How to scan an entire project angularJs behind a CAS auth
Hello,
I need a little help, I have a project in AngularJs containing a lot of pages (about fifty), and I can not scan all the pages.
I created a script to login:
browser.goto 'https://my-site/cas/login?service=https%3A%2F%2Fmy-site.com%2Fdashboard%2FcheckCasTicket#/'
form = browser.form( id: 'fm1' )
form.text_field( name: 'username' ).set 'USER_ID'
form.text_field( name: 'password' ).set 'PASSWORD'
form.submit
sleep(3)
framework.options.session.check_url = 'https://my-site/dashboard/#/'
framework.options.session.check_pattern = 'dashboard || Dashboard'
I use this cmd :
bin/arachni https://my-site/dashboard/ --plugin=login_script:script='loginDashboard.rb' --scope-exclude-pattern="logout" --report-save-path=reports/testReport.afr --scope-include-subdomains --checks= -
And i receive this :
[+] Login was successful.
[~] Cookies set to:
[~] * JSESSIONID = [long token]
[~] * TGC = [long token]
[~] * my-token = [app token]
[*] Health map
[~] ~~~~~~~~~~~~~~
[~] Description: Generates a simple list of safe/unsafe URLs.
[~] Legend:
[+] No issues
[-] Has issues
[+] https://my-site/dashboard/
[~] Total: 1
[+] Without issues: 1
[-] With issues: 0 ( 0% )
[~] Report saved at: /home/mat/Logiciels/arachni-1.5.1-0.5.12/reports/testReport.afr [0.0MB]
[~] Audited 1 page snapshots.
[~] Duration: 00:00:09
[~] Processed 140/140 HTTP requests.
[~] -- 91.3 requests/second.
[~] Processed 0/0 browser jobs.
[~] -- 0.0 second/job.
[~] Currently auditing https://my-site/dashboard/
[~] Burst response time sum 5.16 seconds
[~] Burst response count 32
[~] Burst average response time 0.161 seconds
[~] Burst average 45.883 requests/second
[~] Timed-out requests 0
[~] Original max concurrency 20
[~] Throttled max concurrency 20
my project contain for example, the page 'request' at https://my-site/dashboard/request
Can you help me ?
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 04 May, 2018 09:10 AM
It's basically impossible for me to tell without access to the webapp, but PhantomJS is loosing support for some modern libs and until the new engine is ready there's not much I can do.
It could be just that.
2 Posted by Ralf on 08 Nov, 2019 06:59 PM
That sounds similar to my issue... When is the new engine estimated to be ready?