Problem when trying authenticated scan
Hello! I'm trying to perfom an authenticated scan, but I'm having some issues. The website I'm trying to login into is:
http://prope.unesp.br/pibic/aluno/index.php
and the command I'm running is:
arachni http://prope.unesp.br/pibic/aluno/index.php --report-save-path=/home/amanda/arachni.afr
--plugin=autologin:url=http://prope.unesp.br/pibic/aluno/index.php, parameters="login_pibic=username&senha_pibic=password&BtAcessar=Acessar",check="Sign Off|MY ACCOUNT" --scope-exclude-pattern=logout
However, the login doesn't happen, because I can see that the tool insn't scanning the pages that exist after the login is successful; it only scans the "outside" pages. And, besides, there are some errors that appear (they can be seen in the attached images).
I was able to obtain the parameters of the autologin plugin observing the POST message with Burp Proxy.
Can someone explain what I'm doing wrong? Thanks in advance.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by amanda.barbosa on 02 Apr, 2018 02:57 PM
Attached images:
Support Staff 2 Posted by Tasos Laskos on 04 May, 2018 08:56 AM
You're not using the official packages, seems like an env issue first and foremost.