Login Redirect URL

ggoldyn's Avatar

ggoldyn

28 Sep, 2017 09:57 PM

I have a question related to scan configuration settings when being redirected to a SSO login page.

I would like to scan the example web site https://someapp.foo.bar/blah but I get redirected to the link below after clicking the login button

https://login.foo.bar/cas/login?service=https%3A%2F%2Flogin.foo.bar...

In the scan config I need to specify a login form via a redirect on another web site. I do not want to include the login URL in the scan. So I need the scanner to hit the login URL only to authenticate but it is not in-scope to scan. I need to specify the in-scope-to-scan URL & the out-of-scope-for-scan login URL.

Can you provide an example of how I would accomplish this?

Thank you!

  1. Support Staff 1 Posted by Tasos Laskos on 13 Oct, 2017 09:25 AM

    Tasos Laskos's Avatar

    You'll need to use a browser based Ruby login script, see: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma...

    Or have you tried that already?

  2. 2 Posted by ggoldyn on 13 Oct, 2017 06:15 PM

    ggoldyn's Avatar

    I have only tried the javascript login script. I will give the Ruby login script a try. Thanks!

  3. 3 Posted by ggoldyn on 17 Oct, 2017 05:04 PM

    ggoldyn's Avatar

    I am registering this error only when using the ruby login script:

    [utilities#exception_jail:428] Session: [Selenium::WebDriver::Error::WebDriverError] unexpected response, code=404, content-type="text/plain" Error - Unable to load Atom 'execute_script' from file ':/ghostdriver/./third_party/webdriver-atoms/execute_script.js'
    [utilities#exception_jail:428] Session: [Selenium::WebDriver::Error::WebDriverError] unexpected response, code=404, content-type="text/plain" Error - Unable to load Atom 'execute_script' from file ':/ghostdriver/./third_party/webdriver-atoms/execute_script.js'

  4. 4 Posted by ggoldyn on 17 Oct, 2017 05:58 PM

    ggoldyn's Avatar

    I tried to run on Debian Kali instance...This may explain it.

    Debian Bug report logs - #860485
    phantomjs: Does not work as webdriver for selenium because ghostdriver is not packaged

  5. Support Staff 5 Posted by Tasos Laskos on 04 May, 2018 09:20 AM

    Tasos Laskos's Avatar

    You only need to use the official Arachni packages, nothing else.

  6. Tasos Laskos closed this discussion on 04 May, 2018 09:20 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac