service scanning using REST api.

pk's Avatar

pk

13 Dec, 2017 09:35 AM

I am trying to perform service scanning using REST API using the below data in the body.
I am able to do it using the command line.
I need help to do this using the API. How and where should I specify the proxy address and port and use a browser to walk through the application before starting the scan?

{
  "url" : "http://demo.testfire.net/",
  "http" : {
    "user_agent" : "Arachni/v2.0dev",
    "request_timeout" : 10000,
    "request_redirect_limit" : 5,
    "request_concurrency" : 20,
    "request_queue_size" : 100,
    "request_headers" : {},
    "response_max_size" : 500000,
    "cookies" : {}
  },
  "audit" : {
    "parameter_values" : true,
    "exclude_vector_patterns" : [],
    "include_vector_patterns" : [],
    "link_templates" : []
  },
  "input" : {
    "values" : {},
    "default_values" : {
      "(?i-mx:name)" : "arachni_name",
      "(?i-mx:user)" : "arachni_user",
      "(?i-mx:usr)" : "arachni_user",
      "(?i-mx:pass)" : "5543!%arachni_secret",
      "(?i-mx:txt)" : "arachni_text",
      "(?i-mx:num)" : "132",
      "(?i-mx:amount)" : "100",
      "(?i-mx:mail)" : "[email blocked]",
      "(?i-mx:account)" : "12",
      "(?i-mx:id)" : "1"
    },
    "without_defaults" : false,
    "force" : false
  },
  "browser_cluster" : {
    "wait_for_elements" : {},
    "pool_size" : 6,
    "job_timeout" : 25,
    "worker_time_to_live" : 100,
    "ignore_images" : false,
    "screen_width" : 1600,
    "screen_height" : 1200
  },
  "scope" : {
    "redundant_path_patterns" : {},
    "dom_depth_limit" : 5,
    "exclude_path_patterns" : [],
    "exclude_content_patterns" : [],
    "include_path_patterns" : [],
    "restrict_paths" : [],
    "extend_paths" : [],
    "url_rewrites" : {}
  },
  "session" : {},
  "checks" : ["*"],
  "platforms" : [],
  "plugins" : {},
  "no_fingerprinting" : false,
  "authorized_by" : null
}
  1. 1 Posted by kumar on 14 Dec, 2017 05:09 AM

    kumar's Avatar

    I am trying something similar. Can someone help on this?

  2. Support Staff 2 Posted by Tasos Laskos on 19 Dec, 2017 04:20 PM

    Tasos Laskos's Avatar

    Try:

    {
        "plugins": {
            "proxy": {
                // Set options as usual.
                "port": 9999
            }
        }
    }
    
  3. Support Staff 3 Posted by Tasos Laskos on 19 Dec, 2017 04:21 PM

    Tasos Laskos's Avatar

    About using the browsers, you train Arachni using something external via that proxy, Arachni can't crawl services.

  4. 4 Posted by pk on 21 Dec, 2017 07:01 AM

    pk's Avatar

    Thanks for the response.
    I want to proxy some traffic through Arachni Rest API Client,
    I used the following Config when I tried to initiate a scan(via. API), but it doesn't seem to be working:
    POST: http://localhost:7331/scans

    { "url" : "http://taget-site.xyz/", "plugins": { "port": 9090, "address": "127.0.0.1" } }

    Am I making a mistake somewhere?
    I have attached a screeshot of the error.

    Thanks.

  5. Support Staff 5 Posted by Tasos Laskos on 21 Dec, 2017 07:31 AM

    Tasos Laskos's Avatar

    You missed the proxy plugin, under which the options should be defined, you've set them for the entire plugins section.

  6. 6 Posted by pk on 21 Dec, 2017 09:18 AM

    pk's Avatar

    I am able to proxy the traffic from the browser with this.
    { "url" : "http://demo.testfire.net/", "plugins" : { "proxy": { "port": 9090, "address": "127.0.0.1" } } }

    how can i stop the proxy and resume the scan through the API?

        "status": "paused",
        "busy": true,
        "seed": "4bbef28d30ae512e1437562218167ceb",
        "statistics": {
            "http": {
                "request_count": 35,
                "response_count": 35,
    
  7. Support Staff 7 Posted by Tasos Laskos on 21 Dec, 2017 09:21 AM

    Tasos Laskos's Avatar

    You need to request http://arachni.proxy/shutdown via the proxy.

  8. 8 Posted by pk on 21 Dec, 2017 09:31 AM

    pk's Avatar

    It works! Thanks a lot.

  9. Tasos Laskos closed this discussion on 22 Dec, 2017 01:04 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac