Arachni self learning
Dear Tasos,
currently I have Arachni up and running and I love the feature
rich framework you've made.
Today I did a few test runs and noticed that Arachni found a CSRF
issue on my site in the first run. I ignored this issue and did 2
other runs/scans with Arachni to check its consistency. After the
second run Arachni completely ignored this (CSRF) issue in further
runs.
Of course I did not make any modifications to my site.
So I dived a little deeper into the framework itself and noticed
that Arachni has the capability of 'learning' from itself.
Does this mean that Arachni compares findings of previous scans
with the current scan of the same site? Or does Arachni only
compares findings of its current scan? And in the first case, how
can I disable this (plugin or clean cache/logs)?
Awaiting your response
Kind regards,
J. Oliphant
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 30 Jun, 2015 11:23 AM
Hey J,
That behaviour would only occur when performing recurring scans via the WebUI, which I'm guessing isn't the case here.
In your case the explanation would be more pedestrian, like a timed out request or timed-out browser job in case there's DOM involvement for this particular issue.
Of course I won't know for sure unless I reproduce the issue myself.
You can provide me the details in private if you wish, via e-mail or I can make this discussion private.
Cheers
2 Posted by J. Oliphant on 30 Jun, 2015 12:56 PM
Hi Tasos,
thank you for the fast response.
In this case DOM is involved so a timed out request is probably the issue here.
I'll look further into this myself.
Thanks again!
Kind regards,
J. Oliphant
Tasos Laskos closed this discussion on 01 Jul, 2015 06:56 PM.