using autologin with proxy

andreas's Avatar

andreas

29 Mar, 2016 01:35 PM

Hi all!

I am currently wondering, if it is possible to use something like autologin together with proxy.
I have the following situation: I have a js-based webapplication. So there is no login url or anything else.
I use arachni together with the proxy plugin and it looks like I manage to login.
But due to the test, arachni will get logged out. So how would one implement to login again?
So what I would like to do is the following:
1. Use proxy to get the login parameters set correctly
2. use something like check pattern to realize, if I am still logged in.
3. log in again, if we are no longer logged in.

Is it possible to do this, or do I have to use other tools or plugins? The problem is, that the easy repeating of a task is not possible due to cookie-settings. That´s why I was wondering, if I can just start from scratch and login again and then keep on testing at that point where I was logged out.

Or another thing that might work, but I don´t know how: Is it possible to perform a test always from scratch with logging in again using proxy plugin? In other words:
Use proxy to log into the application.
Perform a test
Analyse the result
Logoff
Log in again
Start the next test
and so on.

Thanks for any help or hints!

BR

  1. Support Staff 1 Posted by Tasos Laskos on 29 Mar, 2016 04:42 PM

    Tasos Laskos's Avatar

    Hello,

    Your best bet in this situation would be to use the login_script plugin.

    Cheers

  2. 2 Posted by andreas on 04 Apr, 2016 11:54 AM

    andreas's Avatar

    First of all, thanks for the hint. I had a look at it, but I have no idea on how to figure out, what values to use, if I got no form, but only a js and json page.

    Is there some documentation on how to implement this functionality on such a page?

  3. Support Staff 3 Posted by Tasos Laskos on 04 Apr, 2016 08:31 PM

    Tasos Laskos's Avatar

    Doesn't the page render a form somehow? A place where you enter the credentials?
    You can instruct Arachni's integrated Watir browser to perform the same actions as you do with your usual browser.

    There really isn't any more doc than the one in the article, except of course for the Watir API which you can find at: http://watirwebdriver.com/

  4. 4 Posted by andreas on 05 Apr, 2016 03:40 AM

    andreas's Avatar

    First of all, thanks for your fast reply!
    It seems, this is exactly what I need! I will give it a try today and report back, if I managed to do this!

  5. Support Staff 5 Posted by Tasos Laskos on 05 Apr, 2016 12:33 PM

    Tasos Laskos's Avatar

    No worries, if you get stuck attach the script here and I'll have a look.

    Cheers

  6. 6 Posted by andreas on 11 Apr, 2016 10:35 AM

    andreas's Avatar

    I am using arachni on a installation of kali, but the installed versions of firefox and iceweasel seem not to match. The process crashes all the time with a "Unable to obtain stable firefox connection in 60 seconds)". So I can´t use it. I have to think of something else.

  7. Support Staff 7 Posted by Tasos Laskos on 11 Apr, 2016 11:02 AM

    Tasos Laskos's Avatar

    Ok first of all, don't use Kali's version, you should grab the latest from the site, or better yet grab the nightlies because they include some bugfixes.

    Secondly, Arachni bundles its own browser, it won't use Firefox.

  8. 8 Posted by andreas on 11 Apr, 2016 11:56 AM

    andreas's Avatar

    Yes, I already did that!

    I managed to run the automated login on another box. I will use arachni from that one. Makes mor sense anyway ;-)

    Thanks again for the help and the hint! I would have been lost without it!

  9. Support Staff 9 Posted by Tasos Laskos on 11 Apr, 2016 12:15 PM

    Tasos Laskos's Avatar

    No worries, that's what I'm here for.

    Cheers

  10. Tasos Laskos closed this discussion on 11 Apr, 2016 12:15 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac