"filesize_exceeded" err msg!

Joseph's Avatar

Joseph

26 Oct, 2016 05:52 AM

Hi Tasos
I've used nightlies(arachni-2.0dev-1.0dev-windows-x86_64) to test.
Then scan a web app by default profile, but I got a err msg as below:
[2016-10-26 12:01:05 +0800] [HTTP: 200] https://192.168.70.115/OpenSrc/angular/angular.js [2016-10-26 12:01:05 +0800] [filesize_exceeded] Maximum file size exceeded [2016-10-26 12:09:00 +0800] [HTTP: 200] https://192.168.70.115/OpenSrc/echarts/build/dist/echarts-all.js [2016-10-26 12:09:00 +0800] [filesize_exceeded] Maximum file size exceeded [2016-10-26 12:27:15 +0800] [Errno::ENOTSOCK] An operation was attempted on something that is not a socket.

  1. Support Staff 1 Posted by Tasos Laskos on 26 Oct, 2016 07:58 AM

    Tasos Laskos's Avatar

    For the filesize_exceeded error see: https://github.com/Arachni/arachni/wiki/Command-line-user-interface...
    For Errno::ENOTSOCK, I'm afraid I'm going to need its backtrace.

  2. 2 Posted by Joseph on 27 Oct, 2016 09:51 AM

    Joseph's Avatar

    Thank you for your reply.
    I've chang the Response max size setting 500000->1000000, but I got a new err msg "[operation_timedout] Timeout was reached".
    And "[Errno::ENOTSOCK] An operation was attempted on something that is not a socket." err msg still pop up.

  3. Support Staff 3 Posted by Tasos Laskos on 27 Oct, 2016 09:53 AM

    Tasos Laskos's Avatar

    You may also need to increase the HTTP timeout.
    About the ENOTSOCK error, do you have a backtrace for it?

  4. 4 Posted by Joseph on 01 Nov, 2016 06:54 AM

    Joseph's Avatar

    Hi Tasos
    Thank you for your reply.
    I've increase "Http response max size" to 1500000 and "Http request timeout" to 30000 then solve [filesize_exceeded] and [operation_timedout] err msg.
    But could you teach me how to backtrace the "ENOTSOCK" error?

  5. Support Staff 5 Posted by Tasos Laskos on 01 Nov, 2016 06:58 AM

    Tasos Laskos's Avatar

    There should be a bunch of lines printed after [Errno::ENOTSOCK] An operation was attempted on something that is not a socket. with source locations, method names and line numbers. Are there not?

  6. 6 Posted by Joseph on 01 Nov, 2016 08:03 AM

    Joseph's Avatar

    Thank you for your reply.
    I've used nightlies(arachni-2.0dev-1.0dev-windows-x86_64)"28-Oct-2016 09:31" to test.
    I've got two err msg "[ArgumentError] Complete absolute URL required." and "[Errno::ENOTSOCK] An operation was attempted on something that is not a socket."
    Please refer to the attachment file.

  7. 7 Posted by Joseph on 04 Nov, 2016 05:25 AM

    Joseph's Avatar

    Hi Tasos
    Could you help me check error log as attatchment file that on nightly build test.
    Thanks!

  8. Support Staff 8 Posted by Tasos Laskos on 05 Nov, 2016 09:50 AM

    Tasos Laskos's Avatar

    I was out of the country the last few days, I'm uploading nightlies now with a yet more informative error message so that you can retry, hopefully for the last time.
    I'll let you know once they're up.

  9. Support Staff 9 Posted by Tasos Laskos on 05 Nov, 2016 08:25 PM

    Tasos Laskos's Avatar

    Nightlies are up.

  10. 10 Posted by joseph on 14 Nov, 2016 09:59 AM

    joseph's Avatar

    Hi Tasos
    So sorry for too late reply!
    I've use 2016/11/06 nightly build test, but test results with the previous is very different.
    We've no change "Login form" and autologin setting, but pop up another err msg as below:

    [Arachni::Session::Error::FormNotFound] Login form could not be found

  11. Support Staff 11 Posted by Tasos Laskos on 17 Nov, 2016 04:48 PM

    Tasos Laskos's Avatar

    Did you try logging-in via the login_script plugin?
    If you're not sure how to do that, is there any chance I can be given access to the webapp?

  12. Tasos Laskos closed this discussion on 14 Dec, 2016 02:13 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac