search

Arachni / arachni

Web Application Security Scanner Framework
http://www.arachni-scanner.com
Other
3.75k stars 760 forks source link

error with vector_feed plugin #961

Open d-nugraha opened 6 years ago

d-nugraha commented 6 years ago

hit an error when using vector_feed plugin, I was trying to export vector from proxy plugin for later re-scan activity, but when I use that vector in the same webapp version, it doesn't found any issues like when I used the proxy plugin then shutdown and continue to scan. from the log files there's some errors:

[2018-03-24 14:23:03 +0700] XSS: [element/capabilities/with_auditor/output#<module:Output>:28] [NoMethodError] undefined methodto_msgpack' for #`

reproduce step:

use this command to initiate scan with proxy plugin:

./arachni --plugin='proxy' --checks=xss* --scope-page-limit=0 http://testphp.vulnweb.com

download the vector from http://arachni.proxy/vectors.yml, then shutdown the proxy. arachni did found there's an xss issue.

then use the vector file with this command on another arachni scan session:

./arachni --plugin="vector_feed:yaml_file=vectors.yml" --checks=xss* --scope-page-limit=0 http://testphp.vulnweb.com

arachni did not found any issue, and you'll see above error in the log files. when trying with --audit-form options (which limit the audit to form elements only, the errors did not occur, but arachni still did not found the xss issue.

forgot to mention I'm using latest stable arachni 1.5.1, also when using the nightly build this problem occurred.

bryanbrannigan commented 6 years ago

@d-nugraha i get the same issue with on of my targets and its vector file but not others. did you make any progress on this?

d-nugraha commented 6 years ago

@eightzerobits what I found was there were :header type element in the vector generated by proxy plugin which cause the error, if I remove those it should work as intended, but still I didn't quite understand of this behaviour. So, my workaround is each time I want to re-scan the target, I have to remove those :header type element from vector files since I don't really do assessment to the header element.

There has to be a better way to do it though.

From the runtime log we can see that the vector plugin successfully read all the vector from yaml file, so I think the problem is within arachni engine itself, not the plugin, CMIIW.

ss arachni