Not able to perform authenticated scan
I am trying to perform an authenticated scan . I tried both the autologin and the proxy plugin.
However while I was using autologin plugin , I am getting the error as the Form was loaded but DOM element is not visible.
When I am trying using proxy the scan pauses automatically. I tried recording the scan on control panel but there is no such options to record login steps.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by Gordon on 20 Mar, 2018 08:26 PM
Hello Kunal,
Let me help you a little bit over here. This is how you use the proxy plugin from CLI
1. Don't forget to pass this parameter in command line
--plugin=proxy:port=8080,bind_address=127.0.0.1 you can choose whatever you want host and port numbers
Start the scanning. You should see message
[*] Proxy: Listening on: http://127.0.0.1:8080 [~] Proxy: Control panel URL: http://arachni.proxy/panel [~] Proxy: Shutdown URL: http://arachni.proxy/shutdown [~] Proxy: The scan will resume once you visit the shutdown URL.
Open your browser of choice and configure it to send data through the proxy host and port you've used in arachni. For Firefox settings see below
http://www.aston.ac.uk/library/staff/mozillaproxy/
Leave arachni CLI for now. With the browser navigate to the page you would like to perform a scan and login with the credentials. You will see that arachni CLI passing some commends. After you finish the login, navigate to http://arachni.proxy/shutdown so that cookies can be passed to arachni PhantoJS instances and arachni will start the scanning process. Don't forget to exclude any logout / exit so that arachni won't accidentally leave a valid session. Please let us know about your results.
Tasos Laskos closed this discussion on 04 May, 2018 09:01 AM.