autologin plugin and user-editable content
Hey,
I've downloaded Damn-Vulnerable-Application to test my Arachni
runs and I came across interesting detail. The autologin plugin
seems to fail to login into the application.
It's nothing fancy, two simple fields. They are found. But the
plugin gets upset with the error message:
Browser: Could not fill in form input 'Login' because: Error
Message => 'Element must be user-editable in order to clear
it.'
my running of the arachni looks like this:
./arachni http://myip/DVWA-1.9/index.php
--plugin=autologin:url=http://myip/DVWA1.9/login.php,parameters="username=admin&password=password",check="Home|Logout"
--checks=-active/* --output-debug=3
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 15 Jul, 2016 06:31 AM
That shouldn't be a problem, non editable inputs like hidden fields should be ignored.
Can you please show me the entire output?
2 Posted by bewell on 15 Jul, 2016 06:53 AM
Sure, I'm attaching the log.
3 Posted by bewell on 18 Jul, 2016 12:30 PM
Found the problem. Tell me if I'm wrong:
Can the autologin plugin take the last url where redirect sends it to?
Support Staff 4 Posted by Tasos Laskos on 18 Jul, 2016 01:27 PM
In these cases it's better to explicitly set the check URL via the
--session-check-url
option, you'll also need to set the--session-check-check
one as well.Tasos Laskos closed this discussion on 03 Aug, 2016 02:20 PM.