Single page app AutoLogin not working
I have a react single page webapp that I would like to log into
with arachni, but am having difficulty.
I am running:
arachni --plugin=autologin:url=MYLOGINPAGE,parameters='email=MYEMAIL&password=MYPASS',check='Welcome' MYBASEURL
and my form looks like:
<form>
<Input id="email" type="text" name="email" />
<Input id="password" type="password" name="password" />
<Button>submit</Button>
</form>
This results in
[*] Initializing...
[*] Preparing plugins...
[*] ... done.
[~] AutoLogin: System paused.
[-] Session: [Arachni::Session::Error::FormNotFound] Login form could not be found with: {...provided parameters...}
... session output ...
[-] AutoLogin: Could not find a form suiting the provided parameters.
[~] AutoLogin: Aborting the scan.
I am submitting my form via an onClick event set in JS, but I am
not sure why that would cause a form not to be able to be located,
and that is the only unusual feature in my app I can see compared
to the examples. I found
http://support.arachni-scanner.com/discussions/questions/121-unable...
but was unable to get any further.
Thanks for any help.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 17 Dec, 2015 09:28 PM
If the form is hidden by default then the browser won't be able to see it, for those cases it's better to write a custom login script.
Also, the autologin plugin will trigger a
submit
event on the form instead of clicking a button, so again, you'd be better off with a login script.About ReactJS, coverage may not be optimal due to the way it handles events (it generally works with delegated events which are hard for Arachni to see at the moment (except for jQuery), that feature is scheduled for v1.5).
2 Posted by maxprafferty on 18 Dec, 2015 10:25 PM
Hi Tasos,
Thanks for the reply. The form isn't hidden by default per-se, but my suspicion is that because it needs to be rendered by React the delay between dom-ready and the first react render is causing the form to not be found.
With respect to it being an issue with a submit being triggered as opposed to a click, would I still be seeing "Could not find a form suiting the provided parameters.", or would there be another error that would trigger? If not, is there another way I can distinguish between that and the form actually not found in order to get to the root of the problem?
Support Staff 3 Posted by Tasos Laskos on 18 Dec, 2015 10:40 PM
You can tell the system to wait until certain elements become visible for certain pages.
The submission failure would result in the login check failing, as the submit event would probably just
POST
the form, which I'm guessing in your case would not result in a successful login.So, just use a login script and you'll be OK.
Tasos Laskos closed this discussion on 19 Jan, 2016 01:54 PM.