Redirect after authentication not followed
Hi,
Using the login_plugin, arachni does not follow the location coming from the 302 redirect. An error occured in Selenium
[2017-03-23 20:02:15 -0400 - 0.0] [!!] [browser/javascript#wait_till_ready:161] Waiting for custom JS...
[-] [utilities#exception_jail:428] Session: [Selenium::WebDriver::Error::WebDriverError] unexpected response, code=404, content-type="text/plain"
Error - Unable to load Atom 'execute_script' from file ':/ghostdriver/./third_party/webdriver-atoms/execute_script.js'
[-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/common.rb:88:in `create_response'
[-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/default.rb:86:in `request'
I am using webgoat (https://github.com/WebGoat/WebGoat/wiki/Running-WebGoat) as target system
arachni http://192.168.1.25:8080/ --plugin=login_script:script=/root/goat-login --scope-include-subdomains --check=xss --output-debug 4
Regards
Thierry
- arachni-redirect.txt 21.2 KB
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 24 Mar, 2017 08:15 AM
Can you please show me the login script and also retry using the official packages?
2 Posted by Thierry Beauqui... on 24 Mar, 2017 10:49 AM
Hi,
I have attached the login script and I will try with the latest version of arachni and let you know
Thanks
Thierry
3 Posted by Thierry Beauqui... on 24 Mar, 2017 10:59 AM
Hi again,
Great, It worked! The login check failed but it should be easy to fix
Thanks
Thierry
Support Staff 4 Posted by Tasos Laskos on 24 Mar, 2017 12:41 PM
This script should work:
Tasos Laskos closed this discussion on 24 Mar, 2017 12:41 PM.