Redirect after authentication not followed

Thierry Beauquier's Avatar

Thierry Beauquier

24 Mar, 2017 04:07 AM

Hi,

Using the login_plugin, arachni does not follow the location coming from the 302 redirect. An error occured in Selenium

[2017-03-23 20:02:15 -0400 - 0.0] [!!] [browser/javascript#wait_till_ready:161] Waiting for custom JS...
 [-] [utilities#exception_jail:428] Session: [Selenium::WebDriver::Error::WebDriverError] unexpected response, code=404, content-type="text/plain"
Error - Unable to load Atom 'execute_script' from file ':/ghostdriver/./third_party/webdriver-atoms/execute_script.js'
 [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/common.rb:88:in `create_response'
 [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/default.rb:86:in `request'

I am using webgoat (https://github.com/WebGoat/WebGoat/wiki/Running-WebGoat) as target system

arachni http://192.168.1.25:8080/ --plugin=login_script:script=/root/goat-login --scope-include-subdomains --check=xss --output-debug 4

Regards
Thierry

  1. Support Staff 1 Posted by Tasos Laskos on 24 Mar, 2017 08:15 AM

    Tasos Laskos's Avatar

    Can you please show me the login script and also retry using the official packages?

  2. 2 Posted by Thierry Beauqui... on 24 Mar, 2017 10:49 AM

    Thierry Beauquier's Avatar

    Hi,

    I have attached the login script and I will try with the latest version of arachni and let you know

    Thanks
    Thierry

  3. 3 Posted by Thierry Beauqui... on 24 Mar, 2017 10:59 AM

    Thierry Beauquier's Avatar

    Hi again,

    Great, It worked! The login check failed but it should be easy to fix

    Thanks
    Thierry

  4. Support Staff 4 Posted by Tasos Laskos on 24 Mar, 2017 12:41 PM

    Tasos Laskos's Avatar

    This script should work:

    browser.goto 'http://host/WebGoat/login.mvc'
    
    form = browser.form
    form.text_field( name: 'username' ).set 'webgoat'
    form.text_field( name: 'password' ).set 'webgoat'
    
    form.submit
    
    framework.options.session.check_url     = 'http://host/WebGoat/start.mvc'
    framework.options.session.check_pattern = /Logout/
    
  5. Tasos Laskos closed this discussion on 24 Mar, 2017 12:41 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac