Ruby Login to JS form without id

Bob's Avatar

Bob

27 Oct, 2017 03:49 PM

Hello, I'm trying to login to a login form with JS app that does not seem to have an id:

<form _ngcontent-c1="" class="loginform ng-pristine ng-invalid ng-touched" novalidate="">

    <img _ngcontent-c1="" alt="" class="loginform-logo" src="assets/img/logo.svg">

    <!---->

    
    <label _ngcontent-c1="" class="loginform-label icon-user" for="username">Username</label>
    <input _ngcontent-c1="" class="loginform-input ng-pristine ng-invalid ng-touched" id="username" name="username" required="" type="text">
    <div _ngcontent-c1="" class="input-error" hidden="">
        Username is required
    </div>

    
    <label _ngcontent-c1="" class="loginform-label icon-lock" for="password">Password</label>
    <input _ngcontent-c1="" class="loginform-input ng-pristine ng-invalid ng-touched" id="password" name="password" required="" type="password">
    <div _ngcontent-c1="" class="input-error" hidden="">
        Password is required
    </div>

    
    <button _ngcontent-c1="" class="loginform-btn icon-triangle-right btn btn-main" type="submit" disabled="">Login
    </button>

</form>
</login>
  1. When I use a ruby form I get the response:

[-] [utilities#exception_jail:428] Session: [Watir::Exception::UnknownObjectException] unable to locate element, using {:id=>"login", :tag_name=>"form"}

  1. with the autologin script I get the response:

[-] [utilities#exception_jail:428] Session: [Arachni::Session::Error::FormNotFound] Login form could not be found with: {:url=>"https://testsite.com/login", :inputs=>{"username"=>"myname", "password"=>"mypassword"}}

the script:

browser.goto 'https://testsite.com/login'

form = browser.form( id: 'login' )
form.text_field( name: 'username' ).set 'myname'
form.text_field( name:'password' ).set 'mypassword'

form.submit

framework.options.session.check_url = browser.url
framework.options.session.check_pattern = /logout/
  1. arachni https://testsite.com/logged --checks=xss_dom --plugin= --output-debug --plugin=login_script:script=login.rb

  2. arachni https://testsite.com/logged --checks=xss_dom --plugin=autologin:url=https://testsite.com/login,parameters='username=myname&pass...' --output-debug

I would appreciate your suggestion..

Maybe an example ruby script if you have.. This is a spring boot app with csrf token..

Kind regards,

  1. Support Staff 1 Posted by Tasos Laskos on 20 Nov, 2017 10:51 AM

    Tasos Laskos's Avatar

    Sounds like it could be a PhantomJS issue, it may not support the webapp but there's not much I can do about it.
    The new engine will use modern engines (Chrome and Firefox) so these issues will be resolved once it's released, although it'll be a while.

    Until then, I wouldn't mind having a look at that website if that's possible.

    Also, sorry for the very late response, I've been hard at work for the new engine.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac