login_script (ruby, with browser) is successful, but never terminates and scan hangs indefinitely
Hi there.
I have been working on a ruby login script that does two factor authentication through the login_script plugin, but I have been running into an issue with concluding the login sequence. The script executes as expected, and I can confirm that Arachni logged in with puts browser.url
for instance, but after the script has executed, nothing seems to happen. I believe it is waiting on a success condition of some sort that I am unable to solve for. End result: the scan never initiates despite the script logging in.
I'm unable to share specific urls or credentials that I'm using, but hopefully I can show you enough to diagnose the issue.
The command I am running is: arachni https://<website_redacted> --plugin=login_script:script=/login_scripts/login.rb
The contents of the script are as follows:
browser.goto "https://<website_redacted>/login"
puts "Current Page Title"
puts browser.title
puts browser.url
form = browser.form
form.text_field(:id => 'userNameId_input').set 'real_user'
form.text_field(:id => 'passwdId_input').set 'real_pass'
form.submit
sleep(30)
# user name and password submitted; onto the next login page: one of three questions and appropriate answers
puts "Current Page Title"
puts browser.title
puts browser.url
#sleep(10)
form1 = browser.form
# catch errors if this is not the case due to login not requiring this question
Question = browser.label(:id => 'challengeQuestionLabelId').text
if Question.include? "question1"
form1.text_field(:id => 'challengeQuestionList[0].userAnswer').set 'answer1'
puts "'answer1' was entered for the security question"
elsif Question.include? "question2"
form1.text_field(:id => 'challengeQuestionList[0].userAnswer').set 'answer2'
puts "'answer2' was entered for the security question"
else Question.include? "question3"
form1.text_field(:id => 'challengeQuestionList[0].userAnswer').set 'answer3'
puts "'answer3' was entered for the security question"
end
sleep(1)
form1.submit
sleep(30)
puts "Current Page Title"
puts browser.title
puts browser.url
#by this point we have successfully gotten to the authenticated homepage of the app
framework.options.session.check_url = browser.url
framework.options.session.check_pattern = /Sign Out/
Thoughts?
Thanks you very much for your assistance.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by Gray on 05 Jun, 2017 09:31 PM
I apologize in advance for the formatting issues but between the backticks are the content of the login script.
Thanks,
Gray
2 Posted by Gray on 06 Jun, 2017 08:59 PM
Has anyone had the opportunity to look at this?
Support Staff 3 Posted by Tasos Laskos on 07 Jun, 2017 08:33 AM
There isn't a condition I can think of that would cause the system to stall, can you try using
--output-debug=4
and see what's going on when the system stops?4 Posted by Gray on 07 Jun, 2017 05:54 PM
Hi Tasos, thank you for the reply. I added the debug setting and here is the last block of output. I understand this most likely won't be enough to diagnose the issue precisely but if you could give me some ideas of where to look in my script based on this request that has never completed... thank you, -gray
[!!] [browser#wait_till_ready:409] Browser: Waiting for custom JS... [!!] [browser#wait_till_ready:411] Browser: ...done. [!!] [browser#wait_for_timers:1114] Browser: Waiting for timers... [!!] [browser#wait_for_timers:1118] Browser: ...done. [!!] [browser#wait_for_pending_requests:1400] Browser: Waiting for 1 requests to complete... [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
5 Posted by Gray on 07 Jun, 2017 09:42 PM
reformatted so a human can read it:
the script finishes execution immediately before these lines of output
Support Staff 6 Posted by Tasos Laskos on 08 Jun, 2017 03:19 PM
Unfortunately that's not much help, any chance I can be given access to the webapp so see what's going on for myself?
7 Posted by Ranus on 12 Dec, 2017 03:01 PM
Hi, I think I've got a similar problem. Did you find a solution ?