autologin issue or webserver behaviour not support ?

sebastien.aucouturier's Avatar

sebastien.aucouturier

29 May, 2017 11:58 AM

Hi Tasos,
i am trying to use autologin to fill a web authentication form, but i got a bad behaviour.

The website is pretty simple, it is the python flask example :
https://pythonspot.com/en/login-authentication-with-flask/

when i run arachni on it with the command Line:
arachni-1.5.1-0.5.12/bin/arachni http://192.168.0.21:4000 --plugin=autologin:url=http://192.168.0.21:4000,parameters="username=admin&passwo..." --scope-exclude-pattern=logout --output-debug=2

from what i understand,
the check do not match because the page retrieve after authentication is not correct ,
i see the Post of credential done,
but arachni, (to check the page) do a get on /login and webserver return the 405 page fault. (only post allow)

Does this mean the only way to get it work is to use login_script ?

Logs:

 [*] Initializing...
 [*] Preparing plugins...
 [*] AutoLogin: Logging in, please wait.
 [2017-05-29 11:28:17 +0000 - 0.0] [!!] [browser#start_webdriver:1336] Browser: Starting WebDriver...
 [2017-05-29 11:28:17 +0000 - 0.0] [!] [browser#spawn_phantomjs:1227] Browser: Spawning PhantomJS...
 [2017-05-29 11:28:17 +0000 - 0.0] [!] [browser#start_proxy:1318] Browser: Booting up...
 [2017-05-29 11:28:17 +0000 - 0.0] [!!] [browser#start_proxy:1320] Browser: Starting proxy...
 [2017-05-29 11:28:17 +0000 - 0.0] [!!] [http/proxy_server#start_async:61] ProxyServer: Starting...
 [2017-05-29 11:28:17 +0000 - 0.1] [!!] [http/proxy_server#start_async:78] ProxyServer: ...started at: http://127.0.0.1:44232
 [2017-05-29 11:28:17 +0000 - 0.1] [!!] [browser#start_proxy:1332] Browser: ... started proxy at: http://127.0.0.1:44232
 [2017-05-29 11:28:17 +0000 - 0.0] [!!] [browser#spawn_phantomjs:1242] Browser: Attempt #0, chose port number 4558
 [2017-05-29 11:28:17 +0000 - 0.0] [!!] [browser#spawn_phantomjs:1246] Browser: Spawning process: /root/arachni-1.5.1-0.5.12/bin/../system/usr/bin/phantomjs
 [2017-05-29 11:28:17 +0000 - 0.0] [!!] [browser#spawn_phantomjs:1267] Browser: Process spawned, waiting for WebDriver server...
 [2017-05-29 11:28:18 +0000 - 1.0] [!!] [browser#spawn_phantomjs:1281] Browser: ...WebDriver server is up.
 [2017-05-29 11:28:18 +0000 - 0.0] [!!] [browser#spawn_phantomjs:1289] Browser: 14458: Started
PID: 14461
[INFO  - 2017-05-29T11:28:18.745Z] GhostDriver - Main - running on port 4558

 [2017-05-29 11:28:18 +0000 - 1.1] [!] [browser#spawn_phantomjs:1293] Browser: PhantomJS is ready.
 [2017-05-29 11:28:18 +0000 - 0.0] [!!] [browser#start_webdriver:1338] Browser: ... started WebDriver at: http://127.0.0.1:4558
 [2017-05-29 11:28:18 +0000 - 0.0] [!] [browser#start_webdriver:1340] Browser: ...boot-up completed.
 [2017-05-29 11:28:18 +0000 - 0.0] [!] [session#login_from_configuration:326] Session: Logging in via configuration.
 [2017-05-29 11:28:18 +0000 - 0.0] [!] [session#login_from_configuration:329] Session: Logging in using browser.
 [2017-05-29 11:28:18 +0000 - 0.0] [!] [session#login_from_configuration:334] Session: Grabbing page at: http://192.168.0.21:4000
 [2017-05-29 11:28:18 +0000 - 0.0] [!!] [browser#goto:333] Browser: Loading http://192.168.0.21:4000 ...
 [2017-05-29 11:28:18 +0000 - 0.0] [!!] [browser#request_handler:1535] Browser: Request: http://192.168.0.21:4000/
 [2017-05-29 11:28:18 +0000 - 0.0] [!!] [browser#ignore_request?:1654] Browser: Checking: http://192.168.0.21:4000/
 [2017-05-29 11:28:18 +0000 - 0.0] [!!] [browser#ignore_request?:1657] Browser: Allow: Scope enforcement disabled.
 [2017-05-29 11:28:18 +0000 - 0.0] [!!] [browser#request_handler:1577] Browser: Request can proceed to origin.
 [2017-05-29 11:28:19 +0000 - 0.4] [!!] [browser#response_handler:1607] Browser: Got response: http://192.168.0.21:4000/
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#response_handler:1624] Browser: Injected custom JS.
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#whitelist_asset_domains:1718] Browser: browser.arachni from http://javascript.browser.arachni/polyfills.js based on src\s*=\s*['"]?(.*?)?['"]?[\s>]
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#whitelist_asset_domains:1718] Browser: browser.arachni from http://javascript.browser.arachni/taint_tracer.js based on src\s*=\s*['"]?(.*?)?['"]?[\s>]
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#whitelist_asset_domains:1718] Browser: browser.arachni from http://javascript.browser.arachni/dom_monitor.js based on src\s*=\s*['"]?(.*?)?['"]?[\s>]
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#response_handler:1648] Browser: Stored.
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#request_handler:1535] Browser: Request: http://javascript.browser.arachni/polyfills.js
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#request_handler:1548] Browser: Serving local JS.
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#response_handler:1607] Browser: Got response: http://javascript.browser.arachni/polyfills.js
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#response_handler:1630] Browser: Asset detected, will not store.
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#request_handler:1535] Browser: Request: http://javascript.browser.arachni/taint_tracer.js
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#request_handler:1548] Browser: Serving local JS.
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#request_handler:1535] Browser: Request: http://javascript.browser.arachni/dom_monitor.js
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#request_handler:1548] Browser: Serving local JS.
 [2017-05-29 11:28:19 +0000 - 0.1] [!!] [browser#response_handler:1607] Browser: Got response: http://javascript.browser.arachni/taint_tracer.js
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#response_handler:1630] Browser: Asset detected, will not store.
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#response_handler:1607] Browser: Got response: http://javascript.browser.arachni/dom_monitor.js
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser#response_handler:1630] Browser: Asset detected, will not store.
 [2017-05-29 11:28:19 +0000 - 0.1] [!!] [browser#goto:335] Browser: ...done.
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser/javascript#wait_till_ready:161] Waiting for custom JS...
 [2017-05-29 11:28:19 +0000 - 0.0] [!!] [browser/javascript#wait_till_ready:178] ...done.
 [2017-05-29 11:28:20 +0000 - 1.2] [!] [session#login_from_configuration:344] Session: Got page with URL http://192.168.0.21:4000/
 [2017-05-29 11:28:20 +0000 - 0.0] [!] [session#login_from_configuration:360] Session: Found login form: form:post:http://192.168.0.21:4000/login:721727977453286610:2139184466200954354
 [2017-05-29 11:28:20 +0000 - 0.0] [!] [session#login_from_configuration:377] Session: Updated form inputs: {"username"=>"admin", "password"=>"password"}
 [2017-05-29 11:28:20 +0000 - 0.0] [!] [session#login_from_configuration:381] Session: Submitting form.
 [2017-05-29 11:28:20 +0000 - 1.3] [!] [page/dom#restore:145] Browser: Only have a URL load transition: http://192.168.0.21:4000
 [2017-05-29 11:28:20 +0000 - 0.7] [!!] [browser#goto:333] Browser: Loading http://192.168.0.21:4000 ...
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#request_handler:1535] Browser: Request: http://192.168.0.21:4000/
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#ignore_request?:1654] Browser: Checking: http://192.168.0.21:4000/
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#ignore_request?:1657] Browser: Allow: Scope enforcement disabled.
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#request_handler:1577] Browser: Request can proceed to origin.
 [2017-05-29 11:28:20 +0000 - 0.1] [!!] [browser#response_handler:1607] Browser: Got response: http://192.168.0.21:4000/
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#response_handler:1624] Browser: Injected custom JS.
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#response_handler:1648] Browser: Stored.
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#request_handler:1535] Browser: Request: http://javascript.browser.arachni/taint_tracer.js
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#request_handler:1548] Browser: Serving local JS.
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#request_handler:1535] Browser: Request: http://javascript.browser.arachni/polyfills.js
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#request_handler:1548] Browser: Serving local JS.
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#request_handler:1535] Browser: Request: http://javascript.browser.arachni/dom_monitor.js
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#request_handler:1548] Browser: Serving local JS.
 [2017-05-29 11:28:20 +0000 - 0.1] [!!] [browser#response_handler:1607] Browser: Got response: http://javascript.browser.arachni/taint_tracer.js
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#response_handler:1630] Browser: Asset detected, will not store.
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#response_handler:1607] Browser: Got response: http://javascript.browser.arachni/polyfills.js
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#response_handler:1630] Browser: Asset detected, will not store.
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#response_handler:1607] Browser: Got response: http://javascript.browser.arachni/dom_monitor.js
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser#response_handler:1630] Browser: Asset detected, will not store.
 [2017-05-29 11:28:20 +0000 - 0.1] [!!] [browser#goto:335] Browser: ...done.
 [2017-05-29 11:28:20 +0000 - 0.9] [!!] [browser/javascript#wait_till_ready:161] Waiting for custom JS...
 [2017-05-29 11:28:20 +0000 - 0.0] [!!] [browser/javascript#wait_till_ready:178] ...done.
 [2017-05-29 11:28:20 +0000 - 0.5] [!!] [browser#fire_event:609] Browser: [start]: submit ({:inputs=>{"username"=>"admin", "password"=>"password"}}) <form action="/login" method="POST">
 [2017-05-29 11:28:21 +0000 - 0.4] [!!] [browser#fill_in_form_inputs:1145] Browser: Could not fill in form input '' because: {"errorMessage":"Element must be user-editable in order to clear it.","request":{"headers":{"Accept":"application/json","Accept-Encoding":"gzip;q=1.0,deflate;q=0.6,identity;q=0.3","Connection":"close","Content-Length":"2","Content-Type":"application/x-www-form-urlencoded","Host":"127.0.0.1:4558","User-Agent":"Ruby"},"httpVersion":"1.1","method":"POST","post":"{}","postRaw":"{}","url":"/clear","urlParsed":{"anchor":"","query":"","file":"clear","directory":"/","path":"/clear","relative":"/clear","port":"","host":"","password":"","user":"","userInfo":"","authority":"","protocol":"","source":"/clear","queryKey":{},"chunks":["clear"]},"urlOriginal":"/session/ea11efd0-4461-11e7-a304-012fb6ae8e5d/element/:wdc:1496057300884/clear"}} (org.openqa.selenium.InvalidElementStateException) [Selenium::WebDriver::Error::InvalidElementStateError
 [2017-05-29 11:28:21 +0000 - 0.4] [!!] [browser#request_handler:1535] Browser: Request: http://192.168.0.21:4000/login
 [2017-05-29 11:28:21 +0000 - 0.0] [!!] [browser#ignore_request?:1654] Browser: Checking: http://192.168.0.21:4000/login
 [2017-05-29 11:28:21 +0000 - 0.0] [!!] [browser#ignore_request?:1657] Browser: Allow: Scope enforcement disabled.
 [2017-05-29 11:28:21 +0000 - 0.0] [!!] [browser#request_handler:1577] Browser: Request can proceed to origin.
 [2017-05-29 11:28:21 +0000 - 0.1] [!!] [browser#response_handler:1607] Browser: Got response: http://192.168.0.21:4000/login
 [2017-05-29 11:28:21 +0000 - 0.0] [!] [browser/javascript#html?:422] Does not look like HTML: http://192.168.0.21:4000/login
 [2017-05-29 11:28:21 +0000 - 0.0] [!] [browser/javascript#html?:423]
Hello Boss!  <a href='/logout'>Logout</a>
 [2017-05-29 11:28:21 +0000 - 0.0] [!!] [browser#response_handler:1624] Browser: Injected custom JS.
 [2017-05-29 11:28:21 +0000 - 0.0] [!!] [browser#response_handler:1648] Browser: Stored.
 [2017-05-29 11:28:21 +0000 - 0.1] [!!] [browser#fire_event:668] Browser: [waiting for requests]: submit ({:inputs=>{"username"=>"admin", "password"=>"password"}}) <form action="/login" method="POST">
 [2017-05-29 11:28:22 +0000 - 0.2] [!!] [browser#fire_event:670] Browser: [done waiting for requests]: submit ({:inputs=>{"username"=>"admin", "password"=>"password"}}) <form action="/login" method="POST">
 [2017-05-29 11:28:22 +0000 - 1.6] [!!] [browser/javascript#wait_till_ready:161] Waiting for custom JS...
 [2017-05-29 11:28:22 +0000 - 0.0] [!!] [browser/javascript#wait_till_ready:164] ...unsupported.
 [2017-05-29 11:28:22 +0000 - 0.0] [!!] [browser#fire_event:680] Browser: [done in 1.171826371s]: submit ({:inputs=>{"username"=>"admin", "password"=>"password"}}) <form action="/login" method="POST">
 [2017-05-29 11:28:22 +0000 - 2.2] [!] [session#login_from_configuration:402] Session: Form submitted.
 [2017-05-29 11:28:22 +0000 - 2.2] [!] [browser#shutdown:378] Browser: Shutting down...
 [2017-05-29 11:28:22 +0000 - 0.1] [!!] [browser#shutdown:380] Browser: Killing process.
 [2017-05-29 11:28:22 +0000 - 0.0] [!!] [browser#shutdown:389] Browser: Shutting down proxy...
 [2017-05-29 11:28:22 +0000 - 4.5] [!!] [http/proxy_server#shutdown:95] ProxyServer: Shutting down...
 [2017-05-29 11:28:22 +0000 - 0.0] [!!] [http/proxy_server#shutdown:102] ProxyServer: ...shutdown.
 [2017-05-29 11:28:22 +0000 - 0.0] [!!] [browser#shutdown:391] Browser: ...done.
 [2017-05-29 11:28:22 +0000 - 0.0] [!] [browser#shutdown:401] Browser: ...shutdown complete.
 [*] AutoLogin: Form submitted successfully, checking the session's validity.
 [2017-05-29 11:28:22 +0000 - 0.0] [!] [session#logged_in?:285] Session: Performing login check.
 [2017-05-29 11:28:22 +0000 - 0.0] [!] [session#logged_in?:291] Session: Login check done: false
 [2017-05-29 11:28:22 +0000 - 0.0] [!] [session#logged_in?:294] Session:
GET /login HTTP/1.1
Host: 192.168.0.21:4000
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.5.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.8,he;q=0.6
X-Arachni-Scan-Seed: f106cfbcffbc95df964d54dc826afa08
Cookie: session=eyJsb2dnZWRfaW4iOnRydWV9.DA2bog.rhK4P3P4Z6NtwIi3e4e-KF85c_U

HTTP/1.0 405 METHOD NOT ALLOWED
Content-Type: text/html
Allow: POST, OPTIONS
Content-Length: 178
Set-Cookie: session=eyJsb2dnZWRfaW4iOnRydWV9.DA2bow.8m-qzcMsCkZynhy1EXmqwZf_3HY; HttpOnly; Path=/
Server: Werkzeug/0.11.4 Python/2.7.11
Date: Mon, 29 May 2017 11:46:43 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<p>The method is not allowed for the requested URL.</p>

 [-] [components/plugins/autologin#handle_error:84] AutoLogin: The response did not match the verifier.
 [~] AutoLogin: Aborting the scan.
 [*] ... done.
 [2017-05-29 11:28:22 +0000 - 0.0] [!] [plugin/manager#block:164]
 [2017-05-29 11:28:22 +0000 - 0.0] [!] [plugin/manager#block:165] Waiting on 6 plugins to finish:
 [2017-05-29 11:28:22 +0000 - 0.0] [!] [plugin/manager#block:166] autologin, autothrottle, healthmap, uniformity, timing_attacks, discovery
 [2017-05-29 11:28:22 +0000 - 0.0] [!] [plugin/manager#block:167]
  1. Support Staff 1 Posted by Tasos Laskos on 31 May, 2017 02:49 PM

    Tasos Laskos's Avatar

    You either need to use a login script and set a more advanced login check that uses a POST request or keep using the autologin plugin but set a session check URL and check to a page that accepts a GET request.

  2. 2 Posted by sebastien.aucou... on 01 Jun, 2017 05:54 AM

    sebastien.aucouturier's Avatar

    Damn, i completely missed the --session-check-url, --session-check-pattern options, i will do a try.
    Thanks a lot Tasos.

  3. 3 Posted by sebastien.aucou... on 01 Jun, 2017 07:47 AM

    sebastien.aucouturier's Avatar

    OK tasos, on the flask website it works fine, thanks a lot,
    i try another website, and got a behaviour i do not understand

    i works fine when use --autologin --scope-exclude-pattern
    authenticaction is ok

    when i add the --session-check-url , --session-check-pattern using the same parameters as the autologin, authentication failed , what is my missunderstood ?

    ex :
    OK:

    plugin=autologin:url=http://192.168.0.21,parameters="user=admin&pwd=amin",check=authentified --scope-exclude-pattern=logout
    

    NOK:

    plugin=autologin:url=http://192.168.0.21,parameters="user=admin&pwd=amin",check=authentified --scope-exclude-pattern=logout   --session-check-url=http://192.168.0.21 --session-check-pattern=authentified
    
  4. Support Staff 4 Posted by Tasos Laskos on 01 Jun, 2017 02:31 PM

    Tasos Laskos's Avatar

    Does the homepage actually include the word authenticated? Maybe you're hitting a redirect?

  5. 5 Posted by sebastien.aucou... on 05 Jun, 2017 07:08 AM

    sebastien.aucouturier's Avatar

    yes i hit a redirect :-( and change the check page and it looks fine.
    Many thanks for help
    you can close the ticket.

  6. Tasos Laskos closed this discussion on 05 Jun, 2017 09:15 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac