Scan: Missing tags and parameters in URL

karadenizli_55's Avatar

karadenizli_55

08 May, 2018 11:29 PM

Hello,

I have to analyze a web-application which is placed on an launchpad, with other apps.

The Launchpad link looks like this:

https://www.example.de/sites?siteId=c123434ffs

The app I want to analyze can be called by using a tag "#" with the app name

https://www.example.de/sites?siteId=c123434ffs#app-name

My basic problem is that when I start the scan, the part of the attached tag will be ignored.

https://www.example.de/sites?siteId=c123434ffs <- Only this URL will be scanned.

I searched for similar problems and came across the plugin "Restrict to DOM state ". This adds the needed tag and merged to the needed URL, but I get the following warning and nothing happens, the scan will not continue.

2018-05-09 01:05:48 WARN Selenium [DEPRECATION] :timeout= is deprecated. Use #read_timeout= and #open_timeout= instead.

I use the following command to start the scan:

arachni https://www.example.de/sites?siteId=c123434ffs --http-cookie-jar /root/Schreibtisch/cookies.txt --plugin=restrict_to_dom_state:fragment="app-name"

I found something like this problem, but unfortunately I could not solve my problem.

https://github.com/appium/ruby_lib/pull/437

Maybe my approach is the wrong one to analyze this app. I hope you can help me

Best regards

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac