tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/12254-excluding-urls-in-webgui-problemnot-workingArachni: Discussion 2015-06-14T23:00:07Ztag:support.arachni-scanner.com,2012-07-01:Comment/371185652015-06-13T21:12:38Z2015-06-13T21:12:38ZExcluding URLs in WebGUI problem/not working<div><p>Hello,</p>
<p>I do see "login.php" being included, which it shouldn't have
been, but it's only that. I don't see "docs" specified in the
excluded patterns list nor do I see anything matching "css" being
included.</p>
<p>My best guess is that the configuration works but you're getting
redirected to the login page due to an invalid session. Some
operations automatically follow redirects and those redirects
override the scope.</p>
<p>Can this be the case?</p>
<p>Cheers</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/371185652015-06-14T18:18:43Z2015-06-14T18:18:44ZExcluding URLs in WebGUI problem/not working<div><p>Hi,<br>
Thank you for your reply.</p>
<p>I am using predefined cookies with existing session. That's why
I try to avoid calling the logout.php. Anyway I played with it and
maybe something is wrong on my box that is running Arachni.</p>
<p>For instance, when I set the scope pattern to "vulnerabilities",
then no test are done on <a href="http://host/DVWAP/vulnerabilities/">http://host/DVWAP/vulnerabilities/</a>....
And that is strange. I think, all logs I provided are only part of
crawling, but no active scanning.</p>
<p>When I use the "default" profile, then anything is working fine.
As long as I clone the profile and edit scope patterns, to optimize
the scan, then it behaves with the exact opposite, what I would
expect or wanted to do :)</p>
<p><strong>That's Why, I just wanted to ask, if the patters As I
use them, have the right format.</strong> If for example :
<strong>vulnerabilities</strong>, should match <strong><a href="http://host/DVWAP/vulnerabilities/sqli">http://host/DVWAP/vulnerabilities/sqli</a></strong>
or maybe I should use some other format.</p>
<p>I think I will dig deeper with using CLI .. Thanks for support.
Have a great day. Bye</p>
<p>Please don't spend your time with my thread! Please :)!<br>
I will check it again. No problem. Arachni is a cool and power
tool, that did showed me a lot. I just have to spend more time with
it.</p>
<p>Thanks, Bye.</p></div>Tomastag:support.arachni-scanner.com,2012-07-01:Comment/371185652015-06-14T23:00:06Z2015-06-14T23:00:06ZExcluding URLs in WebGUI problem/not working<div><p>Hahaha fair enough, I'll let you have the joy of discovery.<br>
If you get stuck re-open this discussion and we'll sort it out.</p>
<p>The patterns are correct in their format though.</p>
<p>Do keep in mind, those educational webapps make terrible targets
because they require a slew of special configuration.</p>
<p>I'd suggest trying out the command-line interface to familiarize
yourself with Arachni, as that'll give you enough feedback on the
scanner's behavior to debug your configuration.</p>
<p>Cheers</p></div>Tasos Laskos