Unable to scan Rest Services

Serrah's Avatar

Serrah

21 Dec, 2015 09:00 AM

Hi,
I have a REST API which is vulnerable to SQL injection; I have tried arachni proxy but I get nothing in the file containing the input vectors, I have also tried the new Arachni's Rest service but I still have no issues. Here is what I use to start a new scan :

{ "url" : "My uri", "http" : { "user_agent" : "Arachni/v2.0dev", "request_timeout" : 10000, "request_redirect_limit" : 5, "request_concurrency" : 20, "request_queue_size" : 100, "request_headers" : {}, "response_max_size" : 500000, "cookies" : {} }, "session" : {}, "checks" : ["sql_injection"], "platforms" : [], "plugins" : {}, "no_fingerprinting" : false, "authorized_by" : null }

Did I miss something when starting a new scan ? Can you explain further how to scan correctly Rest services?

Thanks :)

  1. Support Staff 1 Posted by Tasos Laskos on 22 Dec, 2015 12:12 AM

    Tasos Laskos's Avatar

    Hello, can you show me the configuration for when you've enabled the proxy?

  2. Support Staff 2 Posted by Tasos Laskos on 24 Feb, 2016 12:30 PM

    Tasos Laskos's Avatar

    I'm closing this due to lack of feedback, if the latest version is still giving you trouble feel free to reopen this discussion.

    Cheers

  3. Tasos Laskos closed this discussion on 24 Feb, 2016 12:30 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac