tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/5258-auto-login-script-html-issueArachni: Discussion 2018-10-19T07:42:05Ztag:support.arachni-scanner.com,2012-07-01:Comment/453436692018-05-24T12:32:48Z2018-05-24T12:32:48ZAuto login script HTML issue<div><p>Hello all,</p>
<p>i run into a problem with the login script, so i required to login on web app, but default method failed:<br>
/home/arachniuser/arachni-1.5.1-0.5.12/bin/arachni <a href="https://www.XXX.org">https://www.XXX.org</a> --plugin=autologin:url=<a href="https://www.XXX.org/login,parameters="text=XXX@gmail.com&password=XXX",check="XXX">https://www.XXX.org/login,parameters="text=XXX@gmail.com&p...</a>" <strong>Session: [Arachni::Session::Error::FormNotFound] Login form could not be found with: {:url=>"<a href="https://www.XXX.org/login">https://www.XXX.org/login</a>", :inputs=>{"text"=>"<a href="mailto:XXX@gmail.com">XXX@gmail.com</a>", "password"=>"XXX"}}</strong></p>
<p>I go through support tickets and discovered cool thing: advanced autologin (<a href="http://support.arachni-scanner.com/kb/general-use/logging-in-and-maintaining-a-valid-session">http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...</a>)</p>
<p>Here we go, i prepared ruby script and tested locally (works as expected):<br>
**browser.goto '<a href="https://www.XXX.org/login">https://www.XXX.org/login</a>'</p>
<p>form = browser.form( :class => 'input_3xjhyi-o_O-container_1pp1zxi-o_O-defaultBackground_3tuvhy', :index => 0 )<br>
form.text_field( :type => 'text' ).set '<a href="mailto:XXX@gmail.com">XXX@gmail.com</a>'<br>
form = browser.form( :class => 'input_3xjhyi-o_O-container_1pp1zxi-o_O-defaultBackground_3tuvhy', :index => 1 )<br>
form.text_field( :type => 'password' ).set 'XXX'</p>
<p>framework.options.session.check_url = browser.url<br>
framework.options.session.check_pattern = /XXX/**</p>
<p>upload to arachni env and executed with:<br>
<strong>/home/arachniuser/arachni-1.5.1-0.5.12/bin/arachni <a href="https://www.XXX.org">https://www.XXX.org</a> --plugin=login_script:script='/home/arachniuser/plugins/login_script.rb' --output-debug 4</strong></p>
<p>Result is:<br>
[2018-05-24 12:25:13 +0000 - 0.5] [!!] [browser#response_handler:1607] Browser: Got response: <a href="https://www.XXX.org/login">https://www.XXX.org/login</a> [2018-05-24 12:25:13 +0000 - 0.0] [!] [browser/javascript#html?:422] Does not look like HTML: <a href="https://www.XXX.org/login">https://www.XXX.org/login</a> then i can see incorrect login page source, seems that js files were not utilized and elements couldn't be discovered. But! i noticed, that, while execution default autologin plugin (--plugin=autologin:url=etc...) we have much more additional steps to execute with that page: ex [browser#response_handler:1624] Browser: Injected custom JS, but not with the custom one.</p>
<p>i tried many put real user-agent, but no luck</p>
<p>Any idea on that?</p>
<p>thank you</p></div>armagheadon