How can I make Arachni test AJAX "unforms"?
Created by: sitsofe
I've found that Arachni seems to skip over AJAX submitted (un)forms when doing a normal scan. Here's an example:
<?
if ($_POST['choice'] == "XSS") {
echo $_POST['XSS']; # XSS Time!
} else {
?>
<!DOCTYPE html>
<html>
<head>
<title>Arachni AJAX unform test</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
</head>
<body>
<script type="text/javascript">
function submit() {
var XHR = new XMLHttpRequest();
var data = {choice:'XSS', XSS:document.getElementById("XSS").value};
var FD = new FormData();
for(name in data) {
FD.append(name, data[name]);
}
XHR.addEventListener('load', function(event) {
document.getElementById("xhrresponse").innerHTML = XHR.responseText;
});
XHR.open('POST', 'unform.php');
XHR.send(FD);
}
</script>
<input id="XSS" value="<span style='color:red'>XSS Time!</span>">
<input type="submit" value="XSS" onclick="submit()">
<div id="xhrresponse"></div>
</body>
</html>
<?
}
?>Is using Arachni's proxy the only way to get to such "unforms"?