tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/3700-autologin-doesnt-workArachni: Discussion 2015-05-10T13:17:25Ztag:support.arachni-scanner.com,2012-07-01:Comment/367682722015-05-06T18:31:34Z2015-05-06T18:35:39ZAutologin doesn't work<div><p>Hello,</p>
<p>I am using the latest version of Arachni (Framework 1.1 and
webUI 0.5.7), and the AutoLogin plugin doesn't seem to work, or
maybe I am missing something. My application is standard servlet
based, and I tried using both web-UI and command-line for Arachni,
but the autologin doesn't happen - Arachni discovers the form
accurately, and submits the credentials fine too. However, one
particular line in the debug log bothers me:</p>
<pre>
<code>[!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Thu, 01 Jan 1970 00:00:00 GMT", "Pragma"=>"no-cache", "Cache-Control"=>"no-cache", "Content-Type"=>"text/css", "Content-Length"=>"240", "Date"=>"Wed, 06 May 2015 18:09:26 GMT"}
[!] Client: ------------
[!] Browser: Loaded snapshot by URL: https://myserver/mypath/navigate?menuID=default
[!] Browser: fire_event [start]: submit ({:inputs=>{"username"=>"Administrator", "j_username"=>"Administrator", "j_password"=>"mypasswd"}}) <form name="logonForm" method="post" action="/Manager/j_security_check" autocomplete="off">
[!] Client: ------------
[!] Client: Queued request.
[!] Client: ID#: 13
[!] Client: Performer: #<Arachni::Browser pid=31534 last-url="https://myserver/mypath/navigate?menuID=default" transitions=13>
[!] Client: URL: https://myserver/Manager/j_security_check
[!] Client: Method: post
[!] Client: Params: {}
[!] Client: Body: username=Administrator&j_username=&j_password=mypasswd
[!] Client: Headers: {"Origin"=>"https://myserver", "User-Agent"=>"Arachni/v1.1", "Content-Type"=>"application/x-www-form-urlencoded", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"}</code>
</pre>
<p>Notice the Body: line, which has j_username set to (NULL). Can
this be the problem?</p>
<p>My commandline looks like this:</p>
<pre>
<code>bin/arachni https://myserver --output-debug 3 --checks=xss* --plugin autologin:url=https://myserver/mypath/navigate?menuID=default,parameters='username=Administrator&j_username=Administrator&j_password=mypasswd',check='Endpoint|Manage|Incidents|unexpected' --scope-exclude-pattern 'Logout|css|js|png|ico|Help|help'</code>
</pre>
<p>I have uploaded the entire log file, if that helps. Thanks in
advance.</p>
<p>-Amarendra</p></div>Amarendratag:support.arachni-scanner.com,2012-07-01:Comment/367682722015-05-06T18:47:12Z2015-05-06T18:47:12ZAutologin doesn't work<div><p>That'd odd, may I please try this myself?<br>
I can switch the discussion to private or you can send me the info
via e-mail if you prefer.</p>
<p>Cheers</p>
<p>PS. Excellent feedback!</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/367682722015-05-06T19:53:34Z2015-05-06T19:53:34ZAutologin doesn't work<div><p>Can't try, its an internally deployed/developed UI. Is there
something else I can check? Thanks.</p></div>Amarendratag:support.arachni-scanner.com,2012-07-01:Comment/367682722015-05-06T19:54:57Z2015-05-06T19:54:57ZAutologin doesn't work<div><p>Can you attach the HTML of the login page?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/367682722015-05-06T20:24:25Z2015-05-06T20:24:25ZAutologin doesn't work<div><p>I'll email you the login page. Thanks.</p></div>Amarendratag:support.arachni-scanner.com,2012-07-01:Comment/367682722015-05-10T13:17:24Z2015-05-10T13:17:24ZAutologin doesn't work<div><p>Discussion continued over e-mail, closing.</p></div>Tasos Laskos