Problem when trying authenticated scan

amanda.barbosa's Avatar

amanda.barbosa

02 Apr, 2018 02:53 PM

Hello! I'm trying to perfom an authenticated scan, but I'm having some issues. The website I'm trying to login into is:

http://prope.unesp.br/pibic/aluno/index.php

and the command I'm running is:

arachni http://prope.unesp.br/pibic/aluno/index.php --report-save-path=/home/amanda/arachni.afr
--plugin=autologin:url=http://prope.unesp.br/pibic/aluno/index.php, parameters="login_pibic=username&senha_pibic=password&BtAcessar=Acessar",check="Sign Off|MY ACCOUNT" --scope-exclude-pattern=logout

However, the login doesn't happen, because I can see that the tool insn't scanning the pages that exist after the login is successful; it only scans the "outside" pages. And, besides, there are some errors that appear (they can be seen in the attached images).

I was able to obtain the parameters of the autologin plugin observing the POST message with Burp Proxy.

Can someone explain what I'm doing wrong? Thanks in advance.

  1. 1 Posted by amanda.barbosa on 02 Apr, 2018 02:57 PM

    amanda.barbosa's Avatar

    Attached images:

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac