tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/4071-login_script-and-web-appArachni: Discussion 2016-08-08T09:59:29Ztag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T12:58:56Z2016-08-02T12:58:56Zlogin_script and web app<div><p>Hello,</p>
<p>Did you check the relevant article?</p>
<p><a href="http://support.arachni-scanner.com/kb/general-use/logging-in-and-maintaining-a-valid-session#without-browser-fast-">
http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...</a></p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T13:05:21Z2016-08-02T13:05:50Zlogin_script and web app<div><p>Of course</p>
<p>Main problem for me is that APP_API Content-type is
"x-www-form-urlencoded". That why i can't generate
login_script.</p>
<p>Now I try to use this code snippet:</p>
<pre>
<code>request["content-type"] = 'application/x-www-form-urlencoded'
request.body = "user%5Bemail%5D=XXX&user%5Bpassword%5D=XXX&remember_me=true"
response = http.request(request)
framework.options.session.check_url = to_absolute( /auth/login, https://api.test.com )
framework.options.session.check_pattern = /Sign Off|MY ACCOUNT/</code>
</pre>
<p>And see error in console</p></div>yuri.komarovtag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T13:08:42Z2016-08-02T13:08:42Zlogin_script and web app<div><p>Try:</p>
<pre>
<code>response = http.post( 'https://API_URL',
body: "user%5Bemail%5D=XXX&user%5Bpassword%5D=XXX&remember_me=true",
headers: {
'Content-Type' => 'application/x-www-form-urlencoded'
}
mode: :sync,
update_cookies: true
)</code>
</pre>
<p>You may need to un-encode the <code>:body</code>, I'm not
sure.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T14:04:52Z2016-08-02T14:07:48Zlogin_script and web app<div><pre>
<code> [~] No checks were specified, loading all.
[~] No element audit options were specified, will audit links, forms, cookies, UI inputs, UI forms, JSONs and XMLs.
[*] Initializing...
[*] Preparing plugins...
[-] [ui/cli/framework#run:103] Invalid options for component: login_script
* Invalid type: script => '/root/Documents/arachni_login_script/test.xxx.com.rb'
* Expected type: path</code>
</pre></div>yuri.komarovtag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T14:06:04Z2016-08-02T14:06:04Zlogin_script and web app<div><p>You forgot the username after <code>/home/</code>.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T14:13:02Z2016-08-02T14:13:02Zlogin_script and web app<div><p>Oh, God... My mistake</p>
<pre>
<code>[~] Login script: Running the script.
[-] [components/plugins/login_script#prepare:59] Login script: [SyntaxError] (eval):6: syntax error, unexpected tIDENTIFIER, expecting ')'
mode: :sync,
^
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/components/plugins/login_script.rb:29:in `eval'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/components/plugins/login_script.rb:29:in `block in prepare'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/components/plugins/login_script.rb:50:in `block in prepare'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/session.rb:322:in `login_from_sequence'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/session.rb:245:in `block in login'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/utilities.rb:425:in `exception_jail'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/session.rb:244:in `login'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/components/plugins/login_script.rb:57:in `prepare'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/plugin/manager.rb:67:in `block in run'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/plugin/manager.rb:65:in `each'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/plugin/manager.rb:65:in `run'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/framework/parts/state.rb:348:in `prepare'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/framework.rb:110:in `run'
[-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/ui/cli/framework.rb:63:in `block in run'
[-] [components/plugins/login_script#set_status:99] Login script: An error was encountered while executing the login script.
[~] Login script: Aborting the scan.
[*] ... done.</code>
</pre></div>yuri.komarovtag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T14:14:21Z2016-08-02T14:14:21Zlogin_script and web app<div><p>You've got a syntax error in the script, the error points you to
the location.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T14:20:26Z2016-08-02T14:20:26Zlogin_script and web app<div><pre>
<code>response = http.post( 'https://api.xxx.com/auth/login',
body: {
'user[email]' => 'XXX',
'user[password]' => 'XXX',
'rember_me' => 'true'
}
headers: {
'Content-Type' => 'application/x-www-form-urlencoded'
}
mode: :sync,
update_cookies: true
)
framework.options.session.check_url = to_absolute( response.headers.location, response.url )
framework.options.session.check_pattern = /Sign Off|MY ACCOUNT/</code>
</pre>
<p>What the problem is? (((</p></div>yuri.komarovtag:support.arachni-scanner.com,2012-07-01:Comment/404568112016-08-02T14:22:39Z2016-08-02T14:22:39Zlogin_script and web app<div><p>You forgot the commas after the <code>}</code> in the request
options.<br>
Also, you know you can't use the example
<code>framework.options.session</code> options, right?<br>
You need to set your own.</p></div>Tasos Laskos