Auto login script HTML issue
Hello all,
i run into a problem with the login script, so i required to login on web app, but default method failed:
/home/arachniuser/arachni-1.5.1-0.5.12/bin/arachni https://www.XXX.org --plugin=autologin:url=https://www.XXX.org/login,parameters="text=[email blocked]&p..." Session: [Arachni::Session::Error::FormNotFound] Login form could not be found with: {:url=>"https://www.XXX.org/login", :inputs=>{"text"=>"[email blocked]", "password"=>"XXX"}}
I go through support tickets and discovered cool thing: advanced autologin (http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...)
Here we go, i prepared ruby script and tested locally (works as expected):
**browser.goto 'https://www.XXX.org/login'
form = browser.form( :class => 'input_3xjhyi-o_O-container_1pp1zxi-o_O-defaultBackground_3tuvhy', :index => 0 )
form.text_field( :type => 'text' ).set '[email blocked]'
form = browser.form( :class => 'input_3xjhyi-o_O-container_1pp1zxi-o_O-defaultBackground_3tuvhy', :index => 1 )
form.text_field( :type => 'password' ).set 'XXX'
framework.options.session.check_url = browser.url
framework.options.session.check_pattern = /XXX/**
upload to arachni env and executed with:
/home/arachniuser/arachni-1.5.1-0.5.12/bin/arachni https://www.XXX.org --plugin=login_script:script='/home/arachniuser/plugins/login_script.rb' --output-debug 4
Result is:
[2018-05-24 12:25:13 +0000 - 0.5] [!!] [browser#response_handler:1607] Browser: Got response: https://www.XXX.org/login [2018-05-24 12:25:13 +0000 - 0.0] [!] [browser/javascript#html?:422] Does not look like HTML: https://www.XXX.org/login then i can see incorrect login page source, seems that js files were not utilized and elements couldn't be discovered. But! i noticed, that, while execution default autologin plugin (--plugin=autologin:url=etc...) we have much more additional steps to execute with that page: ex [browser#response_handler:1624] Browser: Injected custom JS, but not with the custom one.
i tried many put real user-agent, but no luck
Any idea on that?
thank you
This discussion was closed! See this FAQ for more information:
-
Logging in and maintaining a valid session
See more..Arachni supports automated logout detection and re-login, as well as improved login procedures.
This article will go through all the different ways you can let Arachni know of what needs to be done in order to perform a login and maintain a valid session during the scan.Autologin plugin
The
autologin
plugin expects for following options:-
url
-- The URL containing the login form; -
parameters
-- A ...
-
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
armagheadon closed this discussion on 24 May, 2018 12:33 PM.
armagheadon re-opened this discussion on 24 May, 2018 12:33 PM
armagheadon closed this discussion on 29 May, 2018 03:57 PM.