Scan Forms with Predefined Field Values

Matthias's Avatar


30 Mar, 2016 04:10 PM


We have a couple of forms that we'd like to scan with Arachni but that expect specific inputs (e.g. a number value) at some form fields. As long as these fields have not a valid value, other form fields cannot be tested for XSS and other vulnerabilities. Is it possible to teach Arachni this somehow, make it "business logic aware"?



  1. Support Staff 1 Posted by Tasos Laskos on 30 Mar, 2016 04:14 PM

    Tasos Laskos's Avatar
  2. 2 Posted by Matthias on 30 Mar, 2016 04:30 PM

    Matthias's Avatar

    Ah, yes, that looks like it.

    But that would only work for a global parameter name, say:


    Or could I also restrict this input value to be only sent to one form / url as well? Unfortunately I could not find any examples on the Web.


  3. Support Staff 3 Posted by Tasos Laskos on 30 Mar, 2016 04:32 PM

    Tasos Laskos's Avatar

    Yeah it's a global thing, is that a problem for your use-case?
    If you need something more specialised it could be possible (need to lookup the API or update it) via a custom plugin.

  4. 4 Posted by Matthias on 30 Mar, 2016 06:43 PM

    Matthias's Avatar

    yes perhaps that could be the case. Anyhow at least there is a global solution. If we create a plugin we would of course share it with the community. Thanks!

  5. Support Staff 5 Posted by Tasos Laskos on 31 Mar, 2016 01:08 PM

    Tasos Laskos's Avatar

    No worries, let me know if you require further assistance.


  6. Tasos Laskos closed this discussion on 31 Mar, 2016 01:08 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac