tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/1681-auto-redundant-for-formsArachni: Discussion 2013-09-21T15:22:41Ztag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T16:12:08Z2013-08-03T16:12:08ZAuto-redundant for forms?<div><p>There's no option for it but I'll write a small plugin for you,
will take me 5mins or so.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T16:19:22Z2013-08-03T16:19:22ZAuto-redundant for forms?<div><p>thx in advance : )</p></div>user021tag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T16:30:58Z2013-08-03T16:30:58ZAuto-redundant for forms?<div><p>No problem. However, I needed to update something in the core
libs to make this work so it'll take me a while to push and
nightlies.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T16:45:24Z2013-08-03T16:45:24ZAuto-redundant for forms?<div><p>Here's the plugin, will let you know once the nightlies have
been uploaded.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T18:16:14Z2013-08-03T18:16:14ZAuto-redundant for forms?<div><p>Done: <a href=
"http://downloads.arachni-scanner.com/nightlies/">http://downloads.arachni-scanner.com/nightlies/</a></p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T20:52:14Z2013-08-03T20:52:14ZAuto-redundant for forms?<div><p>Ok, i took the last nightfiles, copy the redundant_vectors.rb
into Arachni folder
/system/gems/bundler/gems/arachni-59be29fd55b2/plugins and ran a
short scan like :</p>
<p>./arachni --audit-link --audit-forms --modules=sqli
--http-timeout=28000 --link-count=3 --plugin=redundant_vectors
'<a href=
"http://www.camillelavie.com/Dresses-Prom-Dresses.cfm&#39">http://www.camillelavie.com/Dresses-Prom-Dresses.cfm&#39</a>;</p>
<p>and i see</p>
<p>[*] SQL Injection: Auditing form variable 'Parameter flip' with
action '<a href=
"http://www.camillelavie.com/c-ml100.cfm&#39">http://www.camillelavie.com/c-ml100.cfm&#39</a>;.
[*] SQL Injection: Auditing form variable 'Parameter flip' with
action '<a href=
"https://www.camillelavie.com/c-sr100.cfm&#39">https://www.camillelavie.com/c-sr100.cfm&#39</a>;.</p>
<p>why it doesn't work</p></div>user021tag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T22:26:43Z2013-08-03T22:26:43ZAuto-redundant for forms?<div><p>That's not an actual parameter, it's a special thing to provide
more coverage. However, looking at this again, this will create a
problem as it's a global filter. If the a module audits a vector
then that vector won't be audited by any other module.</p>
<p>So all in all, what you want isn't really possible -- not now at
least, it'll be possible with v0.5.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T22:37:28Z2013-08-03T22:37:28ZAuto-redundant for forms?<div><p>Also, I had a typo in there.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T22:44:40Z2013-08-03T22:44:40ZAuto-redundant for forms?<div><p>Still, better not try this.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T22:52:04Z2013-08-03T22:52:04ZAuto-redundant for forms?<div><p>Ah no sorry, the elements have access to the module that
submitted them so I can update this to work properly. Give me
10.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-03T22:54:41Z2013-08-03T22:54:41ZAuto-redundant for forms?<div><p>Give that a shot, it should do what you want.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-08-04T09:16:25Z2013-08-04T09:16:25ZAuto-redundant for forms?<div><p>It rocks, exactly what i want.</p></div>user021tag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-09-21T14:16:34Z2013-09-21T14:16:34ZAuto-redundant for forms?<div><p>It still works but i just wanted to ask if is possible to speed
things up a little, thing is that when come to audit a URLs that
doesn't have any new forms, it ignores all of them like it should
but gets stuck for like 2-3 seconds (depends) to Harvest HTTP
responses...maybe could be an easy fix that i can do myself to
speed it up xD</p>
<p>ps: sorry for bothering you on weekend</p></div>user021tag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-09-21T15:06:34Z2013-09-21T15:06:34ZAuto-redundant for forms?<div><p>Unfortunately you can't do anything about that now. This will
change though with v0.5.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-09-21T15:15:18Z2013-09-21T15:15:18ZAuto-redundant for forms?<div><p>Don't wanna put any pressure, just wondering, what's the eta for
the v0.5</p></div>user021tag:support.arachni-scanner.com,2012-07-01:Comment/280952922013-09-21T15:22:37Z2013-09-21T15:22:37ZAuto-redundant for forms?<div><p>No idea, I don't work based on a schedule since I won't be able
to keep it anyways. Will be at least a few months though.</p></div>Tasos Laskos