Auto login plugin doesn't fill <select> tag

Edit

Holger

18 Nov, 2014 01:38 PM

Hi guys,
I tried to set up the auto login plugin without success. Tha problem seems to be a select tag within the login mask.

i wrote a test html case with a form that contains such a tag with a lot of items and configured the auto plugin to change the selected item.

 [!] Session: Found login form: form:post:http://192.168.56.101:8080/:[["Login", ""], ["form_Employee", "GB"], ["form_Password", ""], ["form_UID", ""]]
 [!] Session: Updated form inputs: {"form_UID"=>"userNAME", "form_Password"=>"changeMe", "form_Employee"=>"AY", "Login"=>""}
 [!] Session: Submitting form.
 [!] Browser: fire_event: submit ({:inputs=>{"form_UID"=>"userNAME", "form_Password"=>"changeMe", "form_Employee"=>"AY", "Login"=>""}}) <form action="http://192.168.56.101:8080" method="post">
 [!] Client: ------------
 [!] Client: Queued request.
 [!] Client: ID#: 1
 [!] Client: Performer:
 [!] Client: URL: http://192.168.56.101:8080/
 [!] Client: Method: post
 [!] Client: Params: {}
 [!] Client: Body: form_Employee=GB&form_UID=userNAME&form_Password=changeMe

As you can see the default value for form_Employee is GB. The browser logs that the form_Employee is changed to => "AY" but in fact on the last line the request body shows, that form_Employee contains the old default value, which is "GB".

Support Staff 1 Posted by Tasos Laskos on 18 Nov, 2014 02:33 PM
Hey Holger,

I think I know what's wrong and I'm looking into this right now.
In the meantime, consider using the login_script plugin via the HTTP request method as in the example in its description:
```
http.post( 'http://testfire.net/bank/login.aspx',
    parameters:     {
        'uid'   => 'jsmith',
        'passw' => 'Demo1234'
    },
    mode:           :sync,
    update_cookies: true
)
```
Cheers
- Edit
Support Staff 2 Posted by Tasos Laskos on 18 Nov, 2014 02:43 PM

I just updated the relevant KB article to include the new login_script plugin: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...
- Edit
3 Posted by Holger on 18 Nov, 2014 03:44 PM

Thanks a lot :)
- Edit
Support Staff 4 Posted by Tasos Laskos on 19 Nov, 2014 01:23 AM

No problem. Nightlies are up and include the fix, please test it and let me know.

Cheers
- Edit
5 Posted by Holger on 19 Nov, 2014 04:40 PM

Yep,

that fix did it. Could successfully login :)
- Edit

6 Posted by Holger on 19 Nov, 2014 04:47 PM

Now i am getting during the scan. Doesn't seems to be critical but it is also relateted to select tags and watir

[2014-11-19 17:40:35 +0100] [Watir::Exception::NoValueFoundException] "GB<some_dangerous_input_7fc8da557d634ca985afec44a7d4d59e/>" not found in select list
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:218:in `no_value_found'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:152:in `rescue in select_by_string'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:149:in `select_by_string'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:131:in `select_by'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/elements/select.rb:78:in `select_value'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:913:in `block in fill_in_form_inputs'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/element_collection.rb:29:in `each'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/gems/watir-webdriver-0.6.9/lib/watir-webdriver/element_collection.rb:29:in `each'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:908:in `fill_in_form_inputs'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:621:in `block in fire_event'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/page/dom/transition.rb:151:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/page/dom/transition.rb:151:in `start'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/page/dom/transition.rb:106:in `initialize'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:617:in `new'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:617:in `fire_event'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/element/form/dom.rb:27:in `trigger'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/element/capabilities/auditable/dom.rb:90:in `block in submit'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/jobs/browser_provider.rb:20:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/jobs/browser_provider.rb:20:in `run'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/job.rb:88:in `configure_and_run'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:92:in `block (2 levels) in run_job'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:90:in `block in run_job'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:948:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:948:in `block in with_timeout'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:91:in `block in timeout'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `block in catch'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `catch'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `catch'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:106:in `timeout'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:947:in `with_timeout'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:89:in `run_job'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:229:in `block (3 levels) in start'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:229:in `block (2 levels) in start'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:227:in `block in start'
[2014-11-19 17:40:35 +0100] 
[2014-11-19 17:40:35 +0100] Parent:
[2014-11-19 17:40:35 +0100] Arachni::BrowserCluster::Worker
[2014-11-19 17:40:35 +0100] 
[2014-11-19 17:40:35 +0100] Block:
[2014-11-19 17:40:35 +0100] #<Proc:0x000000053d6e90@/home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:90>
[2014-11-19 17:40:35 +0100] 
[2014-11-19 17:40:35 +0100] Caller:
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:90:in `block in run_job'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:948:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:948:in `block in with_timeout'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:91:in `block in timeout'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `block in catch'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `catch'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:35:in `catch'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.1.0/timeout.rb:106:in `timeout'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser.rb:947:in `with_timeout'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:89:in `run_job'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:229:in `block (3 levels) in start'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:229:in `block (2 levels) in start'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `call'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/utilities.rb:395:in `exception_jail'
[2014-11-19 17:40:35 +0100] /home/holger/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-95b4b39fa91c/lib/arachni/browser_cluster/worker.rb:227:in `block in start'
[2014-11-19 17:40:35 +0100] --------------------------------------------------------------------------------

Edit

Support Staff 7 Posted by Tasos Laskos on 19 Nov, 2014 05:02 PM

Yeah that sounds about right, it's not critical at all, doesn't even affect the scan. I think I better downgrade this to a debugging message rather than an error one. :)

Thanks fore the feedback.

Cheers
- Edit
Tasos Laskos closed this discussion on 19 Nov, 2014 05:02 PM.

Comments are currently closed for this discussion. You can start a new one.

New Issue
Conversation Started
The discussion is closed

No more actions from Arachni or the discussion starter are required.
Re-open the discussion Re-open the discussion

Private Permissions

This discussion is private. Only you and Arachni support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Comments Feed

Keyboard shortcuts

Generic

?	Show this help
ESC	Blurs the current field

Comment Form

r	Focus the comment reply box
^ + ↩	Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

	14 Apr, 2025 04:47 PM	REMOTE ACCESS
	29 Jul, 2024 06:44 AM	Dear arachni-scanner.com Owner.
	15 Feb, 2024 09:48 AM	Arachni download
	12 Jan, 2024 12:01 AM	We're sorry, but something went wrong.
	19 Oct, 2023 06:03 PM	Error - Not able Scan /ruby/lib/ruby/gems/2.7.0/gems/arachni-1.6.1.3/lib/arachni/rpc/server/framework.rb:156:in `block in run'

Recent Articles

	Logging in and maintaining a valid session
	Optimizing for faster scans
	Service scanning
	Software as a Service (Saas)

Arachni Support

Auto login plugin doesn't fill <select> tag

Holger

New Issue

Conversation Started

The discussion is closed

Re-open the discussion Re-open the discussion