Autologin does not work
Hello group,
When scanning a bootstrap application, I receive this error
"-------------------------------------------------------------------------------- [2018-01-29 11:40:23 -0500] [Arachni::Session::Error::FormNotVisible] Login form is not visible in the DOM."
Although there isn't a direct URI for the login page which seems to be an autohidden form within the main page, I was able to successfully scan the web application with Nessus' web app scan policy by using the main/landing page as the login URI
- arachni.log 19.9 KB
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by bWF0dC50b3JiaW4... on 06 Feb, 2018 06:53 PM
George, I just found this in the docs (http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...):
"For example, if the login form is by default hidden and requires a sequence of UI interactions in order to become visible, this plugin will not be able to submit it."
2 Posted by bWF0dC50b3JiaW4... on 09 Feb, 2018 08:35 PM
George, I would also like to mention that you can combine the autologin plugin with the session check at the bottom of the UI configuration (or from the command line if that's the way you're scanning).
Reading through the source code of the plugin (/opt/arachni/components/plugins/autologin.rb), you'll see around line 56 that the session check supersedes anything that you've passed in through the plugin:
Hopefully that helps.
3 Posted by George Gonzo on 11 Feb, 2018 05:05 PM
@bWF0dC50b3JiaW4K, thank you, it is helpful.
Tasos Laskos closed this discussion on 04 May, 2018 09:08 AM.