Custom Login Script Url Check
Hello,
I have a custom login script, and the session can potentially timeout during arachni's scan. When this happens, the site redirects arachni to the login page via 302. When arachni is 'checking' to see if it's session is still valid, I'm curious if there's any way to instruct arachni that if it's redirected to '/signin' then it probably needs to login again.
I believe I'm using framework.options.session.check_pattern incorrectly. How can a specify a pattern to match on a pattern within the html body? Say a link link so:
<a target="_blank" href="/blah/4440c24a-1903-4851-8787-7f2592230dbe/direct-deposit.pdf" data-reactid=".0.1.0.1.0.1.3.0.0">Download PDF</a>
Any suggestions?
Thanks!
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 01 Apr, 2016 10:42 AM
Hello,
You can't let Arachni know to take action upon redirection, but you can specify the URL that contains the link you posted and set a check pattern such as:
If Arachni gets logged out then it'll be redirected and the body won't match the pattern, if it's logged in then it will.
Cheers
2 Posted by Neha on 01 Apr, 2016 03:18 PM
Awesome, many thanks Laskos. And in this case - once the check pattern fails, arachni will execute the login script again, no?
Support Staff 3 Posted by Tasos Laskos on 01 Apr, 2016 03:39 PM
Exactly, the system will perform the login check periodically and re-login if necessary.
Cheers
Tasos Laskos closed this discussion on 01 Apr, 2016 03:39 PM.