RubyGems - arachni - Versions diffs - 1.3.2 → 1.4 - Mend

arachni 1.3.2 → 1.4

Files changed (727) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +108 -0
data/Gemfile +2 -6
data/LICENSE.md +1 -1
data/README.md +34 -16
data/Rakefile +1 -1
data/arachni.gemspec +28 -20
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_rest_server +13 -0
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +8 -10
data/components/checks/active/code_injection_php_input_wrapper.rb +5 -6
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +1 -1
data/components/checks/active/file_inclusion.rb +20 -26
data/components/checks/active/ldap_injection.rb +4 -5
data/components/checks/active/no_sql_injection.rb +11 -20
data/components/checks/active/no_sql_injection/substrings/mongodb +1 -0
data/components/checks/active/no_sql_injection_differential.rb +3 -4
data/components/checks/active/os_cmd_injection.rb +5 -9
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +4 -17
data/components/checks/active/response_splitting.rb +8 -2
data/components/checks/active/rfi.rb +4 -5
data/components/checks/active/session_fixation.rb +9 -3
data/components/checks/active/source_code_disclosure.rb +5 -20
data/components/checks/active/sql_injection.rb +30 -18
data/components/checks/active/sql_injection/{regexp_ignore.txt → ignore_substrings} +0 -0
data/components/checks/active/sql_injection/regexps/db2.yaml +2 -0
data/components/checks/active/sql_injection/regexps/frontbase.yaml +1 -0
data/components/checks/active/sql_injection/regexps/informix.yaml +1 -0
data/components/checks/active/sql_injection/regexps/ingres.yaml +2 -0
data/components/checks/active/sql_injection/regexps/maxdb.yaml +2 -0
data/components/checks/active/sql_injection/regexps/mssql.yaml +8 -0
data/components/checks/active/sql_injection/regexps/mysql.yaml +4 -0
data/components/checks/active/sql_injection/regexps/oracle.yaml +4 -0
data/components/checks/active/sql_injection/regexps/pgsql.yaml +3 -0
data/components/checks/active/sql_injection/regexps/sqlite.yaml +2 -0
data/components/checks/active/sql_injection/regexps/sybase.yaml +2 -0
data/components/checks/active/sql_injection/substrings/access +3 -0
data/components/checks/active/sql_injection/substrings/db2 +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/emc +1 -1
data/components/checks/active/sql_injection/{patterns → substrings}/firebird +0 -1
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/informix +1 -2
data/components/checks/active/sql_injection/substrings/ingres +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/interbase +0 -0
data/components/checks/active/sql_injection/substrings/mssql +17 -0
data/components/checks/active/sql_injection/{patterns → substrings}/mysql +3 -6
data/components/checks/active/sql_injection/substrings/oracle +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/pgsql +3 -6
data/components/checks/active/sql_injection/substrings/sqlite +3 -0
data/components/checks/active/sql_injection/substrings/sybase +1 -0
data/components/checks/active/sql_injection_differential.rb +5 -7
data/components/checks/active/sql_injection_differential/payloads.txt +1 -1
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +5 -4
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +3 -4
data/components/checks/active/xss.rb +33 -12
data/components/checks/active/xss_dom.rb +7 -4
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +43 -20
data/components/checks/active/xss_path.rb +5 -4
data/components/checks/active/xss_script_context.rb +41 -11
data/components/checks/active/xss_tag.rb +14 -15
data/components/checks/active/xxe.rb +5 -16
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +4 -2
data/components/checks/passive/backup_directories.rb +4 -2
data/components/checks/passive/backup_files.rb +4 -2
data/components/checks/passive/common_admin_interfaces.rb +4 -3
data/components/checks/passive/common_directories.rb +3 -1
data/components/checks/passive/common_files.rb +3 -1
data/components/checks/passive/directory_listing.rb +4 -4
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +5 -7
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +135 -8
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +4 -3
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +6 -3
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -3
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +3 -3
data/components/path_extractors/scripts.rb +1 -1
data/components/plugins/autologin.rb +16 -24
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +1 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +10 -9
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +3 -5
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +47 -22
data/components/plugins/metrics.rb +1 -1
data/components/plugins/proxy.rb +69 -44
data/components/plugins/proxy/panel/help.html.erb +1 -18
data/components/plugins/proxy/panel/inspect.html.erb +4 -3
data/components/plugins/proxy/panel/page_accordion.html.erb +78 -43
data/components/plugins/proxy/panel/panel.html.erb +2 -7
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +3 -15
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +3 -11
data/components/plugins/waf_detector.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html.rb +2 -2
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +1 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml.rb +29 -4
data/components/reporters/yaml.rb +1 -1
data/lib/arachni.rb +48 -3
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser.rb +601 -358
data/lib/arachni/browser/element_locator.rb +25 -6
data/lib/arachni/browser/javascript.rb +103 -35
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +28 -16
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +138 -67
data/lib/arachni/browser/javascript/scripts/polyfills.js +28 -0
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +27 -6
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser_cluster.rb +10 -14
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/{resource_exploration.rb → dom_exploration.rb} +5 -5
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger.rb +7 -4
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result.rb +3 -3
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -3
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +12 -40
data/lib/arachni/check.rb +1 -1
data/lib/arachni/check/auditor.rb +15 -1
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/component/base.rb +5 -5
data/lib/arachni/component/manager.rb +39 -13
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/data/framework.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +1 -1
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/element/base.rb +19 -5
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +15 -5
data/lib/arachni/element/capabilities/analyzable/signature.rb +147 -89
data/lib/arachni/element/capabilities/analyzable/timeout.rb +43 -16
data/lib/arachni/element/capabilities/auditable.rb +20 -15
data/lib/arachni/element/capabilities/dom_only.rb +5 -4
data/lib/arachni/element/capabilities/inputtable.rb +62 -12
data/lib/arachni/element/capabilities/mutable.rb +74 -13
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +5 -2
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +5 -5
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +2 -2
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +4 -4
data/lib/arachni/element/cookie.rb +57 -34
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +10 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/dom.rb +1 -15
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +29 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +11 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +2 -2
data/lib/arachni/element/form.rb +33 -14
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +18 -17
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +2 -1
data/lib/arachni/element/form/dom.rb +3 -2
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header.rb +16 -4
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +11 -1
data/lib/arachni/element/json.rb +2 -2
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +8 -2
data/lib/arachni/element/link.rb +14 -7
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +8 -1
data/lib/arachni/element/link/dom.rb +2 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template.rb +8 -3
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +3 -3
data/lib/arachni/element/ui_form.rb +24 -21
data/lib/arachni/element/ui_form/dom.rb +12 -3
data/lib/arachni/element/ui_input.rb +17 -11
data/lib/arachni/element/{input → ui_input}/dom.rb +11 -2
data/lib/arachni/element/xml.rb +3 -3
data/lib/arachni/element/xml/capabilities/inputtable.rb +7 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +7 -13
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework.rb +2 -5
data/lib/arachni/framework/parts/audit.rb +8 -2
data/lib/arachni/framework/parts/browser.rb +8 -9
data/lib/arachni/framework/parts/check.rb +2 -6
data/lib/arachni/framework/parts/data.rb +23 -8
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +2 -8
data/lib/arachni/framework/parts/report.rb +3 -9
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +8 -8
data/lib/arachni/http.rb +1 -1
data/lib/arachni/http/client.rb +72 -68
data/lib/arachni/http/client/dynamic_404_handler.rb +85 -60
data/lib/arachni/http/cookie_jar.rb +48 -27
data/lib/arachni/http/headers.rb +4 -3
data/lib/arachni/http/message.rb +17 -3
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/proxy_server.rb +46 -344
data/lib/arachni/http/proxy_server/connection.rb +316 -0
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +102 -0
data/lib/arachni/http/proxy_server/tunnel.rb +54 -0
data/lib/arachni/http/request.rb +126 -29
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/response.rb +42 -12
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/issue.rb +2 -2
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/option_groups/audit.rb +20 -4
data/lib/arachni/option_groups/browser_cluster.rb +8 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +2 -2
data/lib/arachni/option_groups/input.rb +6 -3
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +10 -3
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +35 -6
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/options.rb +1 -1
data/lib/arachni/page.rb +26 -12
data/lib/arachni/page/dom.rb +29 -22
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/parser.rb +42 -5
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +7 -13
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +2 -2
data/lib/arachni/processes/executables/base.rb +45 -4
data/lib/arachni/processes/executables/browser.rb +91 -0
data/lib/arachni/processes/executables/rest_service.rb +14 -0
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +5 -5
data/lib/arachni/processes/manager.rb +68 -9
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +4 -2
data/lib/arachni/reporter/manager.rb +3 -2
data/lib/arachni/reporter/options.rb +1 -1
data/lib/arachni/rest/server.rb +231 -0
data/lib/arachni/rest/server/instance_helpers.rb +37 -0
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +20 -3
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +4 -4
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +3 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -3
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby.rb +1 -2
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +15 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +23 -4
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/{watir → selenium/webdriver}/element.rb +12 -13
data/lib/arachni/session.rb +19 -4
data/lib/arachni/snapshot.rb +9 -5
data/lib/arachni/state.rb +1 -1
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/support.rb +2 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +20 -8
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +8 -9
data/lib/arachni/support/cache/preference.rb +7 -20
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +2 -2
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/glob.rb +35 -0
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/profiler.rb +12 -10
data/lib/arachni/support/signature.rb +12 -5
data/lib/arachni/trainer.rb +18 -4
data/lib/arachni/ui/foo/output.rb +17 -1
data/lib/arachni/uri.rb +285 -203
data/lib/arachni/uri/scope.rb +13 -2
data/lib/arachni/utilities.rb +22 -5
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -14
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +34 -304
data/spec/arachni/browser/javascript/polyfills_spec.rb +35 -0
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +24 -4
data/spec/arachni/browser/javascript_spec.rb +92 -65
data/spec/arachni/browser_cluster/job_spec.rb +3 -3
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger_spec.rb +4 -4
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration_spec.rb → dom_exploration_spec.rb} +4 -4
data/spec/arachni/browser_cluster/jobs/taint_tracer_spec.rb +9 -9
data/spec/arachni/browser_cluster/worker_spec.rb +46 -67
data/spec/arachni/browser_cluster_spec.rb +19 -17
data/spec/arachni/browser_spec.rb +506 -183
data/spec/arachni/check/auditor_spec.rb +70 -25
data/spec/arachni/component/manager_spec.rb +19 -20
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/data/issues_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +44 -0
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +33 -162
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +4 -4
data/spec/arachni/element/cookie_spec.rb +98 -49
data/spec/arachni/element/form/dom_spec.rb +1 -22
data/spec/arachni/element/form_spec.rb +7 -7
data/spec/arachni/element/header_spec.rb +2 -2
data/spec/arachni/element/json_spec.rb +2 -2
data/spec/arachni/element/link/dom_spec.rb +1 -22
data/spec/arachni/element/link_spec.rb +17 -1
data/spec/arachni/element/link_template/dom_spec.rb +1 -22
data/spec/arachni/element/link_template_spec.rb +3 -3
data/spec/arachni/element/ui_form/{ui_form_dom_spec.rb → dom_spec.rb} +72 -22
data/spec/arachni/element/ui_form_spec.rb +1 -0
data/spec/arachni/element/ui_input/dom_spec.rb +64 -22
data/spec/arachni/element/ui_input_spec.rb +1 -0
data/spec/arachni/element/xml_spec.rb +1 -0
data/spec/arachni/framework/parts/audit_spec.rb +7 -5
data/spec/arachni/framework/parts/browser_spec.rb +8 -8
data/spec/arachni/framework/parts/check_spec.rb +1 -1
data/spec/arachni/framework/parts/data_spec.rb +4 -4
data/spec/arachni/framework/parts/scope_spec.rb +2 -2
data/spec/arachni/framework_spec.rb +1 -1
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +26 -13
data/spec/arachni/http/client_spec.rb +80 -45
data/spec/arachni/http/cookie_jar_spec.rb +6 -6
data/spec/arachni/http/proxy_server_spec.rb +69 -66
data/spec/arachni/http/request_spec.rb +147 -23
data/spec/arachni/http/response/scope_spec.rb +12 -12
data/spec/arachni/http/response_spec.rb +62 -4
data/spec/arachni/issue_spec.rb +6 -6
data/spec/arachni/option_groups/audit_spec.rb +25 -8
data/spec/arachni/option_groups/browser_cluster_spec.rb +27 -1
data/spec/arachni/option_groups/dispatcher_spec.rb +3 -3
data/spec/arachni/option_groups/input_spec.rb +9 -9
data/spec/arachni/option_groups/paths_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +32 -16
data/spec/arachni/options_spec.rb +4 -4
data/spec/arachni/page/dom/transition_spec.rb +17 -10
data/spec/arachni/page/dom_spec.rb +19 -0
data/spec/arachni/page/scope_spec.rb +4 -4
data/spec/arachni/page_spec.rb +15 -15
data/spec/arachni/platform/manager_spec.rb +2 -2
data/spec/arachni/plugin/base_spec.rb +1 -0
data/spec/arachni/reporter/base_spec.rb +2 -2
data/spec/arachni/reporter/manager_spec.rb +2 -2
data/spec/arachni/rest/server_spec.rb +495 -0
data/spec/arachni/rpc/server/active_options_spec.rb +63 -12
data/spec/arachni/rpc/server/base_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +2 -2
data/spec/arachni/rpc/server/framework_multi_spec.rb +6 -6
data/spec/arachni/rpc/server/framework_spec.rb +4 -4
data/spec/arachni/rpc/server/instance_spec.rb +24 -24
data/spec/arachni/ruby/array_spec.rb +2 -2
data/spec/arachni/ruby/string_spec.rb +52 -0
data/spec/arachni/session_spec.rb +19 -2
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/audit_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/cache/least_recently_used_spec.rb +0 -2
data/spec/arachni/support/glob_spec.rb +75 -0
data/spec/arachni/support/lookup/hash_set_spec.rb +1 -1
data/spec/arachni/support/lookup/moolb_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +4 -4
data/spec/arachni/trainer_spec.rb +48 -4
data/spec/arachni/uri/scope_spec.rb +54 -10
data/spec/arachni/uri_spec.rb +110 -89
data/spec/arachni/utilities_spec.rb +8 -8
data/spec/components/checks/active/code_injection_spec.rb +9 -9
data/spec/components/checks/active/file_inclusion_spec.rb +20 -20
data/spec/components/checks/active/ldap_injection_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/os_cmd_injection_spec.rb +3 -3
data/spec/components/checks/active/path_traversal_spec.rb +11 -11
data/spec/components/checks/active/response_splitting_spec.rb +2 -2
data/spec/components/checks/active/rfi_spec.rb +3 -3
data/spec/components/checks/active/session_fixation_spec.rb +1 -1
data/spec/components/checks/active/source_code_disclosure_spec.rb +4 -4
data/spec/components/checks/active/sql_injection_spec.rb +58 -59
data/spec/components/checks/active/unvalidated_redirect_spec.rb +2 -2
data/spec/components/checks/active/xpath_injection_spec.rb +3 -3
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_spec.rb +1 -1
data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/grep/credit_card_spec.rb +1 -1
data/spec/components/checks/passive/grep/emails_spec.rb +12 -2
data/spec/components/checks/passive/grep/ssn_spec.rb +1 -1
data/spec/components/path_extractors/meta_refresh_spec.rb +3 -1
data/spec/components/plugins/exec_spec.rb +2 -2
data/spec/components/plugins/login_script_spec.rb +22 -2
data/spec/components/plugins/vector_feed_spec.rb +3 -3
data/spec/spec_helper.rb +10 -4
data/spec/support/factories/browser_cluster/job.rb +1 -0
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +1 -1
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/request_helpers.rb +38 -0
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +2 -2
data/spec/support/servers/arachni/browser.rb +182 -15
data/spec/support/servers/arachni/browser/javascript/angular-1.2.8.js +1 -1
