login_script (ruby, with browser) is successful, but never terminates and scan hangs indefinitely

Gray's Avatar

Gray

05 Jun, 2017 09:30 PM

Hi there.

I have been working on a ruby login script that does two factor authentication through the login_script plugin, but I have been running into an issue with concluding the login sequence. The script executes as expected, and I can confirm that Arachni logged in with puts browser.url for instance, but after the script has executed, nothing seems to happen. I believe it is waiting on a success condition of some sort that I am unable to solve for. End result: the scan never initiates despite the script logging in.

I'm unable to share specific urls or credentials that I'm using, but hopefully I can show you enough to diagnose the issue.

The command I am running is: arachni https://<website_redacted> --plugin=login_script:script=/login_scripts/login.rb

The contents of the script are as follows:

browser.goto "https://<website_redacted>/login"

puts "Current Page Title"
puts browser.title
puts browser.url

form = browser.form

form.text_field(:id => 'userNameId_input').set 'real_user'

form.text_field(:id => 'passwdId_input').set 'real_pass'
form.submit
sleep(30)

# user name and password submitted; onto the next login page: one of three questions and appropriate answers

puts "Current Page Title"
puts browser.title
puts browser.url


#sleep(10)

form1 = browser.form

# catch errors if this is not the case due to login not requiring this question
Question = browser.label(:id => 'challengeQuestionLabelId').text

if Question.include? "question1"
        form1.text_field(:id => 'challengeQuestionList[0].userAnswer').set 'answer1'
        puts "'answer1' was entered for the security question"

elsif Question.include? "question2"
        form1.text_field(:id => 'challengeQuestionList[0].userAnswer').set 'answer2'
        puts "'answer2' was entered for the security question"

else Question.include? "question3"
        form1.text_field(:id => 'challengeQuestionList[0].userAnswer').set 'answer3'
        puts "'answer3' was entered for the security question"
end

sleep(1)

form1.submit

sleep(30)

puts "Current Page Title"
puts browser.title
puts browser.url

#by this point we have successfully gotten to the authenticated homepage of the app

framework.options.session.check_url     = browser.url
framework.options.session.check_pattern = /Sign Out/

Thoughts?

Thanks you very much for your assistance.

  1. 1 Posted by Gray on 05 Jun, 2017 09:31 PM

    Gray's Avatar

    I apologize in advance for the formatting issues but between the backticks are the content of the login script.

    Thanks,
    Gray

  2. 2 Posted by Gray on 06 Jun, 2017 08:59 PM

    Gray's Avatar

    Has anyone had the opportunity to look at this?

  3. Support Staff 3 Posted by Tasos Laskos on 07 Jun, 2017 08:33 AM

    Tasos Laskos's Avatar

    There isn't a condition I can think of that would cause the system to stall, can you try using --output-debug=4 and see what's going on when the system stops?

  4. 4 Posted by Gray on 07 Jun, 2017 05:54 PM

    Gray's Avatar

    Hi Tasos, thank you for the reply. I added the debug setting and here is the last block of output. I understand this most likely won't be enough to diagnose the issue precisely but if you could give me some ideas of where to look in my script based on this request that has never completed... thank you, -gray
    [!!] [browser#wait_till_ready:409] Browser: Waiting for custom JS... [!!] [browser#wait_till_ready:411] Browser: ...done. [!!] [browser#wait_for_timers:1114] Browser: Waiting for timers... [!!] [browser#wait_for_timers:1118] Browser: ...done. [!!] [browser#wait_for_pending_requests:1400] Browser: Waiting for 1 requests to complete... [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached

  5. 5 Posted by Gray on 07 Jun, 2017 09:42 PM

    Gray's Avatar

    reformatted so a human can read it:
    the script finishes execution immediately before these lines of output

     [!!] [browser#wait_till_ready:409] Browser: Waiting for custom JS...
     [!!] [browser#wait_till_ready:411] Browser: ...done.
     [!!] [browser#wait_for_timers:1114] Browser: Waiting for timers...
     [!!] [browser#wait_for_timers:1118] Browser: ...done.
     [!!] [browser#wait_for_pending_requests:1400] Browser: Waiting for 1 requests to complete...
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/connection#on_close:178] Connection: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
     [!!!] [http/proxy_server/ssl_interceptor#on_close:34] SSLInterceptor: Closed because: [Arachni::Reactor::Connection::Error::Closed] end of file reached
    
  6. Support Staff 6 Posted by Tasos Laskos on 08 Jun, 2017 03:19 PM

    Tasos Laskos's Avatar

    Unfortunately that's not much help, any chance I can be given access to the webapp so see what's going on for myself?

  7. 7 Posted by Ranus on 12 Dec, 2017 03:01 PM

    Ranus's Avatar

    Hi, I think I've got a similar problem. Did you find a solution ?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac