Create Logon Script for Angular.js

marcio.rocha's Avatar


17 Oct, 2016 09:42 PM

Hello again Tassos, I am running the insecure application Owasp Juice Shop, which is written completely in JavaScript, in the following link there is more detail.

I´d like your help with creating a working logon script for this, as this would also probably help us with an internal application which is also written in Javascript, with node.js an angular.js.
I have tried all options at Logging in and maintaining a valid session page to no avail. In applications writen with other languages, i was able to make it work.


  1. Support Staff 1 Posted by Tasos Laskos on 18 Oct, 2016 07:26 PM

    Tasos Laskos's Avatar

    Have you tried the nightlies?

  2. 2 Posted by marcio.rocha on 18 Oct, 2016 10:08 PM

    marcio.rocha's Avatar

    Yes, i have tried both stable and nightlies. I believe i has something to do with the # in the path.

  3. 3 Posted by Aladdin on 19 Oct, 2016 06:35 AM

    Aladdin's Avatar

    Hey Folks

    Yes, it looks like web applications built by using those technologies are invisible for Arachni hm.. I have lots of pages but Arachni is not able to find it, only one page used as parameter with stored in code links to assets. Arachni has serious problem to crawl between pages when application base only on JS technologies hm..

    URL raised by me discussion about # issue related to using JS technologies:

    Thanks Marcio

  4. Support Staff 4 Posted by Tasos Laskos on 19 Oct, 2016 06:39 AM

    Tasos Laskos's Avatar

    Aladdin please don't confuse the situation, these technologies should be supported.
    I haven't gotten a chance to look into your particular issues yet, but when I do I'll let you know what I find.

  5. Support Staff 5 Posted by Tasos Laskos on 19 Oct, 2016 07:41 AM

    Tasos Laskos's Avatar

    Worked for me (using nightlies):

    ./bin/arachni --checks - --plugin=login_script:script=tmp/support/13047/login.rb --session-check-url= --session-check-pattern=success

    Login script:

    # Extract the JWT auth token and set it system-wide.
    http.on_complete do |response|
        request = response.request
        next if !request.headers['Authorization']
        http.headers['Authorization'] = request.headers['Authorization']
    browser.goto ''
    browser.button( id: 'loginButton' ).wait_until_present( 30 )
    browser.text_field( id: 'userEmail' ).set '[email blocked]'
    browser.text_field( id: 'userPassword' ).set 'blah1'
    browser.button( id: 'loginButton' ).click
    browser.element( css: 'a[href="#/logout"]' ).wait_until_present
  6. 6 Posted by marcio.rocha on 19 Oct, 2016 03:10 PM

    marcio.rocha's Avatar

    Thank you for the reply. I´ll try it tonight and let you know if it has also worked here.

  7. 7 Posted by Aladdin on 20 Oct, 2016 08:08 AM

    Aladdin's Avatar

    Really well done Tasos. Latest nightly code was able to crawl by pages.
    Thanks for Your patience!
    Kind Regards

  8. Support Staff 8 Posted by Tasos Laskos on 20 Oct, 2016 08:32 AM

    Tasos Laskos's Avatar

    Sorry for the mixup, the previous nightly had a bug that went unnoticed.
    I fixed it yesterday.

  9. Tasos Laskos closed this discussion on 20 Oct, 2016 08:32 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac