Login Scrip fails on Federated Authentication
Hi
I'm trying to create a login sctipt for the site http://dev-miu-rs.miutility.com/login which redirects to a federation server to perform the authentication but arachni fails to perform the redirection.
This is my login script
browser.goto 'http://dev-miu-rs.miutility.com/login'
browser.button(class: 'btn btn-primary' ).when_present.click
browser.input( id: 'userNameInput' ).wait_until_present( 30 )
browser.button( id: 'submitButton' ).wait_until_present( 30 )
#browser.text_field( id: 'userNameInput' ).set validusername'
browser.text_field( id: 'dsswordInput' ).set 'avalidpassword'
browser.button( id: 'submitButton' ).click
When I print the value of browser.url
after the first button.click I still get the URL http://dev-miu-rs.miutility.com/login It looks like it is not able to follow the redirection.
Any idea?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 12 Apr, 2017 09:50 AM
I'm getting "Firefox can’t find the server at miutilityadfs.miutilityadfs.com." after clicking the button.
2 Posted by valentin.ortiz on 12 Apr, 2017 12:44 PM
Thanks for your reply Tasos
Are you running that same script? Because what I get is:
I tried with arachni-1.5-0.5.11 and arachni-2.0dev-1.0devSupport Staff 3 Posted by Tasos Laskos on 12 Apr, 2017 12:47 PM
No, I visited it via Firefox, you're getting that error because the button doesn't work.
I click on it and I get redirected to a domain that doesn't seem to exist.
4 Posted by valentin.ortiz on 12 Apr, 2017 01:14 PM
Hello Tasos
That is weird, the domain exists and the button is working for me. When the button is clicked it redirects to something like this:
https://miutilityadfs.miutilityadfs.com/adfs/oauth2/authorize?respo...
Please take a look at the attachment. The button has a "strange" value though, but that's why I'm using the class instead of the value:
Support Staff 5 Posted by Tasos Laskos on 12 Apr, 2017 01:20 PM
I tried it from my machine in Greece and servers in the US and the host could not be found from any of them.
Are you running the scan from the same machine that you used to generate that screenshot?
6 Posted by valentin.ortiz on 12 Apr, 2017 01:27 PM
My bad, please excuse my short term memory and my low capacity of double checking things first =)
You are right, the domain does not exist. You need to add this to your hosts file
Support Staff 7 Posted by Tasos Laskos on 12 Apr, 2017 01:39 PM
It could be that the hosts file isn't being respected.
Can you try the following please inside a login script and show me the output?
8 Posted by valentin.ortiz on 12 Apr, 2017 01:50 PM
Here is the output
9 Posted by valentin.ortiz on 12 Apr, 2017 02:07 PM
Hello
But if I hit yes, the site loadsI installed lynx to access the miutilityadfs.miutilityadfs.com site and I get this error regarding the certificate:
Do you think the certificate is causing problems with the login script?
Support Staff 10 Posted by Tasos Laskos on 13 Apr, 2017 01:17 PM
My bad, I didn't see that it was a redirection to HTTPS, can you rerun the script I mentioned but use HTTPS?
It shouldn't be an issue, but I'd like to make sure.
11 Posted by valentin.ortiz on 13 Apr, 2017 11:42 PM
Hello Tasos, thanks for your response
It looks like it is working! I get the following:
But the authentication server instructs the client to redirect to a specific page and adds an input parameter, take a look at the response (specially the location value):
How can I tell arachni to start the scan on that URL?
The site uses Agular2 heavely. I'm using this command:
12 Posted by valentin.ortiz on 14 Apr, 2017 02:00 AM
As an additional comment, the web page uses Angular2 and when click on the links it actually calls a different host running on port 8996
I put a sniffer and I never see traffic to that port, it seems that Arachni is not following those links. Any idea?
Support Staff 13 Posted by Tasos Laskos on 14 Apr, 2017 11:09 AM
The exclude pattern won't work, it needs to match the logout URL not the link text.
Also, you don't need to specify the
--scope-exclude-content-pattern
options.As for the redirect, is the
id_token
vital? What happens if you visit the target URL without it?14 Posted by valentin.ortiz on 16 Apr, 2017 04:29 AM
Thanks Tasos
I seems that oAuth needs that token passed in the url for the authentication to work. This is the final output, but I'm attaching the full output. What do you think?
Support Staff 15 Posted by Tasos Laskos on 21 Apr, 2017 11:08 AM
Try:
16 Posted by valentin.ortiz on 23 Apr, 2017 02:18 AM
Hello Tasos, thanks for your time I appreciate it
Here is what I get:
I have the feeling that I missing something obvious here.... but I couldn't figure out what it is.I'm attaching the full output.
Support Staff 17 Posted by Tasos Laskos on 23 Apr, 2017 01:30 PM
My bad, I got confused, use
browser.url
instead ofresponse.headers.location
.browser.url
should be the redirect location, right?Place that at the end of the login script.
18 Posted by valentin.ortiz on 24 Apr, 2017 02:43 AM
Hi Tasos
It looks like that did the trick, your are the master!.
This is the scripthere is the command:
When I print the browser.html I get the main page:
The problem I have now is that arachni only audits 2 pages. Do you think it is related to a missing parameter or something like that?
I'm attaching the full output.
Support Staff 19 Posted by Tasos Laskos on 29 Apr, 2017 11:17 AM
Looks like the page hasn't finished loading, is it populated via AJAX calls?
20 Posted by valentin.ortiz on 01 May, 2017 05:03 AM
Yes, it also uses Angular2 to get data from another server:
https://dev-miu-rs.miutility.com:8996
Same hostname but different port.
I'm attaching a screenshot...
Support Staff 21 Posted by Tasos Laskos on 01 May, 2017 08:13 AM
This option may be the last piece of the puzzle: https://github.com/Arachni/arachni/wiki/Command-line-user-interface...
Tasos Laskos closed this discussion on 11 Jun, 2017 10:37 AM.