Class: Arachni::Plugins::AutoLogin

Inherits:
Arachni::Plugin::Base show all
Defined in:
components/plugins/autologin.rb

Overview

Automated login plugin.

It looks for the login form in the user provided URL, merges its input field with the user supplied parameters and sets the cookies of the response as framework-wide cookies.

Author:

Version:

  • 0.2.1

Constant Summary collapse

STATUSES =
{
    ok:               'Logged in successfully.',
    form_not_found:   'Could not find a form suiting the provided parameters.',
    form_not_visible: 'The form was located but its DOM element is not ' <<
                          'visible and thus cannot be submitted.',
    check_failed:     'The response did not match the verifier.'
}

Constants included from Arachni

BANNER, Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML

Instance Attribute Summary

Attributes inherited from Arachni::Plugin::Base

#framework, #options

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Arachni::Plugin::Base

#browser_cluster, #clean_up, distributable, distributable?, #framework_abort, #framework_pause, #framework_resume, gems, #http, #info, #initialize, is_distributable, merge, #register_results, #restore, #run, #session, #suspend, #wait_while_framework_running, #with_browser

Methods inherited from Component::Base

author, description, fullname, #shortname, shortname, shortname=, version

Methods included from Component::Output

#depersonalize_output, #depersonalize_output?, #intercept_print_message

Methods included from UI::Output

#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on

Methods included from Component::Utilities

#read_file

Methods included from Utilities

#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from Arachni

URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?

Constructor Details

This class inherits a constructor from Arachni::Plugin::Base

Class Method Details

.infoObject


90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# File 'components/plugins/autologin.rb', line 90

def self.info
    {
        name:        'AutoLogin',
        description: %q{
It looks for the login form in the user provided URL, merges its input fields
with the user supplied parameters and sets the cookies of the response and
request as framework-wide cookies.

**NOTICE**: If the login form is by default hidden and requires a sequence of DOM
interactions in order to become visible, this plugin will not be able to submit it.
},
        author:      'Tasos "Zapotek" Laskos <[email protected]>',
        version:     '0.2.1',
        options:     [
            Options::String.new( :url,
                required:    true,
                description: 'The URL that contains the login form.'
            ),
            Options::String.new( :parameters,
                required:    true,
                description: 'Form parameters to submit -- special characters' +
                             ' need to be URL encoded.( username=user&password=pass )'
            ),
            Options::String.new( :check,
                required:    true,
                description:
                    'A pattern which will be used to verify a successful login.
                    For example, if a logout link only appears when a user is ' +
                    'logged in then it can be a perfect choice.'
            )
        ],
        priority:    0 # run before any other plugin
    }
end

Instance Method Details

#handle_error(type) ⇒ Object


83
84
85
86
87
88
# File 'components/plugins/autologin.rb', line 83

def handle_error( type )
    print_error STATUSES[type]

    print_info 'Aborting the scan.'
    framework_abort
end

#prepareObject


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'components/plugins/autologin.rb', line 27

def prepare
    @parameters = request_parse_body( options[:parameters] )
    @verifier   = Regexp.new( options[:check] )
    @url        = options[:url].to_s

    session.configure( url: @url, inputs: @parameters )

    print_status 'Logging in, please wait.'

    response = begin
        session.( true )
    rescue Arachni::Session::Error::FormNotFound
        register_results(
            'status'  => 'form_not_found',
            'message' => STATUSES[:form_not_found]
        )
        handle_error( :form_not_found )
        return clean_up
    rescue Arachni::Session::Error::FormNotVisible
        register_results(
            'status'  => 'form_not_visible',
            'message' => STATUSES[:form_not_visible]
        )
        handle_error( :form_not_visible )
        return
    end

    print_status "Form submitted successfully, checking the session's validity."

    framework.options.session.check_url     ||= response.url
    framework.options.session.check_pattern ||= @verifier

    if !session.logged_in?
        register_results(
            'status'  => 'check_failed',
            'message' => STATUSES[:check_failed]
        )
        handle_error( :check_failed )
        return
    end

    cookies = http.cookies.inject({}){ |h, c| h.merge!( c.simple ) }

    register_results(
        'status'  =>  'ok',
        'message' => STATUSES[:ok],
        'cookies' => cookies
    )
    print_ok STATUSES[:ok]

    print_info 'Cookies set to:'
    cookies.each do |name, val|
        print_info "    * #{name.inspect} = #{val.inspect}"
    end
end