Arachni is unable to crawl the links from a page

Sandor's Avatar

Sandor

13 Dec, 2016 08:44 AM

Hi Tasos,

I've been using Arachni (CLI) for quite some while and for most of my project it did the work flawlessly now I am stuck with a problem and for the last 2 weeks I was not able to find a solution for this, so here it is:

  1. I have a Java web app that uses 2 subdomains as follows:

    1. https://sub-domain-1.whatever.domain.com =>> this is used for login, once user is logged in, is redirected to sub-domain-2.
    2. https://sub-domain-2.whatever.domain.com =>> here the user is logged in and besides multiple hidden form tokens, the URL also contains a token, like so: https://sub-domain-2.whatever.domain.com/admin/pagesnames/?token=xx...
  2. I am using the login plugin script and the user is correctly logged in to the app, I added the screenshot options as well to the login script (besides the word matching validation) and it clearly shows the "behind login scene"

  3. The Issue:

    1. After the login is successfully done, the arachni does not find any links within the page, and my setting are as follows: Login script is set to execute on sub-domain-1, the ./arachni script (to run the scan) is set to run against sub-domain-2 but it scans only the base URL.
    2. The URL of every link (in the page source) is as follows: src="admin/pagesnames/?token=xxxxxxxTOKENxxxxx", a more details structure is here: <a id="linkID" href="index.jsp?show=pageSelect&resetFilters=true&sortedBy=%25&firstIndex=0&token=xxxxxxxTOKENxxxxx" target="_top" accesskey="B"
    3. Here is the actual command I ran: ./arachni https://sub-domain-2.whatever.domain.com --output-verbose --scope-include-subdomains --scope-include-pattern="^https://sub-domain-2.whatever.domain.com/admin/pagesnames/?token=.*" --plugin=login_script:script=$plugin_login_script --scope-exclude-pattern="$plugin_logout_exclude" --browser-cluster-ignore-images --browser-cluster-pool-size=$browsers_PoolSize --http-request-concurrency=$requestConcurrency --checks=$security_checklist (tried escaping the characters but still nothing)

To be more specific, I am expecting at every page crawled to add the token in the URL... Every src instance from page already contains this token, the lins are already formed once the user is logged in but arachni does not find/scan anything but the base URL...

...Please help :)

Thank you.

  1. Support Staff 1 Posted by Tasos Laskos on 14 Dec, 2016 11:05 AM

    Tasos Laskos's Avatar

    Can you try removing the --scope-include-subdomains and --scope-include-pattern options and see if that makes any difference?
    Those 2 configuration cancel each other out and can cause trouble.

  2. Support Staff 2 Posted by Tasos Laskos on 28 Dec, 2016 02:46 PM

    Tasos Laskos's Avatar

    I'll assume that my advice did the trick and close this discussion.

  3. Tasos Laskos closed this discussion on 28 Dec, 2016 02:46 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac