Auto login script HTML issue

armagheadon's Avatar

armagheadon

24 May, 2018 12:32 PM

Hello all,

i run into a problem with the login script, so i required to login on web app, but default method failed:
/home/arachniuser/arachni-1.5.1-0.5.12/bin/arachni https://www.XXX.org --plugin=autologin:url=https://www.XXX.org/login,parameters="text=[email blocked]&p..." Session: [Arachni::Session::Error::FormNotFound] Login form could not be found with: {:url=>"https://www.XXX.org/login", :inputs=>{"text"=>"[email blocked]", "password"=>"XXX"}}

I go through support tickets and discovered cool thing: advanced autologin (http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...)

Here we go, i prepared ruby script and tested locally (works as expected):
**browser.goto 'https://www.XXX.org/login'

form = browser.form( :class => 'input_3xjhyi-o_O-container_1pp1zxi-o_O-defaultBackground_3tuvhy', :index => 0 )
form.text_field( :type => 'text' ).set '[email blocked]'
form = browser.form( :class => 'input_3xjhyi-o_O-container_1pp1zxi-o_O-defaultBackground_3tuvhy', :index => 1 )
form.text_field( :type => 'password' ).set 'XXX'

framework.options.session.check_url = browser.url
framework.options.session.check_pattern = /XXX/**

upload to arachni env and executed with:
/home/arachniuser/arachni-1.5.1-0.5.12/bin/arachni https://www.XXX.org --plugin=login_script:script='/home/arachniuser/plugins/login_script.rb' --output-debug 4

Result is:
[2018-05-24 12:25:13 +0000 - 0.5] [!!] [browser#response_handler:1607] Browser: Got response: https://www.XXX.org/login [2018-05-24 12:25:13 +0000 - 0.0] [!] [browser/javascript#html?:422] Does not look like HTML: https://www.XXX.org/login then i can see incorrect login page source, seems that js files were not utilized and elements couldn't be discovered. But! i noticed, that, while execution default autologin plugin (--plugin=autologin:url=etc...) we have much more additional steps to execute with that page: ex [browser#response_handler:1624] Browser: Injected custom JS, but not with the custom one.

i tried many put real user-agent, but no luck

Any idea on that?

thank you

This discussion was closed! See this FAQ for more information:

  1. Logging in and maintaining a valid session

    Arachni supports automated logout detection and re-login, as well as improved login procedures.
    This article will go through all the different ways you can let Arachni know of what needs to be done in order to perform a login and maintain a valid session during the scan.

    Autologin plugin

    The autologin plugin expects for following options:

    • url -- The URL containing the login form;
    • parameters -- A ...
    See more..
  1. armagheadon closed this discussion on 24 May, 2018 12:33 PM.

  2. armagheadon re-opened this discussion on 24 May, 2018 12:33 PM

  3. armagheadon closed this discussion on 29 May, 2018 03:57 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac