JS-rich login scripts not working on Linux/Ubuntu

tester's Avatar

tester

04 Jan, 2017 03:08 AM

I have verified Arachni is working well for a test application (http://zero.webappsecurity.com) on Mac and Ubuntu, for Arachni v1.4 and the nightly from 28 Dec 2016.

However when I run a login script for a JavaScript-rich application, it only works using the nightly on my Mac. Below is the error message using the nightly on Ubuntu. Please let me know whether further information is needed.

Arachni - Web Application Security Scanner Framework v2.0dev
   Author: Tasos "Zapotek" Laskos <[email blocked]>

           (With the support of the community and the Arachni Team.)

   Website:       http://arachni-scanner.com
   Documentation: http://arachni-scanner.com/wiki


 [~] No element audit options were specified, will audit links, forms, cookies, UI inputs, UI forms, JSONs and XMLs.

 [*] Initializing...
 [*] Preparing plugins...
 [~] Login script: Running the script.

 [-] [utilities#exception_jail:428] Session: [Watir::Wait::TimeoutError] timed out after 30 seconds, waiting for {:id=>"id-username", :tag_name=>"input or textarea", :type=>"(any text type)"} to become present
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `eval'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.8.0/lib/watir-webdriver/wait.rb:173:in `wait_until_present'
 [-] [utilities#exception_jail:428] Session: (eval):39:in `block in prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `eval'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `block in prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:47:in `call'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:47:in `block in prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:322:in `call'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:322:in `login_from_sequence'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:245:in `block in login'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:244:in `login'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:57:in `prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:68:in `block in run'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `each'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `run'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework/parts/state.rb:348:in `prepare'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework.rb:110:in `run'
 [-] [utilities#exception_jail:428] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/ui/cli/framework.rb:80:in `block in run'
 [-] [utilities#exception_jail:429] Session: 
 [-] [utilities#exception_jail:430] Session: Parent:
 [-] [utilities#exception_jail:431] Session: Arachni::Session
 [-] [utilities#exception_jail:432] Session: 
 [-] [utilities#exception_jail:433] Session: Block:
 [-] [utilities#exception_jail:434] Session: #<Proc:0x000000057bcb68@/usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:244>
 [-] [utilities#exception_jail:435] Session: 
 [-] [utilities#exception_jail:436] Session: Caller:
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:244:in `login'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:57:in `prepare'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:68:in `block in run'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `each'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `run'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework/parts/state.rb:348:in `prepare'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework.rb:110:in `run'
 [-] [utilities#exception_jail:437] Session: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/ui/cli/framework.rb:80:in `block in run'
 [-] [utilities#exception_jail:438] Session: --------------------------------------------------------------------------------
 [-] [components/plugins/login_script#prepare:59] Login script: [Watir::Wait::TimeoutError] timed out after 30 seconds, waiting for {:id=>"id-username", :tag_name=>"input or textarea", :type=>"(any text type)"} to become present
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `eval'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.8.0/lib/watir-webdriver/wait.rb:173:in `wait_until_present'
 [-] [components/plugins/login_script#prepare:59] Login script: (eval):39:in `block in prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `eval'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:29:in `block in prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:47:in `call'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:47:in `block in prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:322:in `call'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:322:in `login_from_sequence'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:245:in `block in login'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/session.rb:244:in `login'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/components/plugins/login_script.rb:57:in `prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `call'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/utilities.rb:425:in `exception_jail'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:68:in `block in run'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `each'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/plugin/manager.rb:65:in `run'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework/parts/state.rb:348:in `prepare'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/lib/arachni/framework.rb:110:in `run'
 [-] [components/plugins/login_script#prepare:59] Login script: /usr/local/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-112cbeec43ce/ui/cli/framework.rb:80:in `block in run'
 [-] [components/plugins/login_script#set_status:99] Login script: An error was encountered while executing the login script.
 [~] Login script: Aborting the scan.
 [*] ... done.
  1. Support Staff 1 Posted by Tasos Laskos on 04 Jan, 2017 11:38 AM

    Tasos Laskos's Avatar

    Can I see the logins script please?
    There shouldn't be any difference across operating systems.

    Cheers

  2. 2 Posted by tester on 04 Jan, 2017 03:18 PM

    tester's Avatar

    Hi Tasos. Here is a summary:

    Expected (works on Mac)

    Navigate to landing/login page for various app's
    App's are listed in dropdown
    User selects app from dropdown
    Username field and "Next" button appear
    User enters username and clicks "Next"
    Password field appears
    User enters password and signs in

    Actual (on Ubuntu)

    Navigates to login page (HTML loads but not displayed in screenshot)
    Appropriate dropdown option selected (dropdown items not in screenshot but in HTML)
    Arachni attempts to locate username text field, but it does not load (not even in the HTML)

    Below are the login script and snippet of HTML for the dropdown item that is clicked.

    Login Script (contains steps for delays, prints, and screen captures for debugging):

    browser.goto 'https://my.site.com/login.html'
    sleep 15
    browser.screenshot.save ("arachni_goto.png")
    # The next dropdown contains a list of web applications that the user wants to log into
    browser.button(:id => "id-dropdown").wait_until_present(30)
    # The next two screenshots show the dropdown element present, but items in the dropdown list do not load
    # However, the dropdown items are present in an html dump (puts browser.html)
    browser.screenshot.save ("arachni_dropdown_found.png")
    browser.button(:id => "id-dropdown").click
    sleep 5
    browser.screenshot.save ("arachni_show_dropdown.png")
    #  Clicking dropdown option is supposed to load text field for username but does not load text field
    browser.label(:id => 'dropdown_option2').click
    #browser.div(:id => 'option2').click  # Also tried clicking this element
    sleep 5
    browser.screenshot.save ("arachni_select.png")
    puts browser.html  #  HTML dump shows dropdown elements but no username text field
    browser.text_field(id: 'id-username').wait_until_present(30) # <------ Fails at this next step; 
    
    browser.text_field(id: 'id-username').set 'myuserid'
    browser.button(id: 'id-continue').click
    browser.img(:id => 'id-image').click
    browser.screenshot.save ("arachni_click_image.png")
    browser.text_field(id: 'id-password').set 'password'
    browser.send_keys :enter
    browser.a(:id => "my-accounts").wait_until_present(25)
    framework.options.session.check_url = 'https://my.site.com/account-summary'
    framework.options.session.check_pattern = ""
    

    The following shows the HTML for the dropdown item that is clicked, and is supposed to load the username field:

    <div id="option2" tabindex="-1" role="option" class="item-list" ng-click="itemSelected('languageJsonProps.xxxx.xxxx.text', 'App #2')">                   
        <label id="dropdown_option2" class="item-list-label ng-scope" style="float:left; margin-right:5px;" translate-default="App #2" translate="languageJsonProps.xxxx.xxxx.text">App #2</label>                            
    </div>
    
  3. Support Staff 3 Posted by Tasos Laskos on 05 Jan, 2017 11:36 AM

    Tasos Laskos's Avatar

    Any chance I can be given access to the webapp?

  4. Tasos Laskos closed this discussion on 05 Feb, 2017 11:13 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac