Proxy plugins with RPC client and Dispatcher_Grid

Raty918's Avatar

Raty918

29 Jun, 2017 02:16 PM

Hi,
First of all, i really appreciate all the work you have done. In my opinion Arachni is a good and robust tool for pentesting.
I'm currently learning Unix and networks, so i'm a false begineer in this domain, but I really want to understand things.

I have a question about proxy plugin with the arachni_rpc command.

Basically, i have an arachni_rpc_client and an arachni dispatcher_grid(172.23.0.3), both in docker containers.
I've run the following command:

root@b27d7759eccb:/arachni# bin/arachni_rpc --dispatcher-url 172.23.0.3:7331  --plugin=proxy:port=8282,bind_address=172.23.0.3  http://testhtml5.vulnweb.com/ --spawns=1 --grid-mode=balance --checks=xss* --report-save-path=/home/arachniwebreport/reportafr/report.afr --scope-directory-depth-limit=1  --scope-page-limit=1
Here is the Output:
Arachni - Web Application Security Scanner Framework v1.5.1
Author: Tasos "Zapotek" Laskos <[email blocked]>
(With the support of the community and the Arachni Team.)


Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki


[~] 0 issues have been detected.
[~] Status: Paused
[~] Sent 0 requests.
[~] Received and analyzed 0 responses.
[~] In 00:19:49 . . .

Here are my questions:
1) Is it normal for the status to be in "paused" ?
2) How can i "launch" the analyze ?
3) Does Arachni set the proxy at the dispatcher grid url (172.23.0.3) ? If yes, how ?
4) Is it the good way to set the proxy at the dispatcher_grid host ?

Thanks,

  1. Support Staff 1 Posted by Tasos Laskos on 01 Jul, 2017 11:23 AM

    Tasos Laskos's Avatar
    1. The scan is paused because it's waiting for you to use the proxy first.
    2. Once you shut down the proxy by visiting http://arachni.proxy/shutdown the scan will resume.
    3. Yeah the proxy will run on the Dispatcher that provided the Instance.
    4. Pardon?
  2. 2 Posted by Raty918 on 03 Jul, 2017 09:08 AM

    Raty918's Avatar

    Hi Tasos,

    First of all, thank you for your response. I really appreciate it.

    4) Sorry, my last question was not really clear.

    Basically, i have a rpc client and a rpc server ( a dispatcher_grid linked to others dispatchers).

    I wanted to know if it is a good practice to set the proxy plugin on the rpc server (dispatcher_grid)

    5) And last question, i made a netstat, to see if the proxy port (8282) was opened when i had set the proxy. But i didn't see 8282 opened on any dispatchers.

  3. 3 Posted by Raty918 on 03 Jul, 2017 11:29 AM

    Raty918's Avatar

    Edit:

    5) My bad, it is perfectly working, i'm just blind

  4. Support Staff 4 Posted by Tasos Laskos on 04 Jul, 2017 01:31 PM

    Tasos Laskos's Avatar
    1. The plugin will work on the machine which provided the scanner Instance, i.e. one of the Dispatchers, there's no way around that.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac