Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skipfish will not log in to crawl destination but fails without good error #188

Open
GoogleCodeExporter opened this issue Jul 10, 2015 · 12 comments
Open

Skipfish will not log in to crawl destination but fails without good error #188

GoogleCodeExporter opened this issue Jul 10, 2015 · 12 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

Using V 2.10b on Ubuntu 12.04 64 bit

the following command fails

cd /home/stew/skipfish-2.10b
./skipfish   -u -v   --config ../skipfish.conf   -o 
/var/www/scan/clients/peer1/loggedin    -S 
/home/stew/skipfish-2.10b/dictionaries/minimal-peer1.wl   
https://us.peer1.fullfatthings.com/portal


 cat ../skipfish.conf
auth-form=https://us.peer1.fullfatthings.com/user
auth-user=fftlivedemo
auth-pass=xxxxxx
auth-verify-url=https://us.peer1.fullfatthings.com/portal/account/users
auth-user-field=name
auth-pass-field=pass
#auth-form-target=https://us.peer1.fullfatthings.com/user

The https://us.peer1.fullfatthings.com/ URL is protected via Basic Auth 
externally but to the server that skipfish is running on a basic Curl returns 
200 and OK

curl -Ik https://us.peer1.fullfatthings.com/user
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2013 09:19:11 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=10
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.24-1~dotdeb.0
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 07 May 2013 09:19:11 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1367918351"
Content-Location: https://us.peer1.fullfatthings.com/user
Content-Language: en
X-UA-Compatible: IE=edge,chrome=1
Link: <https://us.peer.fullfatthings.com/user>; 
rel="shortlink",<https://us.peer.fullfatthings.com/user>; rel="canonical"

The actual error message that we get back is:

./skipfish   -u -v   --config ../skipfish.conf   -o 
/var/www/scan/clients/peer1/loggedin    -S 
/home/stew/skipfish-2.10b/dictionaries/minimal-peer1.wl   
https://us.peer1.fullfatthings.com/portal
skipfish web application scanner - version 2.10b
*- Authentication starts
*-- Could not login. Please check the URL and form fields
[-] PROGRAM ABORT : Authentication failed (use -uv for more info)

    Stop location : main(), src/skipfish.c:714

Original issue reported on code.google.com by [email protected] on 7 May 2013 at 9:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter