Custom Script 'Initializing broswer cluster' Infinite Loop
Tasos,
I have been working on a custom script using the Arachni REST API (based off of the example client given on the Github page) to scan against WebGoat, but whenever I run it it continues to output the message value as "Initializing the browser cluster".
...
Scan 134: scanning
Messages: Initialising the browser cluster.
Scan 135: scanning
Messages: Initialising the browser cluster.
Scan 136: scanning
Messages: Initialising the browser cluster.
Scan 137: scanning
Messages: Initialising the browser cluster.
Even if I let it run for thousands of scans, it continues to output this message. Find my script attached in this post.
Another thing I was curious about was when you run a normal scan using a login_script plugin, the application displays in the console that the plugin has started, and the login was successful as well as the cookie value that was set and if the session logs out it will display re-login attempt happening. I was wondering how to add this feature to a custom script with the REST API.
- CustomScript.rb 2.69 KB
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 14 Jul, 2016 09:09 AM
Can you try scanning the application via the CLI (
arachni
) and see if that makes a difference?2 Posted by Kam on 14 Jul, 2016 10:12 AM
Do you mean running the application normally rather than a custom script? All works fine when I run through CLI.
Update**
I have tweaked the script slightly and it is now outputting the proper information, but there is 2 final things that I can not seem to get working:
1. How to add the login_script plugin output to the terminal via a custom script. It does not
print_info
like it does when running a normal CLI scan with the plugin.2. When I specify a URL to scan
https://test.example.com/test/test2
, how do I force the script to only scan URLs containing/test/test2
. Right now it scans everything in thetest.example.com
domain which is not what I want it to do.Support Staff 3 Posted by Tasos Laskos on 14 Jul, 2016 11:32 AM
print_*
methods because that would result in GB of data. You'll need to do your own logging to a file or something.scope
include_path_patterns
option to/test/test2
.4 Posted by Kam on 14 Jul, 2016 12:34 PM
So it is not possible to output the login_script plugin outputs information like "Executing script", "Script executed successfully", and the setting of the session cookie with a custom script?
Support Staff 5 Posted by Tasos Laskos on 14 Jul, 2016 12:36 PM
You can but you won't see them over the REST API only the CLI, and you'll need to do that yourself.
6 Posted by Kam on 14 Jul, 2016 12:38 PM
Ah, okay. Thanks for the assistance, Tasos. Loving the Arachni Framework so far!
Support Staff 7 Posted by Tasos Laskos on 14 Jul, 2016 12:41 PM
No problem. :)
Tasos Laskos closed this discussion on 14 Jul, 2016 12:41 PM.