REST API - Not detecting Any Issues

APOL0's Avatar

APOL0

01 Sep, 2016 08:48 PM

Hello,
I am testing the REST API module and it does not detect any issue for any website (including websites with vulnerabilities). Please note that I only added the value (url). Is there any specific parameter for that?

Thanks!

  1. Support Staff 1 Posted by Tasos Laskos on 01 Sep, 2016 08:52 PM

    Tasos Laskos's Avatar

    That makes sense, you haven't enabled any security checks, see the example: https://github.com/Arachni/arachni/wiki/REST-API#example-client

  2. 2 Posted by APOL0 on 01 Sep, 2016 09:21 PM

    APOL0's Avatar

    That makes sense. My bad! Thank you for the quick response.

  3. Support Staff 3 Posted by Tasos Laskos on 01 Sep, 2016 09:22 PM

    Tasos Laskos's Avatar

    No worries.

    Cheers

  4. Tasos Laskos closed this discussion on 01 Sep, 2016 09:22 PM.

  5. APOL0 re-opened this discussion on 05 Sep, 2016 01:35 PM

  6. 4 Posted by APOL0 on 05 Sep, 2016 01:35 PM

    APOL0's Avatar

    Hello Tasos,

    We are using all checks but still is not detecting critical issues such as (XSS, SQLi, RCE). I tested http://testphp.vulnweb.com/ the rest API is identifying only the 40% of the problems, however, on the Web Interface, it detects all the vulnerabilities.

  7. Support Staff 5 Posted by Tasos Laskos on 05 Sep, 2016 01:37 PM

    Tasos Laskos's Avatar

    Are you sure you're using the same configuration for both the WebUI and the REST API?

  8. 6 Posted by APOL0 on 05 Sep, 2016 01:41 PM

    APOL0's Avatar

    I am just sending the URL and check all to the API, is that the default policy for the WebUI? Maybe I am missing something or obviously :-)

  9. Support Staff 7 Posted by Tasos Laskos on 05 Sep, 2016 01:53 PM

    Tasos Laskos's Avatar

    Try setting this option:

    audit: {
        elements: ['link', 'form', 'cookie']
    }
    
  10. 8 Posted by APOL0 on 05 Sep, 2016 08:57 PM

    APOL0's Avatar

    Now it's working.

    Thanks!

  11. Tasos Laskos closed this discussion on 05 Sep, 2016 08:57 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac