tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/13-about-autologins-paramsArachni: Discussion 2012-09-19T19:49:49Ztag:support.arachni-scanner.com,2012-07-01:Comment/188721902012-09-19T19:48:10Z2012-09-19T19:48:54ZAbout autologin's params<div><p>Hi Yanjin,</p>
<p>If you read the option descriptions:</p>
<pre>
<code> [*] autologin:
--------------------
Name: AutoLogin
Description: It looks for the login form in the user provided URL,
merges its input fields with the user supplied parameters and sets the cookies
of the response and request as framework-wide cookies to be used by the spider later on.
Options:
[~] url - The URL that contains the login form.
[~] Type: url
[~] Default:
[~] Required?: true
[~] params - Form parameters to submit. ( username=user&password=pass )
[~] Type: string
[~] Default:
[~] Required?: true
[~] check - A pattern which will be used to verify a successful login.
For example, if a logout link only appears when a user is logged in then it can be a perfect choice.
[~] Type: string
[~] Default:
[~] Required?: true</code>
</pre>
<p>It doesn't really expect the username and password values, it
expects the form parameters which need to be filled in, as a query
string.<br>
The form to be submitted is then located based on the parameter
names in the query -- and is also updated before each login attempt
in case there are tokens that need to be refreshed.</p>
<p>Cool tip: The <a href=
"http://support.arachni-scanner.com/kb/general-use/logging-in-and-maintaining-a-valid-session">
suggested article</a> for your question would have explained this
in even more detail.</p></div>Tasos Laskos