Scan with Complex Login Form
Dear Arachni Support,
First thank you for providing open source software for
pretension testing. I have a form that is complex because the
software that i am testing is using ext-js and they are using
javascript to submit the form. I did the following to kick of the
form.
arachni https://XXXXXXXX/iw-cc/command/iw.ui --plugin=autologin:url=https://15.126.202.110/iw-cc/command/iw.ui,params='iw_user=tstest1&iw_password=1nterW0ven,iw_domain=WIN-8K0VAIBAJQN',check='Logout|tstest1' -e https://XXXXXXXXX/iw-cc/command/iw.base.logout
[+] Web Application Security Report - Arachni Framework
[~] Report generated on: 2014-03-28 00:31:53 +0000
[~] Report false positives at: http://github.com/Arachni/arachni/issues
[+] System settings:
[~] ---------------
[~] Version: 0.4.6
[~] Revision: 0.2.8
[~] Audit started on: Fri Mar 28 00:30:39 2014
[~] Audit finished on: Fri Mar 28 00:31:51 2014
[~] Runtime: 00:01:11
[~] URL: https://XXXXXXXXXXX/iw-cc/command/iw.ui
[~] User agent: Arachni/v0.4.6
[*] Audited elements:
[~] * Links
[~] * Forms
[~] * Cookies
[*] Modules: os_cmd_injection_timing, xss, code_injection, code_injection_timing, xss_path, sqli_blind_timing, csrf, file_inclusion, path_traversal, sqli_blind_rdiff, os_cmd_injection, unvalidated_redirect, sqli, session_fixation, xss_script_tag, response_splitting, source_code_disclosure, xss_event, xpath, xss_tag, ldapi, trainer, rfi, code_injection_php_input_wrapper, private_ip, unencrypted_password_forms, captcha, password_autocomplete, mixed_resource, form_upload, html_objects, cvs_svn_users, emails, ssn, insecure_cookies, credit_card, http_only_cookies, backup_files, backdoors, interesting_responses, allowed_methods, common_files, x_forwarded_for_access_restriction_bypass, htaccess_limit, localstart_asp, common_directories, http_put, xst, directory_listing, webdav
[*] Filters:
[~] Exclude:
~
[*] Cookies:
[~] JSESSIONID = 23F52052987E451D159A37FA67003F5F
[~] ===========================
[+] 0 issues were detected.
[+] Plugin data:
[~] ---------------
[*] AutoLogin
[~] ~~~~~~~~~~~~~~
[~] Description: It looks for the login form in the user provided URL,
merges its input fields with the user supplied parameters and sets the cookies
of the response and request as framework-wide cookies to be used by the spider later on.
[+] Could not find a form suiting the provided params at: https://XXXXXXXXXXX/iw-cc/command/iw.ui
[~] 0.0% [=> ] 100%
[~] Est. remaining time: --:--:--
[~] Crawling, discovered 0 pages and counting.
[~] Sent 1 requests.
[~] Received and analyzed 1 responses.
[~] In 00:01:11
[~] Average: 0 requests/second.
[~] Burst response time total 0
[~] Burst response count total 0
[~] Burst average response time 0
[~] Burst average 0 requests/second
[~] Timed-out requests 0
[~] Original max concurrency 20
[~] Throttled max concurrency 20
Could you pelease provide me some direction on how I can get around it.
Regards and Thanks in advance,
Pratik Parikh
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 28 Mar, 2014 07:21 AM
Unfortunately there's no JavaScript support yet, you'll have to use one of the alternative ways of logging in: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...
Cheers
Tasos Laskos closed this discussion on 28 Mar, 2014 07:21 AM.
pratik.p.parikh re-opened this discussion on 28 Mar, 2014 11:34 AM
2 Posted by pratik.p.parikh on 28 Mar, 2014 11:34 AM
Do you have example of using proxy plugin? i guess i can give that a try.
Regards,
Pratik Parikh
Support Staff 3 Posted by Tasos Laskos on 28 Mar, 2014 11:36 AM
No not really, it's pretty simple, just follow the instructions and you'll be fine.
Tasos Laskos closed this discussion on 12 Apr, 2014 12:30 AM.