Login_Script check pattern failing
Hi,
I'm interested if anyone could help me a bit with my logging issue. I just started to use Arachni, I've found several discussions with similar errors but I couldn't manage to solve this. Here is the command for running arachni scan:
arachni https://appURL/login?TargetUrl=/ --plugin=login_script:browser=chrome,script=.\..\..\test\login2.js --http-response-max-size=1500000 --browser-cluster-job-timeout=50 --session-check-url=https://appURL/#/userMgmt --session-check-pattern="Home" --scope-exclude-pattern="logout|Logout"
Here is my login2.js content:
document.getElementById( "username" ).value = "admin";
document.getElementById( "password" ).value = "mypassword";
document.getElementById( "loginButton" ).click();
I get the following error:
Login script: [components/plugins/login_script#set_status:99] The script was executed successfully, but the login check failed.
If I change the --session-check-pattern=/.*/ the log says that the login was successful but I don't think that it's properly logging in as per se: http://support.arachni-scanner.com/discussions/questions/12891-logi...
I have Windows 10 and working with arachni 1.5.1-0.5.12 windows version.
I attached the debug 3 level log.
Any idea?
Thanks in advance!
Szilvia
- arachni_debug_3.txt 13.4 KB
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 26 Aug, 2017 04:48 PM
Are you sure your script is actually working? The JS will run in the browser like usual and this means that it'll work asynchronously and have all the drawbacks of that environment.
If you're not sure about what's going on you should switch to a Ruby script, that'll allow for greater control and for easier debugging.
2 Posted by Szilvia Molnár on 29 Aug, 2017 03:08 PM
Hi Tasos,
Thank you for the quick reply!
I tried it with Ruby script, but in this case I get the attached error message. I don't know which element it can't find...
Here is my rb scipt:
I checked in chrome dev mode that all of the UI elements (username, password, loginButton) are present in the login page.
Thanks,
Szilvi
3 Posted by Szilvia Molnár on 29 Aug, 2017 03:14 PM
Ohh, BTW the browser.goto and the session.check_url is set properly in the script (browser.goto 'URL/login?TargetUrl=/') it just looks like that during the submission process of my answer somehow it disappeared from my answer...
Support Staff 4 Posted by Tasos Laskos on 30 Aug, 2017 07:56 PM
The error message says it all, is the element actually interactable and visible or do you need to trigger some other DOM event to bring it out?
Also, your
check_url
may not work, it won't be loaded in a browser, it'll be requested over HTTP, so the URL fragment won't matter.