Ruby Login to JS form without id
Hello, I'm trying to login to a login form with JS app that does not seem to have an id:
<form _ngcontent-c1="" class="loginform ng-pristine ng-invalid ng-touched" novalidate="">
<img _ngcontent-c1="" alt="" class="loginform-logo" src="assets/img/logo.svg">
<!---->
<label _ngcontent-c1="" class="loginform-label icon-user" for="username">Username</label>
<input _ngcontent-c1="" class="loginform-input ng-pristine ng-invalid ng-touched" id="username" name="username" required="" type="text">
<div _ngcontent-c1="" class="input-error" hidden="">
Username is required
</div>
<label _ngcontent-c1="" class="loginform-label icon-lock" for="password">Password</label>
<input _ngcontent-c1="" class="loginform-input ng-pristine ng-invalid ng-touched" id="password" name="password" required="" type="password">
<div _ngcontent-c1="" class="input-error" hidden="">
Password is required
</div>
<button _ngcontent-c1="" class="loginform-btn icon-triangle-right btn btn-main" type="submit" disabled="">Login
</button>
</form>
</login>
- When I use a ruby form I get the response:
[-] [utilities#exception_jail:428] Session: [Watir::Exception::UnknownObjectException] unable to locate element, using {:id=>"login", :tag_name=>"form"}
- with the autologin script I get the response:
[-] [utilities#exception_jail:428] Session: [Arachni::Session::Error::FormNotFound] Login form could not be found with: {:url=>"https://testsite.com/login", :inputs=>{"username"=>"myname", "password"=>"mypassword"}}
the script:
browser.goto 'https://testsite.com/login'
form = browser.form( id: 'login' )
form.text_field( name: 'username' ).set 'myname'
form.text_field( name:'password' ).set 'mypassword'
form.submit
framework.options.session.check_url = browser.url
framework.options.session.check_pattern = /logout/
-
arachni https://testsite.com/logged --checks=xss_dom --plugin= --output-debug --plugin=login_script:script=login.rb
-
arachni https://testsite.com/logged --checks=xss_dom --plugin=autologin:url=https://testsite.com/login,parameters='username=myname&pass...' --output-debug
I would appreciate your suggestion..
Maybe an example ruby script if you have.. This is a spring boot app with csrf token..
Kind regards,
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 20 Nov, 2017 10:51 AM
Sounds like it could be a PhantomJS issue, it may not support the webapp but there's not much I can do about it.
The new engine will use modern engines (Chrome and Firefox) so these issues will be resolved once it's released, although it'll be a while.
Until then, I wouldn't mind having a look at that website if that's possible.
Also, sorry for the very late response, I've been hard at work for the new engine.