Autologin does not work

George Gonzo's Avatar

George Gonzo

30 Jan, 2018 09:39 PM

Hello group,

When scanning a bootstrap application, I receive this error
"-------------------------------------------------------------------------------- [2018-01-29 11:40:23 -0500] [Arachni::Session::Error::FormNotVisible] Login form is not visible in the DOM."

Although there isn't a direct URI for the login page which seems to be an autohidden form within the main page, I was able to successfully scan the web application with Nessus' web app scan policy by using the main/landing page as the login URI

  1. 1 Posted by bWF0dC50b3JiaW4... on 06 Feb, 2018 06:53 PM

    bWF0dC50b3JiaW4K's Avatar

    George, I just found this in the docs (

    "For example, if the login form is by default hidden and requires a sequence of UI interactions in order to become visible, this plugin will not be able to submit it."

  2. 2 Posted by bWF0dC50b3JiaW4... on 09 Feb, 2018 08:35 PM

    bWF0dC50b3JiaW4K's Avatar

    George, I would also like to mention that you can combine the autologin plugin with the session check at the bottom of the UI configuration (or from the command line if that's the way you're scanning).

    Reading through the source code of the plugin (/opt/arachni/components/plugins/autologin.rb), you'll see around line 56 that the session check supersedes anything that you've passed in through the plugin:

            framework.options.session.check_url     ||= response.url
            framework.options.session.check_pattern ||= @verifier

    Hopefully that helps.

  3. 3 Posted by George Gonzo on 11 Feb, 2018 05:05 PM

    George Gonzo's Avatar

    @bWF0dC50b3JiaW4K, thank you, it is helpful.

  4. Tasos Laskos closed this discussion on 04 May, 2018 09:08 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac