Login failing in Arachni scan
I see the following in my log for the Jenkins job. I can log into the url no problem with the user/pwd that I have in the job. Any help/thought/ideas are appreciated.
[*] Initializing...
[*] Preparing plugins...
[*] AutoLogin: Logging in, please wait.
[-] [utilities#exception_jail:428] Session: [Arachni::Session::Error::FormNotFound] Login form could not be found with: {:url=>"http://xyz/home/index.html", :inputs=>{"UserID"=>"abc", "UserPassword"=>"pwd"}}
[-] Session: [Errno::EACCES] Permission denied @ rb_sysopen - /opt/arachni-1.4-0.5.10/bin/../system/logs/framework/error-4002.log
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 17 Aug, 2016 07:27 PM
You've got 2 issues there:
UserID
andUserPassword
inputs at http://xyz/home/index.html. If it's a redirect prefer setting the URL with the actual form.2 Posted by Brendan on 17 Aug, 2016 07:57 PM
Here is a snippet for the /home/index.html containing the
and elements to help clarify the underlying source code.https://gist.github.com/bmurtagh/891beff6b7cd5917a6c3f04120bdb346
Support Staff 3 Posted by Tasos Laskos on 17 Aug, 2016 07:59 PM
Is the form visible by default or do you need to interact with the page somehow?
4 Posted by Mike on 17 Aug, 2016 08:10 PM
Hitting that url brings up the page
Support Staff 5 Posted by Tasos Laskos on 17 Aug, 2016 08:12 PM
Hm, I can't tell for sure without access to the page, but you may need to configure this option: https://github.com/Arachni/arachni/wiki/Command-line-user-interface...
6 Posted by Brendan on 17 Aug, 2016 08:13 PM
Here is a temporary screenshot of the login form: http://imgur.com/QQZI0LK
We have a /UI/index.html that acts as a launch page that opens a new window with this form on there. We're using that new URL /home/index.html in the arachni scanning configuration.
Support Staff 7 Posted by Tasos Laskos on 17 Aug, 2016 08:15 PM
Like I said, I can't tell for sure but if there's some delay in loading or interaction of some sort you may need to resort to the login_script approach.
8 Posted by Brendan on 17 Aug, 2016 08:21 PM
Is it possible to see if there's a rendering delay in debug output?
Also, is it possible to set an ENV var for debug or is only a CLI flag the option?
Support Staff 9 Posted by Tasos Laskos on 17 Aug, 2016 08:23 PM
It's just CLI,
--output-debug=2
will show you the rendered HTML body at the time the form was being located.10 Posted by Brendan on 17 Aug, 2016 09:05 PM
Here is some code from the rendered version as you can see, there's the
and elements as expected: https://gist.github.com/bmurtagh/b67d26ce97b98e68e86eee468dae68bcSupport Staff 11 Posted by Tasos Laskos on 18 Aug, 2016 08:53 AM
Any chance I can get access to that page?
12 Posted by Brendan on 18 Aug, 2016 12:28 PM
We will inquire this morning about permission/approval to send the URL. Is there a way to send the URL privately if we get approval?
Support Staff 13 Posted by Tasos Laskos on 18 Aug, 2016 12:29 PM
Yep: [email blocked]
14 Posted by Brendan on 18 Aug, 2016 01:55 PM
Your message came across as [email blocked].
Support Staff 15 Posted by Tasos Laskos on 18 Aug, 2016 01:56 PM
My bad: tasos[dot]laskos[at]arachni-scanner.com
16 Posted by Brendan on 18 Aug, 2016 02:17 PM
Thank you for the continued help. We had one of our InfoSec guys look at it and we are having issues due to Angular (v2 specifically) being used which is not making arachni happy. He has some login scripts he'll be customizing for our usage.
Thank you again for the help & developing a great product!
17 Posted by Mike on 18 Aug, 2016 02:19 PM
Thanks again, wish more products provided this level of support/response!
Support Staff 18 Posted by Tasos Laskos on 18 Aug, 2016 02:20 PM
No worries guys.
About your issue, there's a known incompatibility, please follow this for updates: https://github.com/Arachni/arachni/issues/764
Cheers
Tasos Laskos closed this discussion on 18 Aug, 2016 02:20 PM.