohit on Apr 13, 2015 @ 10:42 AM

   

   Thanks Tasos
   I think the issue is resolved for me

   But i have one other question while creating a profile i need to enter verifier to check the we have successfully logged in

   when i logged in to my application i saw sign out link and one search button (Attached the screenshot of logged in page)
   I entered Sign Out in check (for auto login parameters) but when i run the scanner then i am getting error
   Form submitted but the response did not match the verifier.

   So is there any specific way to enter the verifier

   • Logged_in_Screen.jpg 52.1 KB
   • Autologin_Parameters.jpg 311 KB
   • Edit

5. Support Staff 5 Posted by Tasos Laskos on Apr 13, 2015 @ 10:48 AM

   

   Maybe the response returned after submitting the form really didn't match the verifier.
   To get around that you can set the same verifier and a different check url in the profile's session check setting, they're at the bottom of the page.

   Let me know how that works.

   Cheers

   • Edit

6. 6 Posted by Rohit on Apr 13, 2015 @ 11:04 AM

   

   Hi Tasos

   Sorry for so many posts
   i enter the session check setting and re scan the app

   It again got stuck no idea what to do ..

   Thanks
   Rohit

   • Edit

7. Support Staff 7 Posted by Tasos Laskos on Apr 13, 2015 @ 11:34 AM

   

   No worries, that's what I'm here for. :)

   I'm afraid I forgot to mention the browser cluster job timeout option, you can find that in the Browser cluster options towards the bottom -- this one is in seconds so setting it to something like 20 would probably be OK.
   That's in case some of the browser jobs are taking a long time.

   Also, it may be a good idea to try the nightlies as they're a lot faster and contain bug fixes.
   Although the web interfaces are not backwards compatible due to a design change so you won't be able to upgrade between interfaces.

   So, please set the option I mentioned and retry, if you still get the same outcome please give the nightlies a quick try.
   If that fails too then I'm afraid I'll need to have a look myself to see what's going on.

   Cheers

   • Edit

8. 8 Posted by Rohit on Apr 13, 2015 @ 11:43 AM

   

   Ok Thanks
   i will try the steps mentioned by you

   Meanwhile i tried to scan it via command line and got the below error

   [+] Allowed methods: OPTIONS, TRACE, GET, HEAD, POST
    [-] [SecurityError] Insecure: can't modify array
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/element/server.rb:144:in `clear'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/element/server.rb:144:in `analyze'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `call'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `block (2 levels) in run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `each'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `block in run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `call'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `exception_jail'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:200:in `run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:272:in `harvest_http_responses'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/check.rb:59:in `run_checks'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:132:in `audit_page'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:237:in `audit_queues'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:188:in `block in audit'
    [-] /home/Champion/.gem/ruby/1.9.1/bundle [+] Allowed methods: OPTIONS, TRACE, GET, HEAD, POST
    [-] [SecurityError] Insecure: can't modify array
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/element/server.rb:144:in `clear'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/element/server.rb:144:in `analyze'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `call'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `block (2 levels) in run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `each'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `block in run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `call'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `exception_jail'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:200:in `run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:272:in `harvest_http_responses'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/check.rb:59:in `run_checks'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:132:in `audit_page'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:237:in `audit_queues'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:188:in `block in audit'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:168:in `loop'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:168:in `audit'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework.rb:120:in `block in run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `call'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `exception_jail'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework.rb:120:in `run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/ui/cli/framework.rb:64:in `block in run'
   r/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:168:in `loop'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:168:in `audit'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework.rb:120:in `block in run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `call'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `exception_jail'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework.rb:120:in `run'
    [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/ui/cli/framework.rb:64:in `block in run'
   

   Thanks
   Rohit

   • Edit

9. Support Staff 9 Posted by Tasos Laskos on Apr 13, 2015 @ 11:46 AM

   

   It doesn't seem like you're using the official packages.
   How have you setup Arachni?

   • Edit

10. 10 Posted by Rohit on Apr 13, 2015 @ 11:55 AM

    

    it was already installed on my VM
    I will collect the info and let you know

    Thanks for all the replies
    Rohit Sharma

    • Edit

11. 11 Posted by Rohit on Apr 14, 2015 @ 06:13 AM

    

    HI Tasos

    is there any way to find out that he version i am using is not official
    also please let me know does the problem which i am facing above is due to the version?

    Thanks
    Rohit

    • Edit

12. Support Staff 12 Posted by Tasos Laskos on Apr 14, 2015 @ 09:09 AM

    

    It's not just the version, it's that it seems to be installed from source (from the Gem in this case) and running on unknown/untested dependencies instead of using the official, self-contained packages.

    You can see the version with: arachni --version

    • Edit

13. 13 Posted by rohitcse08 on Apr 14, 2015 @ 10:04 AM

    

    Hi Tasos,

    I have installed the current version from arachni website
    but i am not able to set up the web application now

    please check the attachment may be from there you get more idea of my proble and what i am doing wrong

    Thanks
    Rohit

    • arachini_.jpg 374 KB
    • Edit

14. Support Staff 14 Posted by Tasos Laskos on Apr 14, 2015 @ 10:12 AM

    

    Can you please show me the entire error output?

    • Edit

15. 15 Posted by rohitcse08 on Apr 14, 2015 @ 10:21 AM

    

    here it is

    Unable to load the EventMachine C extension; To use the pure-ruby reactor, require 'em/pure_ruby'
    /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/eventmachine-1.0.3/lib/eventmachine.rb:8:in `require': libstdc++.so.6: cannot open shared object file: No such file or directory - /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/extensions/x86-linux/2.1.0/eventmachine-1.0.3/rubyeventmachine.so (LoadError)
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/eventmachine-1.0.3/lib/eventmachine.rb:8:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/thin-1.6.3/lib/thin.rb:7:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/thin-1.6.3/lib/thin.rb:7:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:76:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:76:in `block (2 levels) in require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:72:in `each'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:72:in `block in require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:61:in `each'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:61:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler.rb:134:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config/application.rb:15:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/usr/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/usr/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config/environment.rb:13:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/usr/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/usr/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config.ru:3:in `block in <main>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:55:in `instance_eval'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:55:in `initialize'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config.ru:in `new'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config.ru:in `<main>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:49:in `eval'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:49:in `new_from_string'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:40:in `parse_file'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:277:in `build_app_and_options_from_config'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:199:in `app'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:314:in `wrapped_app'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:250:in `start'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:141:in `start'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/bin/rackup:4:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/bin/../system/gems/bin/rackup:23:in `load'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/bin/../system/gems/bin/rackup:23:in `<main>'
    

    • Edit

16. Support Staff 16 Posted by Tasos Laskos on Apr 14, 2015 @ 10:51 AM

    

    And you just ran it like ./bin/arachni_web right?

    • Edit

17. 17 Posted by rohitcse08 on Apr 14, 2015 @ 10:56 AM

    

    Went to bin directory
    then used the command ./arachni_web

    • Edit

18. Support Staff 18 Posted by Tasos Laskos on Apr 14, 2015 @ 12:55 PM

    

    Did you download the right package for the VM's architecture? (32bit vs 64bit)

    • Edit

19. Tasos Laskos closed this discussion on May 06, 2015 @ 01:20 PM.