Having trouble to login to test the "inside" of my website
Hi!
To begin with, I have to say that I really don't have a lot of experience with that kind of stuff
I am currently trying to use your awesome tool on my website to find out problems and correct them. I did a successful scan which only involved my login page and some other pages around. Then, reading your docs, I found that I could an autologin plugin, which I am struggling to use...
Here is the command I am trying to use : .\arachni.bat http://ra:1337 --scope-auto-redundant=5 --plugin=autologin:url=http://ra:1337/Login,parameters="Email=[email blocked]&Password=12345",check="Changer de mot de passe"
This page is the http://ra:1337/Login page
<form id="loginForm" class="form-horizontal" method="POST" action="/Login/LogUser">
<div class="form-group">
<label id="lblEmail" class="control-label" for="txtEmail">Courriel</label>
<div>
<input class="form-control input-width-sm" data-bind="value: $root.loginEmail" id="txtEmail" maxlength="254" name="Email" style="display: inline" type="text" value="">
</div>
</div>
<div>
<label class="control-label" for="txtPassword">Mot de passe</label>
<div data-bind="validationOptions: { messageTemplate: 'messageTemplatePassword' }">
<input class="form-control input-width-sm" data-bind="value: $root.loginPassword" id="txtPassword" name="Password" style="display: inline" type="password">
</div>
</div>
<div class="form-group">
<div>
<button data-bind="click: $root.logUser" id="btnLogin" class="btn btn-default btn-sm"><i class="fa fa-cog"></i> Connexion</button>
</div>
</div>
</form>
When I enter the command, this is the answer I get :
> .\arachni.bat http://ra:1337 --scope-auto-redundant=5 --plugin=autologin:url=http://ra:1337/Login,parameters="Email=[email blocked]&Password=12345",check="Changer de mot de passe"
Arachni - Web Application Security Scanner Framework v2.0dev
Author: Tasos "Zapotek" Laskos <[email blocked]>
(With the support of the community and the Arachni Team.)
Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki
[~] No checks were specified, loading all.
[~] No element audit options were specified, will audit links, forms, cookies, nested_cookies, UI inputs, UI forms, JSONs and XMLs.
[*] Initializing...
[*] Preparing plugins...
[-] [ui/cli/framework#run:120] Invalid options for component: autologin
* Missing value: check => '<empty>'
* Expected type: string
'Password' is not recognized as an intern or extern command, executable program or command file.
As I said, I really don't know much about this stuff, but any help would be very appreciated.
Thank you,
Frederick H
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Frederick on 10 Aug, 2017 03:58 PM
Oh, sorry, I think this should have been posted in "Questions"... Saw the category too late...
2 Posted by Frederick on 10 Aug, 2017 06:03 PM
Note to self : DON'T USE POWERSHELL
Frederick closed this discussion on 10 Aug, 2017 06:03 PM.