Custom Login Script Url Check

Neha's Avatar

Neha

31 Mar, 2016 10:22 PM

Hello,

I have a custom login script, and the session can potentially timeout during arachni's scan. When this happens, the site redirects arachni to the login page via 302. When arachni is 'checking' to see if it's session is still valid, I'm curious if there's any way to instruct arachni that if it's redirected to '/signin' then it probably needs to login again.

I believe I'm using framework.options.session.check_pattern incorrectly. How can a specify a pattern to match on a pattern within the html body? Say a link link so:

<a target="_blank" href="/blah/4440c24a-1903-4851-8787-7f2592230dbe/direct-deposit.pdf" data-reactid=".0.1.0.1.0.1.3.0.0">Download PDF</a>

Any suggestions?

Thanks!

  1. Support Staff 1 Posted by Tasos Laskos on 01 Apr, 2016 10:42 AM

    Tasos Laskos's Avatar

    Hello,

    You can't let Arachni know to take action upon redirection, but you can specify the URL that contains the link you posted and set a check pattern such as:

    /direct-deposit\.pdf.*Download PDF/
    

    If Arachni gets logged out then it'll be redirected and the body won't match the pattern, if it's logged in then it will.

    Cheers

  2. 2 Posted by Neha on 01 Apr, 2016 03:18 PM

    Neha's Avatar

    Awesome, many thanks Laskos. And in this case - once the check pattern fails, arachni will execute the login script again, no?

  3. Support Staff 3 Posted by Tasos Laskos on 01 Apr, 2016 03:39 PM

    Tasos Laskos's Avatar

    Exactly, the system will perform the login check periodically and re-login if necessary.

    Cheers

  4. Tasos Laskos closed this discussion on 01 Apr, 2016 03:39 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac