autologin: undefined method `url' for nil:NilClass

Marco Eberl's Avatar

Marco Eberl

07 May, 2015 01:46 PM

Hi Team,

I'm new to Arachni and i always get following error when using autologin:

plugins:
  autologin:
    url: http://testhtml5.vulnweb.com/#/popular
    parameters: username=admin&password=admin
    check: <a href="/logout">Logout</a>
  autothrottle: 
  discovery: 
  healthmap: 
  timing_attacks: 
  uniformity: 
no_fingerprinting: false
authorized_by: 
url: http://testhtml5.vulnweb.com/
--------------------------------------------------------------------------------
[2015-05-07 09:35:44 -0400] [NoMethodError] undefined method `url' for nil:NilClass
[2015-05-07 09:35:44 -0400] /usr/share/arachni/system/gems/gems/arachni-1.0.6/components/plugins/autologin.rb:51:in `run'
[2015-05-07 09:35:44 -0400] /usr/share/arachni/system/gems/gems/arachni-1.0.6/lib/arachni/plugin/manager.rb:68:in `block (3 levels) in run'
[2015-05-07 09:35:44 -0400] /usr/share/arachni/system/gems/gems/arachni-1.0.6/lib/arachni/utilities.rb:395:in `call'
[2015-05-07 09:35:44 -0400] /usr/share/arachni/system/gems/gems/arachni-1.0.6/lib/arachni/utilities.rb:395:in `exception_jail'
[2015-05-07 09:35:44 -0400] /usr/share/arachni/system/gems/gems/arachni-1.0.6/lib/arachni/plugin/manager.rb:65:in `block (2 levels) in run'
[2015-05-07 09:35:44 -0400] 
[2015-05-07 09:35:44 -0400] Parent:
[2015-05-07 09:35:44 -0400] Arachni::RPC::Server::Plugin::Manager
[2015-05-07 09:35:44 -0400] 
[2015-05-07 09:35:44 -0400] Block:
[2015-05-07 09:35:44 -0400] #<Proc:0x00000002030c80@/usr/share/arachni/system/gems/gems/arachni-1.0.6/lib/arachni/plugin/manager.rb:65>
[2015-05-07 09:35:44 -0400] 
[2015-05-07 09:35:44 -0400] Caller:
[2015-05-07 09:35:44 -0400] /usr/share/arachni/system/gems/gems/arachni-1.0.6/lib/arachni/utilities.rb:395:in `exception_jail'
[2015-05-07 09:35:44 -0400] /usr/share/arachni/system/gems/gems/arachni-1.0.6/lib/arachni/plugin/manager.rb:65:in `block (2 levels) in run'
[2015-05-07 09:35:44 -0400] --------------------------------------------------------------------------------

I just want to scan a test site with a simple login.
What am i doing wrong?

Thanks

  1. Support Staff 1 Posted by Tasos Laskos on 07 May, 2015 01:49 PM

    Tasos Laskos's Avatar

    Hello, can you please grab the latest version?
    This bug should be fixed in v1.1.

    Cheers

    PS. That site doesn't really have a user system, that form is just for show.

  2. Tasos Laskos closed this discussion on 07 May, 2015 01:49 PM.

  3. Marco Eberl re-opened this discussion on 07 May, 2015 02:19 PM

  4. 2 Posted by Marco Eberl on 07 May, 2015 02:19 PM

    Marco Eberl's Avatar

    Thanks for the fast reply.
    Unfortunately i get the same error in v1.1...

  5. Support Staff 3 Posted by Tasos Laskos on 07 May, 2015 02:22 PM

    Tasos Laskos's Avatar

    Just to be safe, can you show me the error you get with v1.1 please?

  6. 4 Posted by Marco Eberl on 07 May, 2015 02:24 PM

    Marco Eberl's Avatar

    Of course:

    autologin:
        url: http://testhtml5.vulnweb.com
        parameters: username=admin&password=admin
        check: <a href="/logout">Logout</a>
      autothrottle: 
      discovery: 
      healthmap: 
      timing_attacks: 
      uniformity: 
    no_fingerprinting: false
    authorized_by: 
    url: http://testhtml5.vulnweb.com/
    --------------------------------------------------------------------------------
    [2015-05-07 10:16:02 -0400] [NoMethodError] undefined method `url' for nil:NilClass
    [2015-05-07 10:16:02 -0400] /root/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/components/plugins/autologin.rb:51:in `run'
    [2015-05-07 10:16:02 -0400] /root/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/plugin/manager.rb:75:in `block (3 levels) in run'
    [2015-05-07 10:16:02 -0400] /root/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/utilities.rb:400:in `call'
    [2015-05-07 10:16:02 -0400] /root/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/utilities.rb:400:in `exception_jail'
    [2015-05-07 10:16:02 -0400] /root/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/plugin/manager.rb:67:in `block (2 levels) in run'
    [2015-05-07 10:16:02 -0400] 
    [2015-05-07 10:16:02 -0400] Parent:
    [2015-05-07 10:16:02 -0400] Arachni::RPC::Server::Plugin::Manager
    [2015-05-07 10:16:02 -0400] 
    [2015-05-07 10:16:02 -0400] Block:
    [2015-05-07 10:16:02 -0400] #<Proc:0x000000043bcf78@/root/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/plugin/manager.rb:67>
    [2015-05-07 10:16:02 -0400] 
    [2015-05-07 10:16:02 -0400] Caller:
    [2015-05-07 10:16:02 -0400] /root/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/utilities.rb:400:in `exception_jail'
    [2015-05-07 10:16:02 -0400] /root/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/plugin/manager.rb:67:in `block (2 levels) in run'
    
  7. Support Staff 5 Posted by Tasos Laskos on 07 May, 2015 02:28 PM

    Tasos Laskos's Avatar

    Thanks, I'll investigate this issue further.

    Hopefully this is a specialized case which shouldn't cause you any issues when scanning a real site, but if it does you can use alternative ways to login until I sort this out.

    See: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...

  8. Support Staff 6 Posted by Tasos Laskos on 08 May, 2015 03:07 PM

    Tasos Laskos's Avatar

    Turns out, since the form is invisible until you click the "Login" button, the browser cannot locate it in order to submit it.

    That's fair enough since for more complex login sequences it is better to use the login_script plugin, but the autologin plugin should have handled the situation more gracefully.

    Working on that now.

  9. Support Staff 7 Posted by Tasos Laskos on 08 May, 2015 04:02 PM

    Tasos Laskos's Avatar

    Updated the plugin to fail gracefully and be informative: https://github.com/Arachni/arachni/commit/27fb09545557051294404d60b...

    Updated the relevant KB article: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...

    Thanks for the feedback. :)

  10. Tasos Laskos closed this discussion on 08 May, 2015 04:02 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac