Login Redirect URL
I have a question related to scan configuration settings when being redirected to a SSO login page.
I would like to scan the example web site https://someapp.foo.bar/blah but I get redirected to the link below after clicking the login button
https://login.foo.bar/cas/login?service=https%3A%2F%2Flogin.foo.bar...
In the scan config I need to specify a login form via a redirect on another web site. I do not want to include the login URL in the scan. So I need the scanner to hit the login URL only to authenticate but it is not in-scope to scan. I need to specify the in-scope-to-scan URL & the out-of-scope-for-scan login URL.
Can you provide an example of how I would accomplish this?
Thank you!
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 13 Oct, 2017 09:25 AM
You'll need to use a browser based Ruby login script, see: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...
Or have you tried that already?
2 Posted by ggoldyn on 13 Oct, 2017 06:15 PM
I have only tried the javascript login script. I will give the Ruby login script a try. Thanks!
3 Posted by ggoldyn on 17 Oct, 2017 05:04 PM
I am registering this error only when using the ruby login script:
[utilities#exception_jail:428] Session: [Selenium::WebDriver::Error::WebDriverError] unexpected response, code=404, content-type="text/plain" Error - Unable to load Atom 'execute_script' from file ':/ghostdriver/./third_party/webdriver-atoms/execute_script.js'
[utilities#exception_jail:428] Session: [Selenium::WebDriver::Error::WebDriverError] unexpected response, code=404, content-type="text/plain" Error - Unable to load Atom 'execute_script' from file ':/ghostdriver/./third_party/webdriver-atoms/execute_script.js'
4 Posted by ggoldyn on 17 Oct, 2017 05:58 PM
I tried to run on Debian Kali instance...This may explain it.
Debian Bug report logs - #860485
phantomjs: Does not work as webdriver for selenium because ghostdriver is not packaged
Support Staff 5 Posted by Tasos Laskos on 04 May, 2018 09:20 AM
You only need to use the official Arachni packages, nothing else.
Tasos Laskos closed this discussion on 04 May, 2018 09:20 AM.