Load proxy plugin

Peters's Avatar

Peters

10 Oct, 2012 09:23 PM

I'm trying to tell arachni server to load proxy plugin before starting it. I know a request should in format:
{

'message'     => msg, # RPC message in the form of 'handler.method'
'args'        => args, # optional array of arguments for the remote method
'token'       => token, # optional authentication token

}

The message here I put "plugins.load". But how to specify the proxy plugin's parameters, for example the ip address and port, to be loaded. What should I pass to args? I searched for documentation but can't find the answer.
Looking forward to your reply. Thank you.

  1. Support Staff 1 Posted by Tasos Laskos on 10 Oct, 2012 09:59 PM

    Tasos Laskos's Avatar

    Here you go:

    {
        'message'     => 'plugins.load',
        # plugins.load expects only one argument so only one item in the args array
        'args'        => [
            {
                'proxy' => {
                    'port'         => 8080,
                    'bind_address' => '127.0.0.2'
                }
            }
        ],
    
        # the token included in the instance info hash as returned
        # by the Dispatcher's 'dispatch' method
        'token'       => 'instance-token-here'
    }
    
  2. Tasos Laskos closed this discussion on 10 Oct, 2012 09:59 PM.

  3. Tasos Laskos re-opened this discussion on 10 Oct, 2012 10:04 PM

  4. Support Staff 2 Posted by Tasos Laskos on 10 Oct, 2012 10:04 PM

    Tasos Laskos's Avatar

    Also, I'm guessing that you're writing your own client, so these simple implementations should serve as a nice reference:

  5. Tasos Laskos closed this discussion on 10 Oct, 2012 10:04 PM.

  6. Peters re-opened this discussion on 11 Oct, 2012 09:09 PM

  7. 3 Posted by Peters on 11 Oct, 2012 09:09 PM

    Peters's Avatar

    Hello Tasos,

    Thank you for your reply. Actually I'm working on implementing "manual scan" functionality, meaning that you can click around on target sites, send all requests through arachni's proxy, let arachni audit on what you clicked and get the report. At first I tried to start a arachni automated scan with proxy plugin loaded, but the proxy cannot be set up and listen on proxy port I expected. If I use command line, like "arachni http://example.com --plugin=proxy", things works fine. Could you give me some insight on this? Very appreciate.

    Best,
    peters

  8. Support Staff 4 Posted by Tasos Laskos on 11 Oct, 2012 09:19 PM

    Tasos Laskos's Avatar

    Any errors on the server-side? For example this will work fine:

    require 'arachni'
    require 'arachni/rpc/client'
    
    include Arachni
    
    dispatcher = RPC::Client::Dispatcher.new( Options.instance, 'localhost:7331' )
    instance_info = dispatcher.dispatch
    
    instance = RPC::Client::Instance.new( Options.instance, instance_info['url'],
                                          instance_info['token'] )
    
    instance.opts.url = 'http://testfire.net'
    
    # only audit forms
    instance.opts.audit :forms
    
    # load all XSS modules
    instance.modules.load 'xss*'
    
    instance.plugins.load(
        'proxy' => {
            'port'         => 8181,
            'bind_address' => '127.0.0.2'
        }
    )
    
    instance.framework.run
    
    print 'Running.'
    while instance.framework.busy?
        print '.'
        sleep 1
    end
    puts
    
    puts
    puts 'Logged issues:'
    puts instance.framework.auditstore.issues.
             map { |issue| "  * #{issue.name} for input '#{issue.var}' at '#{issue.url}'." }.join( "\n" )
    
  9. 5 Posted by Peters on 11 Oct, 2012 10:09 PM

    Peters's Avatar

    It works now. The error located in my own code. Thank you very much for your help. Really appreciate.

    Best,
    Peters

  10. Support Staff 6 Posted by Tasos Laskos on 11 Oct, 2012 10:14 PM

    Tasos Laskos's Avatar

    No problem, glad you got it working.

  11. Tasos Laskos closed this discussion on 11 Oct, 2012 10:14 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac