Learning Arachni source code
Hi
I am new to Arachni.I need to learn how the code works for sql
injection,XSS attacks etc it's algo at code level.
Can u provide me a suggestion on where to start & how to go
through :)
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 31 May, 2016 06:16 AM
Hello,
Try enabling the checks you want along with the
--output-debug=4
flag to see the operation.This will tell you what's going on as well as point you to the code locations that perform the printed functionality.
Cheers
2 Posted by mazharbuet11 on 16 Jun, 2016 05:38 AM
Thanks for your response .
I have another one.Can you please describe the algorithm how sq_injection is performed in arachni.I have been going over sql_injection.rb and trying to understand .
Support Staff 3 Posted by Tasos Laskos on 16 Jun, 2016 06:39 AM
Here's the algorithm that's used by that check: https://github.com/Arachni/arachni/blob/experimental/lib/arachni/el...
Give it a read and let me know if you need more help.
4 Posted by mazharbuet11 on 16 Jun, 2016 07:10 PM
Sorry but i have gone through it but was unable to understand it.I have a crud idea of the overall process.But need to learn the details of sql injection , xss ,csrf etc.
Can you please suggest how can I learn the process of automated detection of xss , sql injection csrf in Arachni .Thanks :)
Support Staff 5 Posted by Tasos Laskos on 17 Jun, 2016 09:40 AM
I don't mean to sound dismissive but I don't have the time to go over how these things work, you could quite literally fill a few books detailing Arachni's operation.
Did you try enabling the debugging output?
6 Posted by mazharbuet11 on 17 Jun, 2016 02:58 PM
Yes i did. I don't need you to explain me the details.Just tell me how to proceed to understand the code & algo on a high level :)
Support Staff 7 Posted by Tasos Laskos on 23 Jun, 2016 06:36 AM
You could grab the source and add your own debugging calls, then when you run it you'll be able to see how the algo operates. I think that's your best bet.
The checks use many different algos and it would be very time consuming for me to go over everything.
Tasos Laskos closed this discussion on 03 Aug, 2016 02:25 PM.