search

infobyte / faraday-client

GTK client of FaradaySEC
Other
6 stars 3 forks source link

cant login #4

Closed s0i37 closed 3 years ago

s0i37 commented 4 years ago

Faraday v3.11.1 Faraday Client vv1.0.0

faraday-manage initdb ... username: faraday
password: s3cr3t

Cant login with these credentials to http://localhost:5985/#/login and faraday-client

faraday-manage change_password --username faraday

Cant login with these credentials to http://localhost:5985/#/login and faraday-client

aenima-x commented 4 years ago

You cant login to de web, the client or both?

llazzaro commented 4 years ago

Can you execute faraday-manage status-check and send us the command output? Also, can you try to start the server with debug=true and check the logs for errors?

s0i37 commented 4 years ago

You cant login to de web, the client or both? yes

faraday-server faraday-manage status_check

Showing faraday server configuration
 version: 3.11.1
 bind_address: localhost
 port: 5985
 websocket_port: 9000
 debug: False

Showing faraday plugins data
 version: 1.2.3

Showing dashboard configuration
 show_vulns_by_price: False

Showing storage configuration
 path: /home/soier/.faraday/storage

Checking if postgreSQL is running...
[+] PostgreSQL is running and up to date
[+] PostgreSQL lock not detected. 
[+] PostgreSQL encoding: UTF8                                                                                                               

Checking if Faraday is running...                                                                                                           
[+] Faraday Server is running. PID:733568                                                                                                   

Checking Faraday config...                                                                                                                  
[+] /.faraday/storage -> Permission accepted                                                                                                
[+] Port 5985 in localhost is open

~/.faraday/config/server.ini:

[faraday_server]
...
debug = true
...

faraday-server

2020-08-27T14:22:32+0500 - faraday - WARNING {MainThread} [start_server.py:54 - check_postgresql()]  No workspaces found
2020-08-27T14:22:32+0500 - faraday.server.web - INFO {MainThread} [web.py:82 - __init__()]  Starting web server at http://localhost:5985/
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - INFO {MainThread} [manager.py:152 - _load_plugins()]  Loading Native Plugins...
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [acunetix]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [amap]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [appscan]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [appspider]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [arachni]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [arp_scan]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [awsprowler]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [beef]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [brutexss]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [burp]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [checkmarx]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [cobalt]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dig]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dirb]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dirsearch]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dnsenum]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dnsmap]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dnsrecon]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dnswalk]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [faraday_csv]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [fierce]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [fortify]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [fruitywifi]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ftp]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [goohost]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [hping3]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [hydra]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [impact]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ip360]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [junit]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [lynis]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [maltego]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [medusa]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [metasploit]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ndiff]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [nessus]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [netdiscover]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [netsparker]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [netsparkercloud]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [nexpose_full]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [nikto]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [nmap]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [openvas]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [pasteanalyzer]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [peepingtom]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ping]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [propecia]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [qualysguard]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [qualyswebapp]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [reconng]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [retina]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [reverseraider]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [skipfish]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [sourceclear]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [sshdefaultscan]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [sslyze]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [telnet]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [theharvester]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [traceroute]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [w3af]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [wapiti]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [wcscan]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [webfuzzer]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [webinspect]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [wfuzz]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [whitesource]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [whois]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [wpscan]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [x1]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [xsssniper]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [zap]
2020-08-27T14:22:32+0500 - faraday.faraday_plugins.plugins.manager - INFO {MainThread} [manager.py:203 - _load_plugins()]  71 plugins loaded
2020-08-27T14:22:32+0500 - faraday.server.threads.reports_processor - DEBUG {ReportsManager-Thread} [reports_processor.py:62 - run()]  Start Reports Manager
2020-08-27T14:22:32+0500 - faraday.server.web - INFO {MainThread} [web.py:130 - __build_websockets_resource()]  Starting websocket server at port 9000 with bind address localhost. SSL False
2020-08-27T14:22:32+0500 - faraday.server.web - INFO {MainThread} [web.py:198 - run()]  Faraday Server is ready
2020-08-27T14:22:33+0500 - faraday.server.threads.ping_home - DEBUG {PingHomeThread} [ping_home.py:25 - run()]  Ping Home

When I try to log in with faraday-client I see:

2020-08-27T14:24:04+0500 - faraday.server.app - DEBUG {PoolThread-twisted.internet.reactor-0} [app.py:265 - user_logged_in_succesfull()]  Send Faraday-Client license_check
2020-08-27T14:24:04+0500 - faraday.server.app - DEBUG {PoolThread-twisted.internet.reactor-0} [app.py:267 - user_logged_in_succesfull()]  Faraday-Client license_check response: {"license_status":"OK","update_status":"AVAILABLE"}

When http://localhost:5985/ - nothing messages

llazzaro commented 4 years ago

Can you try to authenticate using this:

curl -s 'http://127.0.0.1:5985/_api/login' \
        -H 'Origin: http://127.0.0.1:5985' -H 'Accept-Encoding: gzip, deflate, br' \
        -H 'Accept-Language: en-US,en;q=0.9' \
        -H 'Content-Type: application/json' \
        -H 'Accept: application/json, text/javascript, */*; q=0.01' \
        -H 'Referer: http://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest' \
        -H 'Connection: keep-alive' \
        --data-binary '{"email":"faraday","password": "changeme"}' \
        --compressed -c cookie.txt > /dev/null

And show us the response?

Thanks

s0i37 commented 4 years ago

faraday-manage change_password --username faraday --password 123

I don't known that must contains cookie.txt so I send:

curl -s 'http://127.0.0.1:5985/_api/login' \
        -H 'Origin: http://127.0.0.1:5985' -H 'Accept-Encoding: gzip, deflate, br' \
        -H 'Accept-Language: en-US,en;q=0.9' \
        -H 'Content-Type: application/json' \ 
        -H 'Accept: application/json, text/javascript, */*; q=0.01' \
        -H 'Referer: http://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest' \
        -H 'Connection: keep-alive' \
        --data-binary '{"email":"faraday","password": "123"}' \     
        --compressed > /dev/null

Answer:

T 127.0.0.1:5985 -> 127.0.0.1:40396 [AP] #6
  HTTP/1.1 200 OK..Date: Mon, 31 Aug 2020 07:21:56 GMT..Content-Type: application/
  json..Content-Length: 252..Set-Cookie: faraday_session_2=1b2c638e17e0adf8_5f4ca5
  14.fnFD4Dk7PjCdrIWm3rmrELZUWDo; HttpOnly; Path=/; SameSite=Lax....{"meta":{"code
  ":200},"response":{"user":{"authentication_token":"WyIxIiwiJDUkcm91bmRzPTUzNTAwM
  CRqSEZsOXFqSi96dWI5cy5nJGhVQndPNURrcGJjSGhub21TbmMvY3cwVkFiZHpudlRGQVF3OVJxVkE3Z
  zQiXQ.Ei42lA.SkH8rVGyW_SA-FvxFwp2lUcllp4","name":null,"username":"faraday"}}}.
aenima-x commented 4 years ago

@s0i37 the answer is ok, you are logged in

s0i37 commented 4 years ago

When I use faraday-client:

T 127.0.0.1:56692 -> 127.0.0.1:5985 [AP] #18
  POST /_api/login HTTP/1.1..Host: localhost:5985..User-Agent: faraday-client/v1.0
  .0..Accept-Encoding: gzip, deflate..Accept: */*..Connection: keep-alive..Content
  -Length: 39..Content-Type: application/json....                                 
##
T 127.0.0.1:56692 -> 127.0.0.1:5985 [AP] #20
  {"email": "faraday", "password": "123"}                                         
##
T 127.0.0.1:5985 -> 127.0.0.1:56692 [AP] #22
  HTTP/1.1 200 OK..Date: Tue, 01 Sep 2020 07:54:31 GMT..Content-Type: application/
  json..Content-Length: 252..Set-Cookie: faraday_session_2=fc5cb92409363e51_5f4dfe
  39.JXnOWb-sgtgelHgRguqD_ppdOr8; HttpOnly; Path=/; SameSite=Lax....{"meta":{"code
  ":200},"response":{"user":{"authentication_token":"WyIxIiwiJDUkcm91bmRzPTUzNTAwM
  CRkS2xVQkRYLlhOTWNNdnJRJDVyZ0M5NEdIRktlRVBoRmJBWERjTUpBMVk3VHg4V2xWVmgxUVIxTWViZ
  zMiXQ.Ei-PuQ.g3aLP2LRhrabMrEByMZACOjQ9YY","name":null,"username":"faraday"}}}.

Then:

T 127.0.0.1:56698 -> 127.0.0.1:5985 [AP] #32
  GET /_api/session HTTP/1.1..Host: localhost:5985..User-Agent: python-requests/2.
  18.1..Accept-Encoding: gzip, deflate..Accept: */*..Connection: keep-alive..Cooki
  e: faraday_session_2=fc5cb92409363e51_5f4dfe39.JXnOWb-sgtgelHgRguqD_ppdOr8....  
##
T 127.0.0.1:5985 -> 127.0.0.1:56698 [AP] #34
  HTTP/1.1 401 UNAUTHORIZED..Date: Tue, 01 Sep 2020 07:54:33 GMT..Content-Type: te
  xt/html..Content-Length: 338..Set-Cookie: faraday_session_2=fc5cb92409363e51_5f4
  dfe39.JXnOWb-sgtgelHgRguqD_ppdOr8; HttpOnly; Path=/; SameSite=Lax....<!DOCTYPE H
  TML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">.<title>401 Unauthorized</title>.<h1
  >Unauthorized</h1>.<p>The server could not verify that you are authorized to acc
  ess the URL requested. You either supplied the wrong credentials (e.g. a bad pas
  sword), or your browser doesn't understand how to supply the credentials require
  d.</p>.
aenima-x commented 4 years ago

I dont know what yo tell you. I just cloned the client repo and it works for me. With that user you cant login to the web?

s0i37 commented 3 years ago

Hi. I ve updated everywhere. But faraday-client and web interface have not worked yet. As usual the problem in handling /_api/session request. One remark I use Werkzeug 0.16.1 coz only this version works. BTW why faraday use authentication? It listened on localhost interface. It is full nonsence! Because of this stupid feauture I cant use it.

aenima-x commented 3 years ago

Faraday needs Werkzeug 1.0.0

s0i37 commented 3 years ago

Ok I've installed all needed libs includes Werkzeug 1.0.0 But problem still exists. In faraday_client/start_client.py:login() faraday_client/persistence/server/server.py:get_user_info() Line resp = requests.get(urlparse.urljoin(_get_base_server_url(), "/_api/session"), cookies=_conf().getFaradaySessionCookies(), timeout=1) returns 401

aenima-x commented 3 years ago

Sorry I dont know what to tell you. What I dont understand is if the problem is only with the client or you cant even login in the web?

I did the same test as you

09:26:41.084763 IP 127.0.0.1.49836 > 127.0.0.1.5985: Flags [P.], seq 1:207, ack 1, win 12759, options [nop,nop,TS val 178010151 ecr 178010151], length 206
POST /_api/login HTTP/1.1
Host: localhost:5985
User-Agent: faraday-client/1.0.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 40
Content-Type: application/json

{"email": "faraday", "password": "PASSWORD"}

09:26:42.703553 IP 127.0.0.1.5985 > 127.0.0.1.49836: Flags [P.], seq 1:530, ack 247, win 12751, options [nop,nop,TS val 178011688 ecr 178010151], length 529
HTTP/1.1 200 OK
Date: Fri, 13 Nov 2020 12:26:41 GMT
Content-Type: application/json
Content-Length: 303
Set-Cookie: faraday_session_2=e9268b7d1ed8e115_5fae7b82.HnvdbQF69p0Lnnqq-X6_ajDzLi4; HttpOnly; Path=/; SameSite=Lax

{"meta":{"code":200},"response":{"user":{"authentication_token":"WyIxIiwiJDUkcm91bmRzPTUzNTAwMCR5aXpVRVZSc3h4eHp2L1laJHZvZ2VPZ2cwS1l5ekRkTkduY3ZwWE9mZU13YmJpY3V4bm5lUUdKMnpTdDkiXQ.X657gg.Dgze9PzHhCUHZbLaQVe4VP6pykQ","email":null,"name":"faraday","role":"admin","roles":["admin"],"username":"faraday"}}}

09:26:42.709398 IP 127.0.0.1.49839 > 127.0.0.1.5985: Flags [P.], seq 1:239, ack 1, win 12759, options [nop,nop,TS val 178011693 ecr 178011693], length 238
GET /_api/session HTTP/1.1
Host: localhost:5985
User-Agent: python-requests/2.24.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: faraday_session_2=e9268b7d1ed8e115_5fae7b82.HnvdbQF69p0Lnnqq-X6_ajDzLi4

09:26:42.718244 IP 127.0.0.1.5985 > 127.0.0.1.49839: Flags [P.], seq 1:3861, ack 239, win 12751, options [nop,nop,TS val 178011700 ecr 178011693], length 3860
HTTP/1.1 200 OK
Date: Fri, 13 Nov 2020 12:26:42 GMT
Content-Type: application/json
Content-Length: 3633
Set-Cookie: faraday_session_2=e9268b7d1ed8e115_5fae7b82.HnvdbQF69p0Lnnqq-X6_ajDzLi4; HttpOnly; Path=/; SameSite=Lax

{"csrf_token":"IjA0YWRlOWE1NTBkZDQ5YWM2MWI1MjNhOTM4OTg4OGUzNTA2NGE1MDAi.X657gg.9EUMnt2KD-nA5FrJarRRkfEl-xI","email":null,"name":"faraday","permissions":{"agents":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"run":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"agents_schedules":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"bulk_create":{"bulk_create":{"allowed":true,"reason":null}},"commands":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"comments":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"credentials":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"data_analysis":{"view":{"allowed":true,"reason":null}},"executive_reports":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"hosts":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"licences":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"methodologies":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"methodology_templates":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"services":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"settings":{"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"task_templates":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"tasks":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"ticketing":{"jira":{"allowed":true,"reason":null},"servicenow":{"allowed":true,"reason":null}},"users":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"vulnerability_template":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"vulns":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"status_change":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}},"workspace_comparison":{"compare":{"allowed":true,"reason":null}},"workspaces":{"create":{"allowed":true,"reason":null},"delete":{"allowed":true,"reason":null},"update":{"allowed":true,"reason":null},"view":{"allowed":true,"reason":null}}},"preferences":{},"role":"admin","roles":["admin"],"username":"faraday"}

One question, if you go to .faraday/session do you see the session files created?

And also can you put the output of the faraday-server.log?

s0i37 commented 3 years ago

Is it normal that after authentication request to /_api/session contains Cookie faraday_session_2? I see in code that authentication procedure checks header instead of cookie: header = flask.request.headers[app.config['SECURITY_TOKEN_AUTHENTICATION_HEADER']] 'SECURITY_TOKEN_AUTHENTICATION_HEADER': 'Authorization'

s0i37 commented 3 years ago

Yes I have sessions files in ~/.faraday/session My logs/faraday-server.log after running faraday-server and one login attempt with faraday-cli:

2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - INFO {MainThread} [manager.py:152 - _load_plugins()]  Loading Native Plugins...
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - INFO {MainThread} [manager.py:203 - _load_plugins()]  73 plugins loaded
2020-11-13T18:07:48+0500 - faraday - WARNING {MainThread} [start_server.py:54 - check_postgresql()]  No workspaces found
2020-11-13T18:07:48+0500 - faraday.server.web - INFO {MainThread} [web.py:82 - __init__()]  Starting web server at http://localhost:5985/
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - INFO {MainThread} [manager.py:152 - _load_plugins()]  Loading Native Plugins...
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [acunetix]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [amap]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [appscan]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [appspider]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [arachni]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [arp_scan]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [awsprowler]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [beef]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [brutexss]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [burp]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [checkmarx]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [cobalt]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dig]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dirb]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dirsearch]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dnsenum]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dnsmap]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dnsrecon]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [dnswalk]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [faraday_csv]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [fierce]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [fortify]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [fruitywifi]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ftp]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [goohost]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [hping3]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [hydra]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [impact]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ip360]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [junit]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [lynis]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [maltego]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [medusa]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [metasploit]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ndiff]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [nessus]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [netdiscover]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [netsparker]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [netsparkercloud]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [nexpose_full]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [nikto]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [nmap]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [openvas]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [pasteanalyzer]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [peepingtom]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ping]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [propecia]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [qualysguard]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [qualyswebapp]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [rdpscan]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [reconng]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [retina]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [reverseraider]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [skipfish]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [sourceclear]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [sshdefaultscan]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [ssl_labs]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [sslyze]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [telnet]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [theharvester]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [traceroute]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [w3af]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [wapiti]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [wcscan]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [webfuzzer]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [webinspect]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [wfuzz]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [whitesource]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [whois]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [wpscan]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [x1]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [xsssniper]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - DEBUG {MainThread} [manager.py:165 - _load_plugins()]  Load Plugin [zap]
2020-11-13T18:07:48+0500 - faraday.faraday_plugins.plugins.manager - INFO {MainThread} [manager.py:203 - _load_plugins()]  73 plugins loaded
2020-11-13T18:07:48+0500 - faraday.server.threads.reports_processor - DEBUG {ReportsManager-Thread} [reports_processor.py:62 - run()]  Start Reports Manager
2020-11-13T18:07:48+0500 - faraday.server.web - INFO {MainThread} [web.py:130 - __build_websockets_resource()]  Starting websocket server at port 9000 with bind address localhost. SSL False
2020-11-13T18:07:48+0500 - faraday.server.web - INFO {MainThread} [web.py:198 - run()]  Faraday Server is ready
2020-11-13T18:07:49+0500 - faraday.server.threads.ping_home - DEBUG {PingHomeThread} [ping_home.py:25 - run()]  Ping Home
2020-11-13T18:07:59+0500 - faraday.server.app - DEBUG {PoolThread-twisted.internet.reactor-0} [app.py:264 - user_logged_in_succesfull()]  Send Faraday-Client license_check
2020-11-13T18:08:00+0500 - faraday.server.app - DEBUG {PoolThread-twisted.internet.reactor-0} [app.py:266 - user_logged_in_succesfull()]  Faraday-Client license_check response: {"license_status":"OK","update_status":"LATEST"}

2020-11-13T18:08:00+0500 - faraday.server.app - DEBUG {PoolThread-twisted.internet.reactor-0} [app.py:270 - user_logged_in_succesfull()]  Cleanup sessions
s0i37 commented 3 years ago

After login attempt I have obtained session id:

  HTTP/1.1 200 OK..Date: Fri, 13 Nov 2020 13:07:59 GMT..Content-Type: application/
  json..Content-Length: 252..Set-Cookie: faraday_session_2=a7e7adff4ff80fe_5fae853
  0.hYd3l5IaS_XbeE427cqhxOCxoBI; HttpOnly; Path=/....{"meta":{"code":200},"respons
  e":{"user":{"authentication_token":"WyIxIiwiJDUkcm91bmRzPTUzNTAwMCR5QUlrZkV5d3lN
  NEpSbVRUJHpzeExCdmczT3FoZzJ0ejlqY2diR0Iva3FISkpKNm5YR0o1aU9GS1hvUC4iXQ.EpAWsA.na
  U-dpW-9GL4m6c5xlyEuUavETY","name":null,"username":"faraday"}}}.

But to /_api/session sends another session id:

  GET /_api/session HTTP/1.1..Host: localhost:5985..User-Agent: python-requests/2.
  24.0..Accept-Encoding: gzip, deflate..Accept: */*..Connection: keep-alive..Cooki
  e: faraday_session_2=a7e7adff4ff80fe_5fae8530.hYd3l5IaS_XbeE427cqhxOCxoBI....
aenima-x commented 3 years ago

Is it normal that after authentication request to /_api/session contains Cookie faraday_session_2? I see in code that authentication procedure checks header instead of cookie: header = flask.request.headers[app.config['SECURITY_TOKEN_AUTHENTICATION_HEADER']] 'SECURITY_TOKEN_AUTHENTICATION_HEADER': 'Authorization'

Yes, we use TOKENS and SESSION auth. The Faraday-Cli (not the client) uses token for example

Once the client obtains the cookie session it checks against /_api/session. I really dont understand what is the problem.

aenima-x commented 3 years ago

After login attempt I have obtained session id:

  HTTP/1.1 200 OK..Date: Fri, 13 Nov 2020 13:07:59 GMT..Content-Type: application/
  json..Content-Length: 252..Set-Cookie: faraday_session_2=a7e7adff4ff80fe_5fae853
  0.hYd3l5IaS_XbeE427cqhxOCxoBI; HttpOnly; Path=/....{"meta":{"code":200},"respons
  e":{"user":{"authentication_token":"WyIxIiwiJDUkcm91bmRzPTUzNTAwMCR5QUlrZkV5d3lN
  NEpSbVRUJHpzeExCdmczT3FoZzJ0ejlqY2diR0Iva3FISkpKNm5YR0o1aU9GS1hvUC4iXQ.EpAWsA.na
  U-dpW-9GL4m6c5xlyEuUavETY","name":null,"username":"faraday"}}}.

But to /_api/session sends another session id:

  GET /_api/session HTTP/1.1..Host: localhost:5985..User-Agent: python-requests/2.
  24.0..Accept-Encoding: gzip, deflate..Accept: */*..Connection: keep-alive..Cooki
  e: faraday_session_2=a7e7adff4ff80fe_5fae8530.hYd3l5IaS_XbeE427cqhxOCxoBI....

No, the session cookie is the same "a7e7adff4ff80fe_5fae8530.hYd3l5IaS_XbeE427cqhxOCxoBI"

Dont get confused with the "authentication_token"

aenima-x commented 3 years ago

One thing you didn't answer...you have this problem only with the client or with the web too?

s0i37 commented 3 years ago

Yes. I cant login with faraday-client and http://localhost:5985/ too. Both send the similar http-requests.

s0i37 commented 3 years ago

Solved. Actualy it is not a solve but anyway. I removed all the files related with faraday. I installed faraday server with pip3 as: sudo pip3 install faradaysec After installing I can login with web interface. Next I install faraday client from github repo:

git clone https://github.com/infobyte/faraday-client
sudo python3 setup.py install

Client part works too. It seems that problem was in server component.