Arachni_UI_Web scanning is not working for me

Rohit 's Avatar

Rohit

13 Apr, 2015 09:26 AM

Hi Tasos Laskos
I am new to Security testing and learning arachni ui web scanner I created the profile and start the scan it initially give some error and few request was sent and recieved but then it is showing same thing and nothing happeing don't know what is going on
Please find he attachment and guide me how to use the arachni for web scanning.

Thanks
Rohit Sharma

  1. Support Staff 1 Posted by Tasos Laskos on 13 Apr, 2015 09:50 AM

    Tasos Laskos's Avatar

    Hey Rahit,

    The current version of Arachni has a very high HTTP request timeout (50 seconds) so it could be that the server takes a long time to respond, making it seem as if the scan is stuck.

    Response times seem to be quite low in the statistics but you may have hit a server-side limit at that point.

    You can try lowering the timeout and re-scanning or use the CLI to get more information on how the scan is progressing?

    Cheers

  2. 2 Posted by Rohit on 13 Apr, 2015 09:57 AM

    Rohit 's Avatar

    Hi Tasos

    Thanks for the quick reply
    Can you please guide me how to lower the timeout?

    Thanks
    Rohit

  3. Support Staff 3 Posted by Tasos Laskos on 13 Apr, 2015 10:07 AM

    Tasos Laskos's Avatar

    You can edit the profile you used for the scan, you can find the HTTP request timeout option in the HTTP section. That option is in milliseconds so setting to 5000 would work.

  4. 4 Posted by Rohit on 13 Apr, 2015 10:42 AM

    Rohit 's Avatar

    Thanks Tasos
    I think the issue is resolved for me

    But i have one other question while creating a profile i need to enter verifier to check the we have successfully logged in

    when i logged in to my application i saw sign out link and one search button (Attached the screenshot of logged in page)
    I entered Sign Out in check (for auto login parameters) but when i run the scanner then i am getting error
    Form submitted but the response did not match the verifier.

    So is there any specific way to enter the verifier

  5. Support Staff 5 Posted by Tasos Laskos on 13 Apr, 2015 10:48 AM

    Tasos Laskos's Avatar

    Maybe the response returned after submitting the form really didn't match the verifier.
    To get around that you can set the same verifier and a different check url in the profile's session check setting, they're at the bottom of the page.

    Let me know how that works.

    Cheers

  6. 6 Posted by Rohit on 13 Apr, 2015 11:04 AM

    Rohit 's Avatar

    Hi Tasos

    Sorry for so many posts
    i enter the session check setting and re scan the app

    It again got stuck no idea what to do ..

    Thanks
    Rohit

  7. Support Staff 7 Posted by Tasos Laskos on 13 Apr, 2015 11:34 AM

    Tasos Laskos's Avatar

    No worries, that's what I'm here for. :)

    I'm afraid I forgot to mention the browser cluster job timeout option, you can find that in the Browser cluster options towards the bottom -- this one is in seconds so setting it to something like 20 would probably be OK.
    That's in case some of the browser jobs are taking a long time.

    Also, it may be a good idea to try the nightlies as they're a lot faster and contain bug fixes.
    Although the web interfaces are not backwards compatible due to a design change so you won't be able to upgrade between interfaces.

    So, please set the option I mentioned and retry, if you still get the same outcome please give the nightlies a quick try.
    If that fails too then I'm afraid I'll need to have a look myself to see what's going on.

    Cheers

  8. 8 Posted by Rohit on 13 Apr, 2015 11:43 AM

    Rohit 's Avatar

    Ok Thanks
    i will try the steps mentioned by you

    Meanwhile i tried to scan it via command line and got the below error

    [+] Allowed methods: OPTIONS, TRACE, GET, HEAD, POST
     [-] [SecurityError] Insecure: can't modify array
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/element/server.rb:144:in `clear'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/element/server.rb:144:in `analyze'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `call'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `block (2 levels) in run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `each'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `block in run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `call'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `exception_jail'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:200:in `run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:272:in `harvest_http_responses'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/check.rb:59:in `run_checks'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:132:in `audit_page'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:237:in `audit_queues'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:188:in `block in audit'
     [-] /home/Champion/.gem/ruby/1.9.1/bundle [+] Allowed methods: OPTIONS, TRACE, GET, HEAD, POST
     [-] [SecurityError] Insecure: can't modify array
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/element/server.rb:144:in `clear'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/element/server.rb:144:in `analyze'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `call'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `block (2 levels) in run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `each'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:208:in `block in run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `call'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `exception_jail'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/http/client.rb:200:in `run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:272:in `harvest_http_responses'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/check.rb:59:in `run_checks'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:132:in `audit_page'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:237:in `audit_queues'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:188:in `block in audit'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:168:in `loop'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:168:in `audit'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework.rb:120:in `block in run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `call'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `exception_jail'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework.rb:120:in `run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/ui/cli/framework.rb:64:in `block in run'
    r/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:168:in `loop'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework/parts/audit.rb:168:in `audit'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework.rb:120:in `block in run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `call'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/utilities.rb:395:in `exception_jail'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/lib/arachni/framework.rb:120:in `run'
     [-] /home/Champion/.gem/ruby/1.9.1/bundler/gems/arachni-ec4273b54ed6/ui/cli/framework.rb:64:in `block in run'
    

    Thanks
    Rohit

  9. Support Staff 9 Posted by Tasos Laskos on 13 Apr, 2015 11:46 AM

    Tasos Laskos's Avatar

    It doesn't seem like you're using the official packages.
    How have you setup Arachni?

  10. 10 Posted by Rohit on 13 Apr, 2015 11:55 AM

    Rohit 's Avatar

    it was already installed on my VM
    I will collect the info and let you know

    Thanks for all the replies
    Rohit Sharma

  11. 11 Posted by Rohit on 14 Apr, 2015 06:13 AM

    Rohit's Avatar

    HI Tasos

    is there any way to find out that he version i am using is not official
    also please let me know does the problem which i am facing above is due to the version?

    Thanks
    Rohit

  12. Support Staff 12 Posted by Tasos Laskos on 14 Apr, 2015 09:09 AM

    Tasos Laskos's Avatar

    It's not just the version, it's that it seems to be installed from source (from the Gem in this case) and running on unknown/untested dependencies instead of using the official, self-contained packages.

    You can see the version with: arachni --version

  13. 13 Posted by rohitcse08 on 14 Apr, 2015 10:04 AM

    rohitcse08's Avatar

    Hi Tasos,

    I have installed the current version from arachni website
    but i am not able to set up the web application now

    please check the attachment may be from there you get more idea of my proble and what i am doing wrong

    Thanks
    Rohit

  14. Support Staff 14 Posted by Tasos Laskos on 14 Apr, 2015 10:12 AM

    Tasos Laskos's Avatar

    Can you please show me the entire error output?

  15. 15 Posted by rohitcse08 on 14 Apr, 2015 10:21 AM

    rohitcse08's Avatar

    here it is

    Unable to load the EventMachine C extension; To use the pure-ruby reactor, require 'em/pure_ruby'
    /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/eventmachine-1.0.3/lib/eventmachine.rb:8:in `require': libstdc++.so.6: cannot open shared object file: No such file or directory - /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/extensions/x86-linux/2.1.0/eventmachine-1.0.3/rubyeventmachine.so (LoadError)
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/eventmachine-1.0.3/lib/eventmachine.rb:8:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/thin-1.6.3/lib/thin.rb:7:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/thin-1.6.3/lib/thin.rb:7:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:76:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:76:in `block (2 levels) in require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:72:in `each'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:72:in `block in require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:61:in `each'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler/runtime.rb:61:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/bundler-1.7.8/lib/bundler.rb:134:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config/application.rb:15:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/usr/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/usr/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config/environment.rb:13:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/usr/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/usr/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config.ru:3:in `block in <main>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:55:in `instance_eval'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:55:in `initialize'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config.ru:in `new'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/arachni-ui-web/config.ru:in `<main>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:49:in `eval'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:49:in `new_from_string'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/builder.rb:40:in `parse_file'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:277:in `build_app_and_options_from_config'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:199:in `app'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:314:in `wrapped_app'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:250:in `start'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/lib/rack/server.rb:141:in `start'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/system/gems/gems/rack-1.5.2/bin/rackup:4:in `<top (required)>'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/bin/../system/gems/bin/rackup:23:in `load'
        from /home/Champion/Desktop/arachni-1.0.6-0.5.6/bin/../system/gems/bin/rackup:23:in `<main>'
    
  16. Support Staff 16 Posted by Tasos Laskos on 14 Apr, 2015 10:51 AM

    Tasos Laskos's Avatar

    And you just ran it like ./bin/arachni_web right?

  17. 17 Posted by rohitcse08 on 14 Apr, 2015 10:56 AM

    rohitcse08's Avatar

    Went to bin directory
    then used the command ./arachni_web

  18. Support Staff 18 Posted by Tasos Laskos on 14 Apr, 2015 12:55 PM

    Tasos Laskos's Avatar

    Did you download the right package for the VM's architecture? (32bit vs 64bit)

  19. Tasos Laskos closed this discussion on 06 May, 2015 01:20 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac