arachni icon indicating copy to clipboard operation
arachni copied to clipboard

Published 20 hours ago verified publisher icon Arachni

Arachni does not maintain session across scan

Open rkhal101 opened this issue 6 years ago • 0 comments

I'm running arachni version 1.5.1-0.5.12 on the WIVET application using the following script:

./arachni http://192.168.0.18:8090/ \
--scope-include-pattern 'http://192.168.0.18:8090/' \
--scope-exclude-pattern 'http://192.168.0.18:8090/offscanpages.*' \
--scope-exclude-pattern 'http://192.168.0.18:8090/logout.php' \
--scope-exclude-pattern 'http://192.168.0.18:8090/pages/100.php' \
--http-cookie-string="PHPSESSID=77d4ad6bbe505bba989152390e4e9e25"

As can be seen I remove all the logout links (so that the session is not destroyed) and add a cookie string which according to this link forces Arachni to maintain a single session. However, it seems the script opens multiple sessions during the scan. screen shot 2018-06-04 at 5 23 57 am

rkhal101 avatar Jun 04 '18 09:06 rkhal101