arachni scan send multiple similar requests

vamsibkrishna's Avatar

vamsibkrishna

28 Mar, 2017 09:13 AM

Hi All,

I am running a command line scan on demo.testfire.net applicaiton. The scan used to complete quickly(~ 25-30mins) earlier. But now, its taking long time and i see that there are multiple packets sent and by looking at the console, they seem to be similar. Below are few lines. What could be the problem. I am using arachni-1.4-0.5.10-windows-x86_64.

Below are few logs:

 Client: Request queue reached its maximum size, performing an emergency run.
 OS command injection: Analyzing response #10431 for form input 'passw' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10430 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10432 for form input 'btnSubmit' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10433 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10434 for form input 'passw' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10436 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10435 for form input 'btnSubmit' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10437 for form input 'passw' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10438 for form input 'btnSubmit' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10439 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10440 for form input 'passw' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10441 for form input 'btnSubmit' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10442 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10444 for form input 'btnSubmit' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10443 for form input 'passw' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10445 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10446 for form input 'passw' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10447 for form input 'btnSubmit' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10449 for form input 'passw' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10448 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10450 for form input 'btnSubmit' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10452 for form input 'passw' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10451 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
 OS command injection: Analyzing response #10454 for form input 'uid' pointing to: 'http://demo.testfire.net/bank/login.aspx'
  1. Support Staff 1 Posted by Tasos Laskos on 28 Mar, 2017 09:50 AM

    Tasos Laskos's Avatar

    The requests aren't similar, each will have a different payload.
    As for the scan duration, I'm not aware of any issues in Arachni with that site so it must be networking problem.

    Also, I suggest that you try with the latest version.

  2. 2 Posted by vamsibkrishna on 30 Mar, 2017 10:20 AM

    vamsibkrishna's Avatar

    Hi Laskos,

    Thanks for the response. Apologies for late response. I will be running the scan outside my office network and will check to see if there is any networking issue. Meanwhile, below are some of the requests that are repeatedly sent.

    Path Traversal: Analyzing response #33504 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33505 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33506 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33507 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33508 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33509 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33510 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33511 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33512 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33513 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33514 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33515 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33516 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33517 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33518 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33519 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33520 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33521 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33522 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33523 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33524 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33525 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33526 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'
    Path Traversal: Analyzing response #33527 for cookie input 'amSessionId' pointing to: 'http://demo.testfire.net/cgi.exe'

  3. Support Staff 3 Posted by Tasos Laskos on 30 Mar, 2017 10:46 AM

    Tasos Laskos's Avatar

    Like I said before, they are not identical, each request used a different payload.

  4. Tasos Laskos closed this discussion on 12 May, 2017 12:43 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac