using autologin with proxy
Hi all!
I am currently wondering, if it is possible to use something
like autologin together with proxy.
I have the following situation: I have a js-based webapplication.
So there is no login url or anything else.
I use arachni together with the proxy plugin and it looks like I
manage to login.
But due to the test, arachni will get logged out. So how would one
implement to login again?
So what I would like to do is the following:
1. Use proxy to get the login parameters set correctly
2. use something like check pattern to realize, if I am still
logged in.
3. log in again, if we are no longer logged in.
Is it possible to do this, or do I have to use other tools or plugins? The problem is, that the easy repeating of a task is not possible due to cookie-settings. That´s why I was wondering, if I can just start from scratch and login again and then keep on testing at that point where I was logged out.
Or another thing that might work, but I don´t know how: Is
it possible to perform a test always from scratch with logging in
again using proxy plugin? In other words:
Use proxy to log into the application.
Perform a test
Analyse the result
Logoff
Log in again
Start the next test
and so on.
Thanks for any help or hints!
BR
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 29 Mar, 2016 04:42 PM
Hello,
Your best bet in this situation would be to use the login_script plugin.
Cheers
2 Posted by andreas on 04 Apr, 2016 11:54 AM
First of all, thanks for the hint. I had a look at it, but I have no idea on how to figure out, what values to use, if I got no form, but only a js and json page.
Is there some documentation on how to implement this functionality on such a page?
Support Staff 3 Posted by Tasos Laskos on 04 Apr, 2016 08:31 PM
Doesn't the page render a form somehow? A place where you enter the credentials?
You can instruct Arachni's integrated Watir browser to perform the same actions as you do with your usual browser.
There really isn't any more doc than the one in the article, except of course for the Watir API which you can find at: http://watirwebdriver.com/
4 Posted by andreas on 05 Apr, 2016 03:40 AM
First of all, thanks for your fast reply!
It seems, this is exactly what I need! I will give it a try today and report back, if I managed to do this!
Support Staff 5 Posted by Tasos Laskos on 05 Apr, 2016 12:33 PM
No worries, if you get stuck attach the script here and I'll have a look.
Cheers
6 Posted by andreas on 11 Apr, 2016 10:35 AM
I am using arachni on a installation of kali, but the installed versions of firefox and iceweasel seem not to match. The process crashes all the time with a "Unable to obtain stable firefox connection in 60 seconds)". So I can´t use it. I have to think of something else.
Support Staff 7 Posted by Tasos Laskos on 11 Apr, 2016 11:02 AM
Ok first of all, don't use Kali's version, you should grab the latest from the site, or better yet grab the nightlies because they include some bugfixes.
Secondly, Arachni bundles its own browser, it won't use Firefox.
8 Posted by andreas on 11 Apr, 2016 11:56 AM
Yes, I already did that!
I managed to run the automated login on another box. I will use arachni from that one. Makes mor sense anyway ;-)
Thanks again for the help and the hint! I would have been lost without it!
Support Staff 9 Posted by Tasos Laskos on 11 Apr, 2016 12:15 PM
No worries, that's what I'm here for.
Cheers
Tasos Laskos closed this discussion on 11 Apr, 2016 12:15 PM.