Home → Problems →

Auto Login

• Edit

Ramakrishna

01 Jul, 2014 11:47 AM

Hi Team,

i have launched a scan using autologin
arachni http://testfire.net --plugin=autologin:url=http://testfire.net/bank/login.aspx,params='uid=jsmith&pass... Off|MY ACCOUNT' -e logout.aspx --report=json:outfile=testfire.json ,i got 74 issues

while i used the below code i got 28 issues
opts.plugins['autologin']= {
'url' => 'http://testfire.net/bank/login.aspx&#39;, 'params' => 'uid=jsmith&passw=Demo1234', 'check' =>'Sign Off|MY ACCOUNT' } opts.exclude << 'logout.aspx' # configure the json and stdout reports opts.reports = { 'json' => { 'outfile' => 'testfire.json' } }

even login url and params are same, why i am getting different issues,please let me know the correct code.
Thanks in advance

1. Support Staff 1 Posted by Tasos Laskos on 01 Jul, 2014 11:58 AM

   

   Hi,

   Could you show me the entire code please?

   Cheers

   • Edit

2. 2 Posted by Ramakrishna on 02 Jul, 2014 05:05 AM

   

   here is code

   #!/home/ubuntu/.rvm/rubies/ruby-1.9.3-p392/bin/ruby

   encoding: utf-8

   class Scan
   require 'rubygems' require 'net/smtp' require 'json' require 'arachni' require 'arachni/ui/cli/output'

   def launch(url,target) # shut the system up Arachni::UI::Output.mute

      # get an instance of the options class
      opts = Arachni::Options.instance
   
      # this is the seed URL
      opts.url = "#{target}"
      opts.audit_forms = true
      opts.audit_links = true
      opts.audit_cookies = true
      opts.only_positives = true
      opts.auto_redundant = 2
      opts.spawns=5
      opts.exclude = ['/cgi-bin/']
      opts.http_req_limit = 0.5
      # opts.modules=*,['webdav'],['allowed_methods'],['interesting_responses'],['insecure_cookies'],['html_objects'],['emails'],['form_upload'],['http_only_cookies'],['captcha'],['backdoors'],['backup_files']
      opts.authed_by = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22"
      opts.plugins['autologin']= {
       'url' => 'http://testfire.net/bank/login.aspx',
       'params' => 'uid=jsmith&passw=Demo1234',
       'check' =>'Sign Off|MY ACCOUNT'
     }
     opts.exclude << 'logout.aspx'
      # configure the json and stdout reports
      opts.reports = {
        'json' => {
         'outfile' => 'testfire.json'
       }
     }
   
      # instantiate the framework
      framework = Arachni::Framework.new( opts )
   
      # load all modules
      framework.modules.load( ['*'] )
   
      # load default plugins
      framework.plugins.load_defaults
   
      # load the configured reports
      framework.reports.load( opts.reports.keys )
   
        # put the scan operation in its own thread
        # so that we can do stuff while it's running -- like show progress data..
        scan = Thread.new {
          framework.run {
              # this block will be run right after the scan has finished and
              # before the reports are run
   
              # because we selected the stdout report we have to unmute the output
              Arachni::UI::Output.unmute
            }
          }
   
      # the scan is finished, wait for the thread to return cleanly
      scan.join
   

   end end # End of class

   url = "testfire.net"
   target = "http://&quot; + url

   n = Scan.new n.launch(url,target)

   From the above code i have doubt whether autologin is working or not?

   • Edit

3. Support Staff 3 Posted by Tasos Laskos on 02 Jul, 2014 12:40 PM

   

   You haven't actually loaded the autologin plugin, just provided options for it.
   You'll need to load it with:

        framework.plugins.load ['autologin']

   Cheers

   • Edit

4. 4 Posted by Ramakrishna on 03 Jul, 2014 06:24 AM

   

   Thanks a lot it is working .

   • Edit

5. Tasos Laskos closed this discussion on 03 Jul, 2014 01:36 PM.