About the differential comparison
On my race to speed the audit as much as is possible, there's a thing, if i understood well, after it crawls a webpage, Arachni will send another request to compare if the page changed so it knows to refresh tokens and such so when i see spamming
[*] Auditing: [HTTP: 200] http://page1
[~] Identified as: apache
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[*] Auditing: [HTTP: 200] http:/page2
[~] Identified as: apache
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
is doing just that
i know this is not recommended because might miss some stuff, but i was wondering how could i disable that, some modifications on parser.rb file or ...is not that easy to disable it
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 04 Aug, 2013 06:52 PM
I'm not sure what you mean, the crawl only stores URLs not pages, the pages are fetched again when it's time to audit them. When it fetches the page for the audit, it uses 2 requests so that it can look for tokens etc. but that pair of requests is concurrent, so it takes the same time as if it was just one request, so you're not missing out on the performance.
2 Posted by user021 on 04 Aug, 2013 07:03 PM
Well i been using that redundant vector plugin, it is faster but i don't get why it doesn't go even faster when there is no new form to be audited instead i see
[*] Auditing: [HTTP: 200] http://page1
[~] Identified as: apache
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
the way i see, after it crawls a page, it should know exactly what are the forms on that page/url, right ? when it come to audit just send the payload
Support Staff 3 Posted by Tasos Laskos on 04 Aug, 2013 07:08 PM
State changes, that's the whole point. If we were able to know what's going to happen beforehand the scan would be twice as fast, but we can't.
4 Posted by user021 on 04 Aug, 2013 07:16 PM
Alright then
user021 closed this discussion on 04 Aug, 2013 07:16 PM.