Class: Arachni::Session
- Includes:
- UI::Output, Utilities
- Defined in:
- lib/arachni/session.rb
Overview
Session management class.
Handles logins, provided log-out detection, stores and executes login sequences and provided general webapp session related helpers.
Defined Under Namespace
Classes: Error
Constant Summary collapse
- LOGIN_TRIES =
5
- LOGIN_RETRY_WAIT =
5
Instance Attribute Summary collapse
- #browser ⇒ Browser readonly
- #login_sequence ⇒ Block readonly
Instance Method Summary collapse
-
#can_login? ⇒ Bool
‘true` if there is log-in capability, `false` otherwise.
- #clean_up ⇒ Object
- #configuration ⇒ Object
- #configure(options) ⇒ Object
-
#configured? ⇒ Bool
‘true` if configured, `false` otherwise.
-
#cookie(&block) ⇒ Object
Tries to find the main session (login/ID) cookie.
-
#cookies ⇒ Array<Element::Cookie>
Session cookies.
-
#ensure_logged_in ⇒ Bool?
‘true` if logged-in, `false` otherwise, `nil` if there’s no log-in capability.
-
#find_login_form(opts = {}, &block) ⇒ Object
Finds a login forms based on supplied location, collection and criteria.
- #has_browser? ⇒ Boolean
-
#has_login_check? ⇒ Bool
‘true` if a login check exists, `false` otherwise.
- #http ⇒ HTTP::Client
-
#logged_in?(http_options = {}, &block) ⇒ Bool?
‘true` if we’re logged-in, ‘false` otherwise.
-
#login(raise = false) ⇒ Page?
Uses the information provided by #configure or #login_sequence to login.
- #record_login_sequence(&block) ⇒ Object
- #with_browser(&block) ⇒ Object
Methods included from Utilities
#available_port, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from UI::Output
#debug?, #debug_off, #debug_on, #disable_only_positives, #included, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #unmute, #verbose?, #verbose_on
Instance Attribute Details
#browser ⇒ Browser (readonly)
56 57 58 |
# File 'lib/arachni/session.rb', line 56 def browser @browser end |
#login_sequence ⇒ Block (readonly)
59 60 61 |
# File 'lib/arachni/session.rb', line 59 def login_sequence @login_sequence end |
Instance Method Details
#can_login? ⇒ Bool
Returns ‘true` if there is log-in capability, `false` otherwise.
181 182 183 |
# File 'lib/arachni/session.rb', line 181 def can_login? configured? && has_login_check? end |
#clean_up ⇒ Object
61 62 63 64 |
# File 'lib/arachni/session.rb', line 61 def clean_up configuration.clear shutdown_browser end |
#configuration ⇒ Object
101 102 103 |
# File 'lib/arachni/session.rb', line 101 def configuration Data.session.configuration end |
#configure(options) ⇒ Object
96 97 98 99 |
# File 'lib/arachni/session.rb', line 96 def configure( ) configuration.clear configuration.merge! end |
#configured? ⇒ Bool
Returns ‘true` if configured, `false` otherwise.
107 108 109 |
# File 'lib/arachni/session.rb', line 107 def configured? !!@login_sequence || configuration.any? end |
#cookie(&block) ⇒ Object
Tries to find the main session (login/ID) cookie.
79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/arachni/session.rb', line 79 def ( &block ) return block.call( @session_cookie ) if @session_cookie fail Error::NoLoginCheck, 'No login-check has been configured.' if !has_login_check? .each do || logged_in?( cookies: { .name => '' } ) do |bool| next if bool block.call( @session_cookie = ) end end end |
#cookies ⇒ Array<Element::Cookie>
Returns Session cookies.
68 69 70 |
# File 'lib/arachni/session.rb', line 68 def http..select(&:session?) end |
#ensure_logged_in ⇒ Bool?
Returns ‘true` if logged-in, `false` otherwise, `nil` if there’s no log-in capability.
188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 |
# File 'lib/arachni/session.rb', line 188 def ensure_logged_in return if !can_login? return true if logged_in? print_bad 'The scanner has been logged out.' print_info 'Trying to re-login...' LOGIN_TRIES.times do |i| break if !login.response.timed_out? rescue Error print_bad "Login attempt #{i+1} failed, retrying after " << "#{LOGIN_RETRY_WAIT} seconds..." sleep LOGIN_RETRY_WAIT end if logged_in? print_ok 'Logged-in successfully.' true else print_bad 'Could not re-login.' false end end |
#find_login_form(opts = {}, &block) ⇒ Object
Finds a login forms based on supplied location, collection and criteria.
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 |
# File 'lib/arachni/session.rb', line 130 def find_login_form( opts = {}, &block ) async = block_given? requires_password = (opts[:requires_password].nil? ? true : opts[:requires_password]) find = proc do |cforms| cforms.select do |f| next if requires_password && !f.requires_password? oks = [] if action = opts[:action] oks << !!(action.is_a?( Regexp ) ? f.action =~ action : f.action == action) end if inputs = opts[:inputs] oks << f.has_inputs?( inputs ) end oks.count( true ) == oks.size end.first end forms = if opts[:pages] [opts[:pages]].flatten.map { |p| p.forms }.flatten elsif opts[:forms] opts[:forms] elsif (url = opts[:url]) http_opts = { update_cookies: true, follow_location: true, performer: self } if async http.get( url, http_opts ) do |r| block.call find.call( forms_from_response( r, true ) ) end else forms_from_response( http.get( url, http_opts.merge( mode: :sync ) ), true ) end end find.call( forms || [] ) if !async end |
#has_browser? ⇒ Boolean
299 300 301 |
# File 'lib/arachni/session.rb', line 299 def has_browser? Browser.has_executable? && Options.scope.dom_depth_limit > 0 end |
#has_login_check? ⇒ Bool
Returns ‘true` if a login check exists, `false` otherwise.
290 291 292 |
# File 'lib/arachni/session.rb', line 290 def has_login_check? !!@login_check || !!(Options.session.check_url && Options.session.check_pattern) end |
#http ⇒ HTTP::Client
295 296 297 |
# File 'lib/arachni/session.rb', line 295 def http HTTP::Client end |
#logged_in?(http_options = {}, &block) ⇒ Bool?
Returns ‘true` if we’re logged-in, ‘false` otherwise.
266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 |
# File 'lib/arachni/session.rb', line 266 def logged_in?( = {}, &block ) fail Error::NoLoginCheck if !has_login_check? = .merge( mode: block_given? ? :async : :sync, follow_location: true, performer: self ) print_debug 'Performing login check.' bool = nil http.get( Options.session.check_url, ) do |response| bool = !!response.body.match( Options.session.check_pattern ) print_debug "Login check done: #{bool}" block.call( bool ) if block end bool end |
#login(raise = false) ⇒ Page?
Uses the information provided by #configure or #login_sequence to login.
230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 |
# File 'lib/arachni/session.rb', line 230 def login( raise = false ) fail Error::NotConfigured, 'Please configure the session first.' if !configured? refresh_browser page = nil exception_jail raise do page = @login_sequence ? login_from_sequence : login_from_configuration end if has_browser? http. browser. end page ensure shutdown_browser end |
#record_login_sequence(&block) ⇒ Object
217 218 219 |
# File 'lib/arachni/session.rb', line 217 def record_login_sequence( &block ) @login_sequence = block end |
#with_browser(&block) ⇒ Object
251 252 253 |
# File 'lib/arachni/session.rb', line 251 def with_browser( &block ) block.call browser end |