tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/13100-session-sharingArachni: Discussion 2016-12-28T14:47:09Ztag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-08T09:41:48Z2016-12-08T09:41:48ZSession sharing <div><p>You'll need to first login via a browser and supply the same
<a href="https://github.com/Arachni/arachni/wiki/Command-line-user-interface#http-cookie-jar">
cookie-jar</a> to all 3 scans.<br>
Be careful to exclude any logout links and the like.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-08T14:56:06Z2016-12-08T14:56:08ZSession sharing <div><p>Hi Tasos,<br>
Thank you very much for your inputs. i would like to use cookie jar
approach. For cookie jar approach, it seems we need to store cookie
jar as netscape format cookie.</p>
<p>Does it means, Can login to a website in netscape browser
manually and get and store the cookies in a file path and run
arachni scanning for the links..?</p></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-08T15:00:04Z2016-12-08T15:00:04ZSession sharing <div><p>Yep, the developer tools of Firefox and Chrome should allow you
to do that, although I don't quite remember how.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-15T15:06:35Z2016-12-15T15:13:26ZSession sharing <div><p>Hi,</p>
<p>I am trying to do via login script to authenticate before scan
but i am not able to spin the browser and getting exception</p>
<pre>
<code>/Ruby200/lib/ruby/2.0.0/net/http/generic_request.rb:27:in `initialize': HTTP request path is empty (ArgumentError)
from C:/Ruby200/lib/ruby/2.0.0/net/http/request.rb:14:in `initialize'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/default.rb:91:in `new'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/default.rb:91:in `new_request_for'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/default.rb:56:in `request'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/default.rb:84:in `request'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/common.rb:59:in `call'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/bridge.rb:647:in `raw_execute'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/bridge.rb:109:in `create_session'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/bridge.rb:69:in `initialize'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/common/driver.rb:57:in `new'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/common/driver.rb:57:in `for'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver.rb:82:in `for'</code>
</pre>
<p>code</p>
<pre>
<code>require 'selenium-webdriver'
Selenium::WebDriver::Firefox::Binary.path='C:/AppData/Local/Mozilla Firefox/firefox.exe'
caps = Selenium::WebDriver::Remote::Capabilities.firefox
caps['marionette'] = false
driver = Selenium::WebDriver.for(:remote, :desired_capabilities => caps)
#driver = Selenium::WebDriver.for :firefox
driver.navigate.to "wwww.google.com"
element = driver.find_element(:name, 'q')
element.send_keys "Selenium Tutorials"
element.submit
driver.quit</code>
</pre></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-15T15:14:59Z2016-12-15T15:14:59ZSession sharing <div><p>First of all, you need to use the packages.<br>
Secondly, you need to use the Watir instance provided to the login
script via the <code>browser</code> variable rather than
instantiating Selenium on your own.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-15T15:32:48Z2016-12-15T15:40:08ZSession sharing <div><p>Hi Tasos,</p>
<p>Even after using watir and broswer i got similar error</p>
<pre>
<code>'#!/usr/bin/env ruby
require 'ap'
require 'httpclient'
require 'json'
require 'browser'
require 'watir-webdriver'
# chrome driver path
# Specify the driver path
Selenium::WebDriver::Firefox::Binary.path = 'C:/Users/nnalam/AppData/Local/Mozilla Firefox/firefox.exe'
profile = Selenium::WebDriver::Firefox::Profile.new
browser =Watir::Browser.new :firefox
browser.goto('https://www.google.com/')</code>
</pre>
<p>Stack trace</p>
<pre>
<code> from C:/Ruby200/lib/ruby/2.0.0/net/http/request.rb:14:in `initialize'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/default.rb:91:in `new'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/default.rb:91:in `new_request_for'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/default.rb:56:in `request'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/default.rb:84:in `request'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/http/common.rb:59:in `call'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/w3c_bridge.rb:640:in `raw_execute'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/w3c_bridge.rb:114:in `create_session'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/remote/w3c_bridge.rb:69:in `initialize'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/firefox/w3c_bridge.rb:35:in `initialize'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/common/driver.rb:52:in `new'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver/common/driver.rb:52:in `for'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/selenium-webdriver-3.0.3/lib/selenium/webdriver.rb:82:in `for'
from C:/Ruby200/lib/ruby/gems/2.0.0/gems/watir-webdriver-0.9.3/lib/watir-webdriver/browser.rb:46:in `initialize'
from sel-1.rb:16:in `new'
from sel-1.rb:16:in `<main>'</code>
</pre></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-15T15:41:08Z2016-12-15T15:41:08ZSession sharing <div><p>You didn't do any of what I just said.<br>
You need to use the packages and use the provided browser instance
via the <code>browser</code> variable, <strong>do not</strong>
create your own.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-15T16:39:51Z2016-12-15T16:39:52ZSession sharing <div><p>Hi Tasos,</p>
<p>Thank you.</p>
<p>Can you please validate below script of what i am using to start
with and correct me i something wrong as it is giving error</p>
<p>require 'ap'<br>
require 'httpclient'<br>
require 'json'<br>
require 'browser'</p>
<p>require 'watir'<br>
browser =Watir::Browser.new :firefox<br>
browser.goto('<a href="https://google.com">https://google.com</a>')</p></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-16T14:21:32Z2016-12-16T14:21:32ZSession sharing <div><p>Please check out the documentation: <a href="http://support.arachni-scanner.com/kb/general-use/logging-in-and-maintaining-a-valid-session#with-browser-slow-">
http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...</a></p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-16T19:47:39Z2016-12-16T19:47:40ZSession sharing <div><p>Hi Tasos,</p>
<p>Please find the sample script i am trying to scan and got the
error trace attached in debug.log</p>
<p>command i have used is</p>
<p>arachni
--plugin=login_script:script="C:/Naveen/arachni_practice/arachni.rb"
--report-save-path=output.afr <a href="https://www.site.com/serv/home?secureLogin">https://www.site.com/serv/home?secureLogin</a>
--output-debug 2> debug.log</p></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-16T20:41:40Z2016-12-21T06:47:47ZSession sharing <div><p>Program<br>
For got to add attachment in last reply..</p>
<pre>
<code>browser.goto 'https://www.site.com/serv/home?secureLogin'
form = browser.form( id: 'form' )
form.text_field( name: 'username' ).set 'xey'
form.text_field( name: 'password' ).set 'Happyksu123'
form.submit
# You can also configure the session check from the script, dynamically,
# if you don't want to set static options via the user interface.
framework.options.session.check_url = browser.url
framework.options.session.check_pattern = /Sign Off|Your profile|logout|Log out/</code>
</pre></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-19T21:57:43Z2016-12-19T21:57:44ZSession sharing <div><p>Tasos,</p>
<p>I am able to resolve the issue and able to run my script by
alone. But when I am running from arachini loginscript</p>
<p>arachni https://mysite/servicing/home--checks=xss
--scope-page-limit=1
--plugin=login_script:script="C:/Users/nnalam/workspace/Arachni/Login_script_1.rb"
--report-save-path=output.afr --output-debug 2> debug.log</p>
<p>giving login plugin error</p></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-21T06:50:18Z2016-12-21T06:50:18ZSession sharing <div><p>The login script you provided could not have caused the error in
the debug log.<br>
The error says you're requiring <code>httpclient</code> but that's
nowhere in the script.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-21T17:15:36Z2016-12-21T17:15:37ZSession sharing <div><p>Hi Tasos,</p>
<p>Sorry i missed that line to put in script. Now i am running with
a different issue. I've my arachni in this foldder
"C:\Naveen\softwares\arachni\arachni-2.0dev-1.0dev-windows-x86_64"
.</p>
<p>does my "Login_script_1.rb" need to be in folder
"C:\Naveen\softwares\arachni\arachni-2.0dev-1.0dev-windows-x86_64\system\ruby\lib\ruby\gems\2.2.0\bundler\gems\arachni-15e02381d75c\components\plugins"
??</p>
<p>As I am always getting Timeout error</p>
<p>2016-12-21 11:08:34 -0500] Session:
[utilities#exception_jail:428] [Net::ReadTimeout]
Net::ReadTimeout<br>
[2016-12-21 11:08:34 -0500] Session: [utilities#exception_jail:428]
C:/Naveen/softwares/arachni/arachni-2.0dev-1.0dev-windows-x86_64/system/ruby/lib/ruby/gems/2.2.0/bundler/gems/arachni-15e02381d75c/components/plugins/login_script.rb:29:in
<code>eval' [2016-12-21 11:08:34 -0500] Session:
[utilities#exception_jail:428]
C:/Naveen/softwares/arachni/arachni-2.0dev-1.0dev-windows-x86_64/system/ruby/lib/ruby/2.2.0/net/protocol.rb:152:in</code>rbuf_fill'
[2016-12-21 11:08:34 -0500] Session: [utilities#exception_jail:428]
C:/Naveen/softwares/arachni/arachni-2.0dev-1.0dev-windows-x86_64/system/ruby/lib/ruby/2.2.0/net/protocol.rb:134:in
<code>readuntil' [2016-12-21 11:08:34 -0500] Session:
[utilities#exception_jail:428]
C:/Naveen/softwares/arachni/arachni-2.0dev-1.0dev-windows-x86_64/system/ruby/lib/ruby/2.2.0/net/protocol.rb:144:in</code>readline'
[2016-12-21 11:08:34 -0500] Session: [utilities#exception_jail:428]
C:/Naveen/softwares/arachni/arachni-2.0dev-1.0dev-windows-x86_64/system/ruby/lib/ruby/2.2.0/net/http/response.rb:39:in
`read_status_line'</p></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-22T15:45:03Z2016-12-22T15:45:04ZSession sharing <div><p>Hi Tasos,<br>
Thank you very much . Finally I was able to run successfully.</p>
<p>Can you please on this use case?</p>
<p>1) I have a login script and scanning a site which has login
with username / password.<br>
2) After logging in it takes me to home page. ..</p>
<p>Here how to run arachini scanner only for this home page and I
don't want to go any other pages( anchor links in home page. As
home page contains links to other pages and i don't want to scan
other pages)</p></div>Naveentag:support.arachni-scanner.com,2012-07-01:Comment/414069282016-12-23T13:37:38Z2016-12-23T13:37:38ZSession sharing <div><p>Glad you got it working.<br>
To configure the scope of the scan please take a look at the
<a href="https://github.com/Arachni/arachni/wiki/Command-line-user-interface#scope">
scope options</a>.</p></div>Tasos Laskos