Class: Arachni::Plugins::AutoLogin
- Inherits:
-
Arachni::Plugin::Base
- Object
- Component::Base
- Arachni::Plugin::Base
- Arachni::Plugins::AutoLogin
- Defined in:
- components/plugins/autologin.rb
Overview
Automated login plugin.
It looks for the login form in the user provided URL, merges its input field with the user supplied parameters and sets the cookies of the response as framework-wide cookies.
Constant Summary collapse
- STATUSES =
{ ok: 'Logged in successfully.', form_not_found: 'Could not find a form suiting the provided parameters.', form_not_visible: 'The form was located but its DOM element is not ' << 'visible and thus cannot be submitted.', check_failed: 'The response did not match the verifier.' }
Constants included from Arachni
BANNER, Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML
Instance Attribute Summary
Attributes inherited from Arachni::Plugin::Base
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from Arachni::Plugin::Base
#browser_cluster, #clean_up, distributable, distributable?, #framework_abort, #framework_pause, #framework_resume, gems, #http, #info, #initialize, is_distributable, merge, #register_results, #restore, #run, #session, #suspend, #wait_while_framework_running, #with_browser
Methods inherited from Component::Base
author, description, fullname, #shortname, shortname, shortname=, version
Methods included from Component::Output
#depersonalize_output, #depersonalize_output?, #intercept_print_message
Methods included from UI::Output
#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on
Methods included from Component::Utilities
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Arachni
URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?
Constructor Details
This class inherits a constructor from Arachni::Plugin::Base
Class Method Details
.info ⇒ Object
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
# File 'components/plugins/autologin.rb', line 90 def self.info { name: 'AutoLogin', description: %q{ It looks for the login form in the user provided URL, merges its input fields with the user supplied parameters and sets the cookies of the response and request as framework-wide cookies. **NOTICE**: If the login form is by default hidden and requires a sequence of DOM interactions in order to become visible, this plugin will not be able to submit it. }, author: 'Tasos "Zapotek" Laskos <[email protected]>', version: '0.2.1', options: [ Options::String.new( :url, required: true, description: 'The URL that contains the login form.' ), Options::String.new( :parameters, required: true, description: 'Form parameters to submit -- special characters' + ' need to be URL encoded.( username=user&password=pass )' ), Options::String.new( :check, required: true, description: 'A pattern which will be used to verify a successful login. For example, if a logout link only appears when a user is ' + 'logged in then it can be a perfect choice.' ) ], priority: 0 # run before any other plugin } end |
Instance Method Details
#handle_error(type) ⇒ Object
83 84 85 86 87 88 |
# File 'components/plugins/autologin.rb', line 83 def handle_error( type ) print_error STATUSES[type] print_info 'Aborting the scan.' framework_abort end |
#prepare ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'components/plugins/autologin.rb', line 27 def prepare @parameters = request_parse_body( [:parameters] ) @verifier = Regexp.new( [:check] ) @url = [:url].to_s session.configure( url: @url, inputs: @parameters ) print_status 'Logging in, please wait.' response = begin session.login( true ) rescue Arachni::Session::Error::FormNotFound register_results( 'status' => 'form_not_found', 'message' => STATUSES[:form_not_found] ) handle_error( :form_not_found ) return clean_up rescue Arachni::Session::Error::FormNotVisible register_results( 'status' => 'form_not_visible', 'message' => STATUSES[:form_not_visible] ) handle_error( :form_not_visible ) return end print_status "Form submitted successfully, checking the session's validity." framework..session.check_url ||= response.url framework..session.check_pattern ||= @verifier if !session.logged_in? register_results( 'status' => 'check_failed', 'message' => STATUSES[:check_failed] ) handle_error( :check_failed ) return end = http..inject({}){ |h, c| h.merge!( c.simple ) } register_results( 'status' => 'ok', 'message' => STATUSES[:ok], 'cookies' => ) print_ok STATUSES[:ok] print_info 'Cookies set to:' .each do |name, val| print_info " * #{name.inspect} = #{val.inspect}" end end |