tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/3968-problem-with-http-authenticationArachni: Discussion 2016-03-07T16:57:52Ztag:support.arachni-scanner.com,2012-07-01:Comment/393077332016-03-02T14:08:58Z2016-03-02T14:08:58ZProblem with http authentication<div><p>I have a problem with http authentication. When I use a browser
to log in to the application there is a pop-up window to enter the
username and password. So using Arachni through command line I used
parameters –http-authentication-username and
–http-authentication-password.</p>
<p>I ran Arachni like this:<br>
arachni <a href="http://000.000.00.0:0000/">http://000.000.00.0:0000/</a>
--http-authentication-username "my_user_name"
–http-authentication-password "my_password"
–scope-exclude-pattern=logout</p>
<p>Unfortunately authentication failed and Arachni did not perform
security scan, only visited home page (<a href="http://my_page/">http://my_page/</a>). In the generated report, in
sitemap section, there is only this home page with the http status
code 401.</p>
<p>Is there any other parameter I should set? Or is this possible
that the problem is due to special characters in password like
exclamation mark?</p>
<p>I have also tried passing credentials in the URL, but I get the
same output, also 401 status code. Am I right that in this case it
is not possible to use autologin plugin, because I don’t have
login form, just http authentication?</p>
<p>This is my first time using arachni and I have no idea where is
the problem. I would be grateful for any help and suggestion.</p></div>ktabc123tag:support.arachni-scanner.com,2012-07-01:Comment/393077332016-03-02T14:14:55Z2016-03-02T14:14:55ZProblem with http authentication<div><p>Hello,</p>
<p>Yeah this isn't a situation where the autologin plugin would
help.<br>
The site isn't using NTLM authentication by any chance is it?</p>
<p>Cheers</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/393077332016-03-07T08:39:48Z2016-03-07T08:39:49ZProblem with http authentication<div><p>Thank you for the response. The authentication header starts
with NTLM, so I suppose the site uses NTLM. Is this a problem?</p></div>ktabc123tag:support.arachni-scanner.com,2012-07-01:Comment/393077332016-03-07T12:19:15Z2016-03-07T12:19:15ZProblem with http authentication<div><p>Authentication type is supposed to be auto-detected although it
was brought to my attention recently that this doesn't always
work.<br>
The <a href="http://downloads.arachni-scanner.com/nightlies/">nightlies</a> now
include the <code>--http-authentication-type</code> option so that
the user can explicitly specify the proper type.</p>
<p>Give that a try and let me know how it works.</p>
<p>Cheers</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/393077332016-03-07T16:57:08Z2016-03-07T16:57:09ZProblem with http authentication<div><p>Now it works. Thank you vary much for help :)</p></div>ktabc123tag:support.arachni-scanner.com,2012-07-01:Comment/393077332016-03-07T16:57:51Z2016-03-07T16:57:51ZProblem with http authentication<div><p>Excellent. :)</p></div>Tasos Laskos