I noticed that intial requests sent by the acstis do not obey the proxy settings mentioned in the extended.py file.
In order to demonstrate this I set my system proxy to Fiddler (localhost:8888) and entered the proxy settings in extended.py to Burpsuite (localhost:8080)
At this point before the first request is being sent to Burp the following requests are going via Fiddler (That shows that the acstis scanner is ignoring the proxy settings and using the system proxy settings).
Now in case if certain web-apps (Read: Client Apps) are only accessible through a certain proxy (eg. Client Proxy) and if its not possible to set this proxy as the system proxy. Then despite setting the proxy (Client Proxy) in extended.py we get the below error.
/$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$$$ /$$$$$$ /$$$$$$
/$$__ $$ /$$__ $$ /$$__ $$|__ $$__/|_ $$_/ /$$__ $$
| $$ \ $$| $$ \__/| $$ \__/ | $$ | $$ | $$ \__/
| $$$$$$$$| $$ | $$$$$$ | $$ | $$ | $$$$$$
| $$__ $$| $$ \____ $$ | $$ | $$ \____ $$
| $$ | $$| $$ $$ /$$ \ $$ | $$ | $$ /$$ \ $$
| $$ | $$| $$$$$$/| $$$$$$/ | $$ /$$$$$$| $$$$$$/
|__/ |__/ \______/ \______/ |__/ |______/ \______/
Version 3.0.1 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>
[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[ERROR] Couldn't determine the AngularJS version (`angular.version.full` threw an exception).
[ERROR] If you are certain this URL uses AngularJS, specify the version via the `--angular-version` argument.
This error occurs as ACSTIS sends the intial requests to the target site via the system proxy and since the target site is not reachable it results in an error.
I noticed that intial requests sent by the acstis do not obey the proxy settings mentioned in the extended.py file.
In order to demonstrate this I set my system proxy to Fiddler (localhost:8888) and entered the proxy settings in extended.py to Burpsuite (localhost:8080)
On running acstis with proper Burp certificates I get the following output
At this point before the first request is being sent to Burp the following requests are going via Fiddler (That shows that the acstis scanner is ignoring the proxy settings and using the system proxy settings).
Now in case if certain web-apps (Read: Client Apps) are only accessible through a certain proxy (eg. Client Proxy) and if its not possible to set this proxy as the system proxy. Then despite setting the proxy (Client Proxy) in extended.py we get the below error.
This error occurs as ACSTIS sends the intial requests to the target site via the system proxy and since the target site is not reachable it results in an error.