Closed sunilkr closed 12 years ago
Arachni doesn't follow subdomains by default, use the -f
or --follow-subdomains
flag.
A special case of Gmail Login to mail.google.com first redirects you to accounts.google.com for authentication and then comes back to mail.google.com.
If i say follow subdomain, scanner will crawl (docs,code,.....,www).google.com as well. Can we say it to crawl only mail.google.com & accounts.google.com?
Sure:
-f -i '^http(s?):\/\/(mail|accounts)\.google\.com'
To make sure:
require_relative '../lib/arachni'
include Arachni
Options.parse
ap Options.include
[ 'http://mail.google.com', 'https://mail.google.com', 'http://accounts.google.com',
'https://accounts.google.com', 'http://google.com', 'https://google.com',
'http://docs.google.com'
].each do |url|
puts "Should '#{url}' be skipped? -- " + (Utilities.skip_path?( url ) ? 'Yes' : 'No')
end
I ran arachni console on an app where the 'index' page redirects to another subdomain and the new URL redirects to itself 4 times before redirecting back to original domain. When i ran without --extend-paths, Scan finished with the 1 request and the corresponding redirect response. When I ran with --extend-paths with 6 more URLS on the same domain; It queued 6 requests and scan finished after 6 redirect responses.
Isn't the new request with updated cookies should be sent to new effective URLS?
PS: redirect limit was not specified.