Problem with autologin plugin
I am testing web application which requires authorization that is why I am using autologin plugin. I run Arachni by:
arachni.bat http://10.00.00.00/ --plugin=autologin:url=http://10.00.00.00/Login,parameters="Email=admin&Password=password",check="Logout|admin" --scope-exclude-pattern=Logout
Unfortunately Arachni only scans websites accessible without being logged in.
I suppose that I can't log in because of anty-CSRF token, which has to be send with the request.
How should I configure this plugin for such a form?
That is the part of HTML with form I am trying to submit:
<form action="/Login" method="post" role="form" novalidate="novalidate"><input name="__RequestVerificationToken" value="IohkhjkhjhhkFF9ZvHo1" type="hidden"> <div class="row">
<div class="col-lg-2">
<label class="control-label" for="Email">Login</label>
<input class="form-control full-site input-sm" data-val="true" data-val-required="Test" id="Email" name="Email" value="" type="text">
<span class="field-validation-valid text-danger" data-valmsg-for="Email" data-valmsg-replace="true"></span>
</div>
<div class="col-lg-2">
<label class="control-label" for="Password">Password</label>
<input class="form-control full-site input-sm" data-val="true" data-val-required="Test" id="Password" name="Password" value="" type="password">
<span class="field-validation-valid text-danger" data-valmsg-for="Password" data-valmsg-replace="true"></span>
</div>
</div>
<div class="row">
<div class="col-lg-12">
<hr>
<input class="btn btn-success" value="Log in" type="submit">
</div>
</div>
</form>
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 21 Aug, 2017 04:52 PM
Does the autologin plugin work properly or does it give you an error?