Home → Questions →

Log redirects to external sites.

• Edit

Kevin

28 Apr, 2015 08:48 AM

Hi, i was wondering if it's possible to log redirects to sites out of scope ?
In this specific case i would like to log, if the etc. javascript on the site makes the browser redirect to http://google.com

So in short:
Arachni scans page http://example.com/index.php
On index.php there is an iframe with is towards http://google.com
Google is out of scope but i want to log that it tries to connect there.

Best regards,
Kevin

1. Support Staff 1 Posted by Tasos Laskos on 28 Apr, 2015 09:17 AM

   

   Hello,

   There's no existing feature that does that but you can write a plugin to log out of scope HTTP requests.

   I can give you some pointers if you'd like.

   Cheers

   • Edit

2. 2 Posted by Kevin on 28 Apr, 2015 09:28 AM

   

   That would be great! I am currently wondering whether adding output to file around #out? = True though it's a little bit unclear whether that would do the trick.

   Any pointers towards writing a plugin is greatly appreciated.

   • Edit

3. Support Staff 3 Posted by Tasos Laskos on 28 Apr, 2015 09:41 AM

   

   You can intercept all requests via http.on_queue and check for HTTP::Request#in_domain?, if it's false you can log it.

   You can use this plugin to see the minimal structure and replace the contents of its #run method with your code.

   If you care about what subsystem or component performed the request you can get that via HTTP::Request#performer.

   • Edit

4. 4 Posted by Kevin on 28 Apr, 2015 10:35 AM

   

   Thanks for the quick support.
   How is "HTTP::Request#in_domain?" evaluated in code?
   Is it a variable or function or what ? Newbie to ruby incase you wondered :)

   • Edit

5. Support Staff 5 Posted by Tasos Laskos on 28 Apr, 2015 10:38 AM

   

   Ah, no worries:

   http.on_queue do |request|
       next if request.in_domain?
   
       // Log stuff...
       // You probably want request.url
   end
   

   • Edit

6. 6 Posted by Kevin on 28 Apr, 2015 11:27 AM

   

   I cannot get this to work. in_domain not found

   • Edit

7. Support Staff 7 Posted by Tasos Laskos on 28 Apr, 2015 11:28 AM

   

   My bad, it's request.scope.in_domain?.

   • Edit

8. 8 Posted by Kevin on 28 Apr, 2015 11:33 AM

   

   Fair enough. Thanks again :)

   • Edit

9. 9 Posted by Kevin on 28 Apr, 2015 11:41 AM

   

   The plugins works and runs "as expected".
   I have created a website where there is only located a index.php with an iframe to google.
   What i expected to see was the iframe evaluated and a request trying to be made.
   However this is not the case.
   Do you have any idea where i'm missing something ?

   I don't know whether the plugin should have different hooks or if the iframe even gets executed.

   • Edit

10. Support Staff 10 Posted by Tasos Laskos on 28 Apr, 2015 11:42 AM

    

    Can you show me how you're running arachni?

    • Edit

11. 11 Posted by Kevin on 28 Apr, 2015 11:44 AM

    

    bin/arachni --browser-cluster-pool-size 1 --plugin 'ooscope' http://sitewith1iframe

    • Edit

12. Support Staff 12 Posted by Tasos Laskos on 28 Apr, 2015 11:47 AM

    

    I thought the site was live, can you show me the HTML please?

    • Edit

13. 13 Posted by Kevin on 28 Apr, 2015 11:48 AM

    

    herroo

    • Edit

14. 14 Posted by Kevin on 28 Apr, 2015 11:49 AM

    

    Lol i think it gets removed.
    It's a plain iframe. Only iframe.

    • Edit

15. Support Staff 15 Posted by Tasos Laskos on 28 Apr, 2015 12:03 PM

    

    You're right, the request gets cut-off before it reaches the HTTP client. That's a good thing in general but prevents the use-case you want.

    Is this feature critical?

    • Edit

16. 16 Posted by Kevin on 28 Apr, 2015 12:08 PM

    

    Yea it is critical because i would like to make a map of where the website (connects to)/(redirect users to)

    • Edit

17. 17 Posted by Kevin on 28 Apr, 2015 12:19 PM

    

    Can't you point me to the place where it cuts it off and then i can add some logging there ? That should be possible right ? It may get hacky but that's ok

    • Edit

18. Support Staff 18 Posted by Tasos Laskos on 28 Apr, 2015 12:31 PM

    

    All browser traffic passes through: https://github.com/Arachni/arachni/blob/master/lib/arachni/browser....

    There may be other places that redirect to external resources though that get triggered by non-browser interactions so you'll probably also need to monitor responses like so:

    http.on_response do |response|
        next if !response.redirection?
    
        # Sometimes there are multiple locations provided.
        location = [response.headers.location].flatten.first
    
        # Make sure the location is a full and absolute URL.
        location = URI.to_absolute( location, response.effective_url )
    
        next if Arachni::URI( location ).in_domain?
    
        # Log stuff
    end
    

    • Edit

19. 19 Posted by Kevin on 30 Apr, 2015 09:10 AM

    

    So this:
    def request_handler( request , response )
    print_debug "aaaaa"

    Should give me aaaaa if i set --output-debug

    • Edit

20. 20 Posted by Kevin on 30 Apr, 2015 09:14 AM

    

    And btw, it does not give me aaaaa output.

    • Edit

21. Support Staff 21 Posted by Tasos Laskos on 30 Apr, 2015 09:23 AM

    

    I tested what you mentioned and if the page just has an iframe element it will not be passed to the browsers, this is a bug I'll fix in a bit -- an optimization cuts it off too soon.

    Try including <script></script> and see if it works this time.

    • Edit

22. 22 Posted by Kevin on 30 Apr, 2015 09:28 AM

    

    With a script src= it works :)

    • Edit

23. Support Staff 23 Posted by Tasos Laskos on 30 Apr, 2015 09:43 AM

    

    Come to think about it the optimization was right, if there's no script in the parent nor the iframe then the browser should skip it.

    As you can see Arachni tries to ignore out of scope resources ASAP so I don't know if it fits your requirements.

    • Edit

24. Tasos Laskos closed this discussion on 06 May, 2015 01:19 PM.