Login_Script check pattern failing

Szilvia Molnar's Avatar

Szilvia Molnar

24 Aug, 2017 02:16 PM

Hi,

I'm interested if anyone could help me a bit with my logging issue. I just started to use Arachni, I've found several discussions with similar errors but I couldn't manage to solve this. Here is the command for running arachni scan:

arachni https://appURL/login?TargetUrl=/ --plugin=login_script:browser=chrome,script=.\..\..\test\login2.js --http-response-max-size=1500000 --browser-cluster-job-timeout=50 --session-check-url=https://appURL/#/userMgmt --session-check-pattern="Home" --scope-exclude-pattern="logout|Logout"

Here is my login2.js content:

document.getElementById( "username" ).value = "admin";
document.getElementById( "password" ).value = "mypassword";
document.getElementById( "loginButton" ).click();

I get the following error:

Login script: [components/plugins/login_script#set_status:99] The script was executed successfully, but the login check failed.

If I change the --session-check-pattern=/.*/ the log says that the login was successful but I don't think that it's properly logging in as per se: http://support.arachni-scanner.com/discussions/questions/12891-logi...

I have Windows 10 and working with arachni 1.5.1-0.5.12 windows version.
I attached the debug 3 level log.
Any idea?

Thanks in advance!
Szilvia

  1. Support Staff 1 Posted by Tasos Laskos on 26 Aug, 2017 04:48 PM

    Tasos Laskos's Avatar

    Are you sure your script is actually working? The JS will run in the browser like usual and this means that it'll work asynchronously and have all the drawbacks of that environment.

    If you're not sure about what's going on you should switch to a Ruby script, that'll allow for greater control and for easier debugging.

  2. 2 Posted by Szilvia Molnár on 29 Aug, 2017 03:08 PM

    Szilvia Molnár's Avatar

    Hi Tasos,

    Thank you for the quick reply!
    I tried it with Ruby script, but in this case I get the attached error message. I don't know which element it can't find...
    Here is my rb scipt:

    browser.goto '<URL>/login?TargetUrl=/'
    
    browser.text_field( :id => 'username' ).set('admin')
    browser.text_field( :id => 'password' ).set('password')
    browser.input( :id => 'loginButton' ).click
    sleep(3)
    framework.options.session.check_url = '<URL>/#/userMgmt'
    framework.options.session.check_pattern = 'Home'
    

    I checked in chrome dev mode that all of the UI elements (username, password, loginButton) are present in the login page.

    Thanks,
    Szilvi

  3. 3 Posted by Szilvia Molnár on 29 Aug, 2017 03:14 PM

    Szilvia Molnár's Avatar

    Ohh, BTW the browser.goto and the session.check_url is set properly in the script (browser.goto 'URL/login?TargetUrl=/') it just looks like that during the submission process of my answer somehow it disappeared from my answer...

  4. Support Staff 4 Posted by Tasos Laskos on 30 Aug, 2017 07:56 PM

    Tasos Laskos's Avatar

    The error message says it all, is the element actually interactable and visible or do you need to trigger some other DOM event to bring it out?

    Also, your check_url may not work, it won't be loaded in a browser, it'll be requested over HTTP, so the URL fragment won't matter.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Already uploaded files

  • arachni_debug_3.txt 13.4 KB

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac