Arachni login_script

Renato's Avatar

Renato

05 Aug, 2015 02:50 AM

Hello,
I am having difficulties to work with authenticated scans...I tried in two different websites with no success. Here one example:

browser.goto 'http://<site>/Login.aspx'
browser.text_field(:id => '<nameID>').set('user')
browser.text_field(:id => '<namePass>').set('pass')
browser.input(:name => '<nameButton>').click
sleep(3)
framework.options.session.check_url = 'http://<site>/default.aspx'
framework.options.session.check_pattern = 'USAee USA-CAN'

also tried with .js with:

document.getElementById('<nameID>').value   = 'user';
document.getElementById('<namePass>').value = 'pass';
document.getElementByName('<nameButton>').submit();

Cmd line:

arachni/bin/arachni http://<site>/Login.aspx --report-save-path scans_results/test.arf --scope-exclude-pattern=logout.aspx --plugin=login_script:script=auth/test.rb --session-check-url=http://<site>/default.aspx --output-debug 3 --session-check-pattern='<string to check>'

Error: I get the error that the text box for username can't be found (below). That being said...if I build the same script in the command line by using watir, phantomjs, others...same id name...works flawless.

Arachni - Web Application Security Scanner Framework v1.2.1
   Author: Tasos "Zapotek" Laskos <[email blocked]>

           (With the support of the community and the Arachni Team.)

   Website:       http://arachni-scanner.com
   Documentation: http://arachni-scanner.com/wiki


 [~] No checks were specified, loading all.
 [~] No element audit options were specified, will audit links, forms, cookies, JSONs and XMLs.

 [*] Initializing...
 [*] Preparing plugins...
 [*] ... done.
 [~] Login script: System paused.
 [~] Login script: Running the script.
 [-] Session: [Watir::Exception::UnknownObjectException] unable to locate element, using {:id=>"<nameID>", :tag_name=>"input or textarea", :type=>"(any text type)"}
 [-] Session: /opt/sspider/arachni/components/plugins/login_script.rb:29:in `eval'

Any tips ? Thank you

  1. Support Staff 1 Posted by Tasos Laskos on 05 Aug, 2015 11:29 AM

    Tasos Laskos's Avatar

    Can you print the body of the login page right after you load it?
    Something may be preventing it from loading properly.

  2. 2 Posted by Renato on 05 Aug, 2015 04:35 PM

    Renato's Avatar

    Hello Tasos,
    Thank you for your prompt response. You're right...when I do a puts browser.html
    I get...

     [*] Initializing...
     [*] Preparing plugins...
     [*] ... done.
     [~] Login script: System paused.
     [~] Login script: Running the script.
    <html><head></head><body></body></html>
    

    Now, if I do the same outside arachni and run the script:

    $ ruby test1.rb
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns= ...
    ...
    
  3. Support Staff 3 Posted by Tasos Laskos on 05 Aug, 2015 04:39 PM

    Tasos Laskos's Avatar

    There may be a timeout somewhere or something like that. Can you enable --output-debug 3 and post the output please?

  4. 4 Posted by Renato on 05 Aug, 2015 04:53 PM

    Renato's Avatar

    Attached, just changed the hostname for obvious reasons :). Thanks

  5. Support Staff 5 Posted by Tasos Laskos on 06 Aug, 2015 10:05 AM

    Tasos Laskos's Avatar

    I'm not seeing the info that I expected, did you set debug level to 3?

  6. 6 Posted by Renato on 06 Aug, 2015 04:07 PM

    Renato's Avatar
    arachni/bin/arachni http://url --report-save-path scans_results/test.arf --scope-exclude-pattern=logout.aspx --plugin=login_script:script=auth/test.rb --session-check-url=http://urlafterauth --output-debug 3 --session-check-pattern='pattern2check' > 
    test 2>&1
    

    that is what I am using.

  7. Support Staff 7 Posted by Tasos Laskos on 06 Aug, 2015 04:16 PM

    Tasos Laskos's Avatar

    Seems about right, although in the debug output there are no HTTP requests being made, at all.
    There should have been at least one, requesting the login page from your script.

    Any chance you can send me the unmasked data in private in order to reproduce the case?
    Something fishy is going on.

  8. Support Staff 8 Posted by Tasos Laskos on 30 Sep, 2015 02:53 PM

    Tasos Laskos's Avatar

    Closing due to lack of feedback, please provide the requested information if you'd like me to pursue this further.

  9. Tasos Laskos closed this discussion on 30 Sep, 2015 02:53 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac