Home → Questions →

How to use proxy on mac via Web UI

• Edit

Ozhan

07 Jul, 2013 07:52 PM

Hi,
I am trying to use the proxy via web UI on mac. arachni_web is running ok on mac osx 10.8. I am accessing it from other pc on the same network and dispatcher is running on another linux pc on the same network again.

My question is I am not able to use the proxy to catch the login traffic. I couldn't find a good tutorial about it.

Basically I need to run the proxy on the mac as well as the arachni_web. the dispatcher on linux and I would like to use them with my main pc via Web UI.

I tried to use the proxy with firefox on mac but it can't connect like my main pc.

I am using Arachni v0.4.3 WebUI v0.4.1

1. Support Staff 1 Posted by Tasos Laskos on 07 Jul, 2013 10:16 PM

   

   The way this works is that Dispatchers provide you with Instances, those Instances are the actual scanners and have/run all the plugins. So, when you configure the proxy plugin, it'll run on the machine on which the Instance is running -- that'll be the machine of the Dispatcher you chose[1].

   So when you configure your browser, you pass the IP address of the Dispatcher and the port you selected for the proxy.
   Also, you'll have to use a different instance of your browser (or a different browser altogether) for the proxy since otherwise all traffic will pass through it and you won't be able to access the Web interface.
   Or exclude the IP address of the WebUI from being proxied, if your browser provides for such an option.

   I'll keep this issue open while you try this out in case you have any more questions.

   Cheers

   [1] Unless you messed with the Grid settings or anything but I'm assuming that you're running a normal scan.

   • Edit

2. Support Staff 2 Posted by Tasos Laskos on 07 Jul, 2013 10:21 PM

   

   Ah, I forgot to mention, if all you need to do is authenticate yourself, you can use the autologin plugin, it doesn't require any user interaction once you configure it.

   You can find instructions for all the available ways you can login here: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...

   • Edit

3. 3 Posted by Ozhan on 08 Jul, 2013 06:16 AM

   

   Good Morning Tasos,

   Thanks for quick reply. I am now just using the linux machine (mac had some issues to finish scans). Both the arachni_web and arachni_rpcd are running on linux machine..

   I am using firefox to get the proxy and using chrome to access arachni WebUI. I gave the ip and port of the dispatcher machine to ff with proxy but it is not working.

   The application I am trying to scan using ajax to login so I need to catch the login request via proxy. or I need to provide the session ID or a cookie I guess.

   Are there any chance to use the cookies or session id via WebUI?

   But first I would like to use the proxy for training the applicaiton.

   PS: I might have some other questions about Royal Holloway in future :) I'll try to reach you by email.

   Thanks in advance.

   • Edit

4. Support Staff 4 Posted by Tasos Laskos on 08 Jul, 2013 11:45 AM

   

   Hi,

   Not sure if you meant to write that or not but just to make sure, you don't pass the port of the Dispatcher, you pass the port with which you configured the proxy (8282 by default).

   And yeah the profiles have cookies option under the HTTP section.

   Cheers

   PS. Sure think, drop me a line.

   • Edit

5. 5 Posted by Ozhan on 08 Jul, 2013 01:06 PM

   

   Hi again,

   Sorry my message was not clear. I am passing the port of the proxy as 8284. I am not able to connect to the proxy with the other pc.

   The linux machine(running the webUI and dispatcher) is on the ip 192.168.0.26 and I am on a windows machine with firefox 192.168.0.20.

   In the WebUI I selected in the proxy menu as for;
   Port to bind to (port):8284
   IP address to bind to (bind_address): 192.168.0.26
   (session_token): is empty
   timeout: 20000

   Also I couldn't find the cookies under HTTP section in profiles.
   I just have
   Http req limit:
   User agent:
   Request timeout:

   then Auditor starts.

   Thanks again :)

   • Edit

6. 6 Posted by Ozhan on 08 Jul, 2013 01:11 PM

   

   Sorry my bad about the cookies I found it :)

   • Edit

7. Support Staff 7 Posted by Tasos Laskos on 08 Jul, 2013 02:00 PM

   

   Wait, the audit shouldn't start automatically if the proxy plugin has been enabled. Once you start the scan, it should immediately be in a paused state.
   Are you sure you're using the correct profile for the scan, as in, the one you configured with the proxy?

   This may sound silly, but, did you actually check the checkbox for the proxy plugin or just fill in its configuration options?

   • Edit

8. 8 Posted by Ozhan on 08 Jul, 2013 05:03 PM

   

   I am also using the spider. Should I set link count limit to 0?

   using correct profile and checked the checkbox for proxy plugin.

   I am also having some trouble that stops arachni_web (quits from process and returns to shell) but if I notice it I start it again on the same terminal and it seems like it can continue where it stopped.

   @@@
   192.168.0.20 - - [08/Jul/2013 18:06:58] "GET /navigation HTTP/1.1" 304 - 0.0725
   192.168.0.20 - - [08/Jul/2013 18:06:59] "GET /scans/6.js?overview=false&scan_id=6&tab=all HTTP/1.1" 200 - 0.2438
   192.168.0.20 - - [08/Jul/2013 18:07:03] "GET /navigation HTTP/1.1" 304 - 0.1623
   192.168.0.20 - - [08/Jul/2013 18:07:04] "GET /scans/6.js?overview=false&scan_id=6&tab=all HTTP/1.1" 200 - 0.5469
   /root/Desktop/arc/system/gems/gems/sqlite3-1.3.7/lib/sqlite3/statement.rb:108:in `step': SQLite3::CantOpenException: unable to open database file: UPDATE "dispatchers" SET "updated_at" = ?, "statistics" = ? WHERE "dispatchers"."id" = 1 (ActiveRecord::StatementInvalid)
   from /root/Desktop/arc/system/gems/gems/sqlite3-1.3.7/lib/sqlite3/statement.rb:108:in `block in each'
   from /root/Desktop/arc/system/gems/gems/sqlite3-1.3.7/lib/sqlite3/statement.rb:107:in `loop'
   from /root/Desktop/arc/system/gems/gems/sqlite3-1.3.7/lib/sqlite3/statement.rb:107:in `each'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/sqlite3_adapter.rb:313:in `to_a'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/sqlite3_adapter.rb:313:in `block in exec_query'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/abstract_adapter.rb:425:in `block in log'
   from /root/Desktop/arc/system/gems/gems/activesupport-4.0.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/abstract_adapter.rb:420:in `log'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/sqlite3_adapter.rb:292:in `exec_query'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/sqlite3_adapter.rb:318:in `exec_delete'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/abstract/database_statements.rb:102:in `update'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/abstract/query_cache.rb:14:in `update'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/persistence.rb:489:in `update_record'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/locking/optimistic.rb:70:in `update_record'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/attribute_methods/dirty.rb:74:in `update_record'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/callbacks.rb:307:in `block in update_record'
   from /root/Desktop/arc/system/gems/gems/activesupport-4.0.0/lib/active_support/callbacks.rb:373:in `_run__31252317__update__callbacks'
   from /root/Desktop/arc/system/gems/gems/activesupport-4.0.0/lib/active_support/callbacks.rb:80:in `run_callbacks'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/callbacks.rb:307:in `update_record'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/timestamp.rb:70:in `update_record'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/persistence.rb:466:in `create_or_update'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/callbacks.rb:299:in `block in create_or_update'
   from /root/Desktop/arc/system/gems/gems/activesupport-4.0.0/lib/active_support/callbacks.rb:403:in `_run__31252317__save__callbacks'
   from /root/Desktop/arc/system/gems/gems/activesupport-4.0.0/lib/active_support/callbacks.rb:80:in `run_callbacks'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/callbacks.rb:299:in `create_or_update'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/persistence.rb:106:in `save'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/validations.rb:51:in `save'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/attribute_methods/dirty.rb:32:in `save'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/transactions.rb:270:in `block (2 levels) in save'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/transactions.rb:326:in `block in with_transaction_returning_status'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/abstract/database_statements.rb:202:in `block in transaction'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/abstract/database_statements.rb:210:in `within_new_transaction'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/connection_adapters/abstract/database_statements.rb:202:in `transaction'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/transactions.rb:209:in `transaction'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/transactions.rb:323:in `with_transaction_returning_status'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/transactions.rb:270:in `block in save'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/transactions.rb:281:in `rollback_active_record_state!'
   from /root/Desktop/arc/system/gems/gems/activerecord-4.0.0/lib/active_record/transactions.rb:269:in `save'
   from /root/Desktop/arc/system/arachni-ui-web/app/models/dispatcher.rb:205:in `block in refresh'
   from /root/Desktop/arc/system/gems/gems/arachni-rpc-em-0.2/lib/arachni/rpc/em/client/handler.rb:82:in `call'
   from /root/Desktop/arc/system/gems/gems/arachni-rpc-em-0.2/lib/arachni/rpc/em/client/handler.rb:82:in `receive_response'
   from /root/Desktop/arc/system/gems/gems/arachni-rpc-em-0.2/lib/arachni/rpc/em/protocol.rb:97:in `receive_object'
   from /root/Desktop/arc/system/gems/gems/arachni-rpc-em-0.2/lib/arachni/rpc/em/protocol.rb:60:in `receive_data'
   from /root/Desktop/arc/system/gems/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:in `run_machine'
   from /root/Desktop/arc/system/gems/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:in `run'
   from /root/Desktop/arc/system/gems/gems/thin-1.5.1/lib/thin/backends/base.rb:63:in `start'
   from /root/Desktop/arc/system/gems/gems/thin-1.5.1/lib/thin/server.rb:159:in `start'
   from /root/Desktop/arc/system/gems/gems/rack-1.5.2/lib/rack/handler/thin.rb:16:in `run'
   from /root/Desktop/arc/system/gems/gems/rack-1.5.2/lib/rack/server.rb:264:in `start'
   from /root/Desktop/arc/system/gems/gems/rack-1.5.2/lib/rack/server.rb:141:in `start'
   from /root/Desktop/arc/system/gems/gems/rack-1.5.2/bin/rackup:4:in `<top (required)>'
   from /root/Desktop/arc/bin/../system/gems/bin/rackup:23:in `load'
   from /root/Desktop/arc/bin/../system/gems/bin/rackup:23:in `<main>'
   @@@

   • Edit

9. Support Staff 9 Posted by Tasos Laskos on 08 Jul, 2013 05:14 PM

   

   Yeah, as the welcome screen said, SQLite3 is the default DB but that's so that you can get to try it before going to the trouble of setting up a real DB like PostgreSQL.
   If you want to through some real loads at it, you'll be better off with PostgreSQL.

   Given everything, my best guess is that there's already a process listening on that port, try changing the port of the proxy and let me know how it works.

   • Edit

10. Support Staff 10 Posted by Tasos Laskos on 08 Jul, 2013 09:57 PM

    

    Also, after you configure the proxy plugin, does it appear in the list of plugins when viewing (not editing) the profile?

    • Edit

11. 11 Posted by Ozhan on 09 Jul, 2013 08:21 AM

    

    Hi,

    I switched to PostgreSQL.

    The proxy plugin appears in the list of plugins when looking at the default profile.

    I am using firefox to go through proxy but it stuck at connecting. Changed the port to 11871 but no solution.

    • Edit

12. Support Staff 12 Posted by Tasos Laskos on 09 Jul, 2013 11:47 AM

    

    Does the Instance start in a paused state?

    • Edit

13. 13 Posted by Ozhan on 09 Jul, 2013 12:23 PM

    

    Yes, but no answer from proxy.

    • Edit

14. Support Staff 14 Posted by Tasos Laskos on 09 Jul, 2013 12:32 PM

    

    Are there any error logs under system/logs/framework?

    • Edit

15. 15 Posted by Ozhan on 09 Jul, 2013 02:41 PM

    

    Here you can find it as attachment :) There is something definitely going wrong with proxy plugin.

    • Instance_-_885-31069.error.log 13.6 KB
    • Edit

16. Support Staff 16 Posted by Tasos Laskos on 09 Jul, 2013 02:49 PM

    

    What the hell...This should either happen to everyone or no-one, doesn't make sense. What package did you download, for what arch?

    • Edit

17. 17 Posted by Ozhan on 09 Jul, 2013 02:58 PM

    

    I have the file from this URL yesterday.

    http://downloads.arachni-scanner.com/arachni-0.4.3-0.4.1-linux-x86_64.tar.gz

    This x86_64 is working on latest ubuntu 13.04, I also tried the x86_32 one on kali linux.

    • Edit

18. Support Staff 18 Posted by Tasos Laskos on 09 Jul, 2013 03:37 PM

    

    I reproduced it, this code hasn't changed in a long time, no idea why it only now started complaining -- and for some reason this only happens when you use the packages. I'll fix it and you'll be able to grab one of the nightlies in a few hours and get going again.

    Apologies for all the trouble.

    • Edit

19. 19 Posted by Ozhan on 09 Jul, 2013 03:42 PM

    

    No worries neighbor :)

    I really appreciate your effort and the work you done.

    Is there anything that I can help you with arachni? You can look my skills in my linked in profile. I would like to help this project.

    • Edit

20. Support Staff 20 Posted by Tasos Laskos on 09 Jul, 2013 03:49 PM

    

    You've already started actually, testing and providing feedback is one of the most important things in this process. And I've started work on v0.5 which will have loads of fresh code so testing it will be pivotal.

    • Edit

21. 21 Posted by Ozhan on 09 Jul, 2013 04:08 PM

    

    Sure, I'll be back with my feedbacks after the relase :)

    • Edit

22. Support Staff 22 Posted by Tasos Laskos on 09 Jul, 2013 04:38 PM

    

    Fix: https://github.com/Arachni/arachni/commit/841b8095a1e6d8d774c5ee137...

    A class named TemplateScope was causing an out-of-scope error...how's that for irony?

    Will update this ticket once the nightlies are refreshed to you can try it out.

    • Edit

23. Support Staff 23 Posted by Tasos Laskos on 09 Jul, 2013 06:29 PM

    

    All done, give these a shot and let me know: http://downloads.arachni-scanner.com/nightlies/

    • Edit

24. 24 Posted by Ozhan on 10 Jul, 2013 11:02 AM

    

    Hi Tasos,

    Proxy is working fine now :)

    I have some other errors with scans. I'll post later with individual topics so you can track them later.

    Have a nice day!

    • Edit

25. Support Staff 25 Posted by Tasos Laskos on 10 Jul, 2013 12:06 PM

    

    Hey Ozhan

    Cool, would love to take a look at those, for scan errors though this is the right place: https://github.com/Arachni/arachni/issues

    Closing this and same to you too.

    • Edit

26. Tasos Laskos closed this discussion on 10 Jul, 2013 12:06 PM.

27. Tasos Laskos re-opened this discussion on 11 Jul, 2013 01:48 PM

28. Support Staff 26 Posted by Tasos Laskos on 11 Jul, 2013 01:48 PM

    

    Also, if you could let me know about those errors today that'd be great as I'd like to push a bugfix release over the weekend.

    • Edit

29. Tasos Laskos closed this discussion on 11 Jul, 2013 01:48 PM.