or Create a profile

Home Problems

JS-rich login scripts not working on Linux/Ubuntu

tester's Avatar

tester

04 Jan, 2017 03:08 AM

I have verified Arachni is working well for a test application (http://zero.webappsecurity.com) on Mac and Ubuntu, for Arachni v1.4 and the nightly from 28 Dec 2016.

However when I run a login script for a JavaScript-rich application, it only works using the nightly on my Mac. Below is the error message using the nightly on Ubuntu. Please let me know whether further information is needed.

Arachni - Web Application Security Scanner Framework v2.0dev
   Author: Tasos "Zapotek" Laskos <[email blocked]>

           (With the support of the community and the Arachni Team.)

   Website:       http://arachni-scanner.com
   Documentation: http://arachni-scanner.com/wiki


 [~] No element audit options were specified, will audit links, forms, cookies, UI inputs, UI forms, JSONs and XMLs.

 [*] Initializing...
 [*] Preparing plugins...
 [~] Login script: Running the script.

 [-] [utilities#exception_jail:428] Session: [Watir::Wait::TimeoutError] timed out after 30 seconds, waiting for {:id=>"id-username", :tag_name=>"input or textarea", :type=>"(any text type)"} to become present
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `eval'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.8.0/lib/watir-webdriver/wait.rb:173:in `wait_until_present'
 [-] [utilities#exception_jail:428] Session: (eval):39:in `block in prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `eval'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `block in prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:47:in `call'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:47:in `block in prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:322:in `call'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:322:in `login_from_sequence'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:245:in `block in login'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:244:in `login'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:57:in `prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:68:in `block in run'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `each'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `run'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework/parts/state.rb:348:in `prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework.rb:110:in `run'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/ui/cli/framework.rb:80:in `block in run'
 [-] [utilities#exception_jail:429] Session: 
 [-] [utilities#exception_jail:430] Session: Parent:
 [-] [utilities#exception_jail:431] Session: Arachni::Session
 [-] [utilities#exception_jail:432] Session: 
 [-] [utilities#exception_jail:433] Session: Block:
 [-] [utilities#exception_jail:434] Session: #<Proc:0x000000057bcb68@/usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:244>
 [-] [utilities#exception_jail:435] Session: 
 [-] [utilities#exception_jail:436] Session: Caller:
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:244:in `login'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:57:in `prepare'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:68:in `block in run'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `each'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `run'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework/parts/state.rb:348:in `prepare'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework.rb:110:in `run'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/ui/cli/framework.rb:80:in `block in run'
 [-] [utilities#exception_jail:438] Session: --------------------------------------------------------------------------------
 [-] [components/plugins/login_script#prepare:59] Login script: [Watir::Wait::TimeoutError] timed out after 30 seconds, waiting for {:id=>"id-username", :tag_name=>"input or textarea", :type=>"(any text type)"} to become present
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `eval'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.8.0/lib/watir-webdriver/wait.rb:173:in `wait_until_present'
 [-] [components/plugins/login_script#prepare:59] Login script: (eval):39:in `block in prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `eval'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `block in prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:47:in `call'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:47:in `block in prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:322:in `call'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:322:in `login_from_sequence'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:245:in `block in login'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:244:in `login'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:57:in `prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:68:in `block in run'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `each'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `run'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework/parts/state.rb:348:in `prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework.rb:110:in `run'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/ui/cli/framework.rb:80:in `block in run'
 [-] [components/plugins/login_script#set_status:99] Login script: An error was encountered while executing the login script.
 [~] Login script: Aborting the scan.
 [*] ... done.

  1. Support Staff 1 Posted by Tasos Laskos on 04 Jan, 2017 11:38 AM

    Tasos Laskos's Avatar

    Can I see the logins script please?
    There shouldn't be any difference across operating systems.

    Cheers

  2. 2 Posted by tester on 04 Jan, 2017 03:18 PM

    tester's Avatar

    Hi Tasos. Here is a summary:

    Expected (works on Mac)

    Navigate to landing/login page for various app's
    App's are listed in dropdown
    User selects app from dropdown
    Username field and "Next" button appear
    User enters username and clicks "Next"
    Password field appears
    User enters password and signs in

    Actual (on Ubuntu)

    Navigates to login page (HTML loads but not displayed in screenshot)
    Appropriate dropdown option selected (dropdown items not in screenshot but in HTML)
    Arachni attempts to locate username text field, but it does not load (not even in the HTML)

    Below are the login script and snippet of HTML for the dropdown item that is clicked.

    Login Script (contains steps for delays, prints, and screen captures for debugging):

    browser.goto 'https://my.site.com/login.html'
sleep 15
browser.screenshot.save ("arachni_goto.png")
# The next dropdown contains a list of web applications that the user wants to log into
browser.button(:id => "id-dropdown").wait_until_present(30)
# The next two screenshots show the dropdown element present, but items in the dropdown list do not load
# However, the dropdown items are present in an html dump (puts browser.html)
browser.screenshot.save ("arachni_dropdown_found.png")
browser.button(:id => "id-dropdown").click
sleep 5
browser.screenshot.save ("arachni_show_dropdown.png")
#  Clicking dropdown option is supposed to load text field for username but does not load text field
browser.label(:id => 'dropdown_option2').click
#browser.div(:id => 'option2').click  # Also tried clicking this element
sleep 5
browser.screenshot.save ("arachni_select.png")
puts browser.html  #  HTML dump shows dropdown elements but no username text field
browser.text_field(id: 'id-username').wait_until_present(30) # <------ Fails at this next step; 

browser.text_field(id: 'id-username').set 'myuserid'
browser.button(id: 'id-continue').click
browser.img(:id => 'id-image').click
browser.screenshot.save ("arachni_click_image.png")
browser.text_field(id: 'id-password').set 'password'
browser.send_keys :enter
browser.a(:id => "my-accounts").wait_until_present(25)
framework.options.session.check_url = 'https://my.site.com/account-summary'
framework.options.session.check_pattern = ""

    The following shows the HTML for the dropdown item that is clicked, and is supposed to load the username field:

    <div id="option2" tabindex="-1" role="option" class="item-list" ng-click="itemSelected('languageJsonProps.xxxx.xxxx.text', 'App #2')">                   
    <label id="dropdown_option2" class="item-list-label ng-scope" style="float:left; margin-right:5px;" translate-default="App #2" translate="languageJsonProps.xxxx.xxxx.text">App #2</label>                            
</div>

  3. Support Staff 3 Posted by Tasos Laskos on 05 Jan, 2017 11:36 AM

    Tasos Laskos's Avatar

    Any chance I can be given access to the webapp?

  4. Tasos Laskos closed this discussion on 05 Feb, 2017 11:13 AM.

Comments are currently closed for this discussion. You can start a new one.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from Arachni or the discussion starter are required.

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and Arachni support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

26 Jun, 2017 08:28 PM adding request header via web interface
26 Jun, 2017 10:56 AM Arachni RPC running with many bugs.
26 Jun, 2017 07:45 AM the --scope-page-limit options
26 Jun, 2017 05:44 AM java rest client
23 Jun, 2017 11:24 AM proxy login check - clarification

Recent Articles

Optimizing for faster scans
Service scanning
Software as a Service (Saas)