No browser jobs when running scan with vector_feed plugin
I'm running a scan using the vector feed plugin with a vector.yml file created from a manual crawl of the application. During the scan, I'm noticing that no browser jobs are being kicked off which would mean no DOM based checks are being done? Any idea why this would happen?
Sample Command:
./arachni --scope-include-pattern ".*<URL>.*" --scope-exclude-binaries --scope-exclude-pattern ".*sign_(out|in)" --scope-auto-redundant 1 --http-cookie-string "_session_id=<SESSIONID>" --platforms-no-fingerprinting --platforms "linux,sql,pgsql,nginx,ruby,rack,rails" --snapshot-save-path "/tmp" --checks "code_injection,code_injection_timing,file_inclusion,ldap_injection,os_cmd_injection,os_cmd_injection_timing,path_traversal,rfi,source_code_disclosure,sql_injection*,trainer,unvalidated_redirect,unvalidated_redirect_dom,xpath_injection,xss*,xxe,directory_listing,cookie_set_for_parent_domain,hsts,html_objects,http_only_cookies,insecure_cookies,insecure_cors_policy,mixed_resource,private_ip,ssn,x_frame_options,insecure_client_access_policy,insecure_cross_domain_policy_access,origin_spoof_access_restriction_bypass" --http-request-concurrency 5 --audit-links --audit-forms --audit-jsons --audit-ui-forms --audit-ui-inputs --http-request-redirect-limit 2 --plugin=vector_feed:yaml_file="/Users/ron.gutierrez/tools/arachni-1.5.1-0.5.12/vectors.yml" --browser-cluster-pool-size 6 "https://<URL>"
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 18 Jun, 2017 10:33 AM
The
vector_feed
plugin files don't include context that is necessary for DOM operations.2 Posted by rgutie01 on 19 Jun, 2017 01:45 PM
Thats a shame. I was using the vector_feed plugin to feed in valid POST data for the various actions within our application. I was noticing that when scanning using the crawling mode, it wasn't testing a good chunk of non-GET requests and if it did it wouldn't be able to set valid for data.
Do you have another approach I can take with this so that I can perform a scan that includes DOM checks and also utilizes my input data?
Support Staff 3 Posted by Tasos Laskos on 19 Jun, 2017 03:42 PM
DOM checks should still be performed, just not based on the vector_feed data, same as if you hadn't used that plugin.