data/spec/support/servers/arachni/browser/javascript/angular-route.js +1 -1
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +27 -4
data/spec/support/servers/arachni/element/capabilities/analyzable/differential.rb +103 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/timeout.rb +5 -2
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +46 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +7 -1
data/spec/support/servers/checks/active/code_injection.rb +5 -5
data/spec/support/servers/checks/active/no_sql_injection.rb +0 -6
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/sql_injection.rb +5 -2
data/spec/support/servers/checks/active/sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/trainer_check.rb +6 -6
data/spec/support/servers/checks/passive/backdoors.rb +1 -0
data/spec/support/servers/checks/passive/backup_directories.rb +2 -0
data/spec/support/servers/checks/passive/backup_files.rb +2 -0
data/spec/support/servers/checks/passive/grep/emails.rb +6 -6
data/spec/support/shared/check.rb +28 -0
data/spec/support/shared/element/capabilities/auditable.rb +76 -13
data/spec/support/shared/element/capabilities/dom_only.rb +5 -6
data/spec/support/shared/element/capabilities/inputtable.rb +74 -4
data/spec/support/shared/element/capabilities/mutable.rb +86 -14
data/spec/support/shared/element/capabilities/submittable.rb +12 -0
data/spec/support/shared/element/capabilities/with_dom.rb +13 -4
data/spec/support/shared/element/capabilities/with_node.rb +1 -1
data/spec/support/shared/element/capabilities/with_source.rb +1 -6
data/spec/support/shared/element/dom/locatable.rb +20 -0
data/spec/support/shared/element/dom/submittable.rb +4 -17
data/spec/support/shared/http/message.rb +37 -5
data/spec/support/shared/support/cache.rb +5 -4
data/ui/cli/framework.rb +4 -3
data/ui/cli/framework/option_parser.rb +20 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +40 -4
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reporter/option_parser.rb +4 -4
data/ui/cli/rest/server.rb +43 -0
data/ui/cli/rest/server/option_parser.rb +115 -0
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/instance.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +197 -84
data/components/checks/active/no_sql_injection/patterns/mongodb +0 -1
data/components/checks/active/no_sql_injection/regexp_ignore.txt +0 -0
data/components/checks/active/sql_injection/patterns/access +0 -3
data/components/checks/active/sql_injection/patterns/db2 +0 -5
data/components/checks/active/sql_injection/patterns/frontbase +0 -1
data/components/checks/active/sql_injection/patterns/hsqldb +0 -1
data/components/checks/active/sql_injection/patterns/ingres +0 -3
data/components/checks/active/sql_injection/patterns/maxdb +0 -2
data/components/checks/active/sql_injection/patterns/mssql +0 -25
data/components/checks/active/sql_injection/patterns/oracle +0 -6
data/components/checks/active/sql_injection/patterns/sqlite +0 -5
data/components/checks/active/sql_injection/patterns/sybase +0 -3
data/lib/arachni/ruby/io.rb +0 -39
data/lib/arachni/selenium/webdriver/remote/http/typhoeus.rb +0 -63
data/spec/arachni/ruby/io_spec.rb +0 -26

data/components/reporters/plugin_formatters/xml/http_dicattack.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/plugin_formatters/xml/login_script.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/plugin_formatters/xml/metrics.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/plugin_formatters/xml/uncommon_headers.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/plugin_formatters/xml/uniformity.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/plugin_formatters/xml/vector_collector.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/plugin_formatters/xml/waf_detector.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/stdout.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/txt.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/reporters/xml.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -11,7 +11,6 @@ require 'nokogiri'
 # Creates an XML report of the audit.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.3.4
 class Arachni::Reporters::XML < Arachni::Reporter::Base
     LOCAL_SCHEMA  = File.dirname( __FILE__ ) + '/xml/schema.xsd'
@@ -136,11 +135,37 @@ class Arachni::Reporters::XML < Arachni::Reporter::Base
         has_errors = false
         xsd.validate( Nokogiri::XML( xml ) ).each do |error|
             puts error.message
-            ap error
+            puts " -- Line #{error.line}, column #{error.column}, level #{error.level}."
+            puts '-' * 100
+            justify = (error.line+10).to_s.size
+            lines = xml.lines
+            ((error.line-10)..(error.line+10)).each do |i|
+                line = lines[i]
+                next if i < 0 || !line
+                i = i + 1
+                printf( "%#{justify}s | %s", i, line )
+                if i == error.line
+                    printf( "%#{justify}s |", i )
+                    line.size.times.each do |c|
+                        print error.column == c ? '^' : '-'
+                    end
+                    puts
+                end
+            end
+            puts '-' * 100
+            puts
             has_errors = true
         end
-        fail 'XML report could not be validated against the XSD.' if has_errors
+        if has_errors
+            print_error 'Report could not be validated against the XSD due to the above errors.'
+            return
+        end
         IO.binwrite( outfile, xml )
         print_status "Saved in '#{outfile}'."

data/components/reporters/yaml.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -8,8 +8,9 @@
 require 'rubygems'
 require 'bundler/setup'
-require 'oj_mimic_json'
+require 'concurrent'
+require 'pp'
+require 'ap'
 def ap( obj )
     super obj, raw: true
@@ -19,6 +20,20 @@ module Arachni
     class <<self
+        # Runs a minor GC to collect young, short-lived objects.
+        #
+        # Generally called after analysis operations that generate a lot of
+        # new temporary objects.
+        def collect_young_objects
+            GC.start( full_mark: false )
+        end
+        def tmpdir
+            # On MS Windows Dir.tmpdir can return the path with a shortname,
+            # better avoid that as it can be insonsistent with other paths.
+            get_long_win32_filename( Dir.tmpdir )
+        end
         def null_device
             Gem.win_platform? ? 'NUL' : '/dev/null'
         end
@@ -39,10 +54,40 @@ module Arachni
             !!ENV['ARACHNI_PROFILER']
         end
+        if Arachni.windows?
+            require 'find'
+            require 'fileutils'
+            require 'Win32API'
+            require 'win32ole'
+            def get_long_win32_filename( short_name )
+                short_name = short_name.dup
+                max_path   = 1024
+                long_name  = ' ' * max_path
+                lfn_size = Win32API.new(
+                    "kernel32",
+                    "GetLongPathName",
+                    ['P','P','L'],
+                    'L'
+                ).call( short_name, long_name, max_path )
+                (1..max_path).include?( lfn_size ) ?
+                    long_name[0..lfn_size-1] : short_name
+            end
+        else
+            def get_long_win32_filename( short_name )
+                short_name
+            end
+        end
     end
 end
+if !Arachni.jruby?
+    require 'oj_mimic_json'
+end
 require_relative 'arachni/version'
 require_relative 'arachni/banner'

data/lib/arachni/banner.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -8,8 +8,7 @@
 require 'childprocess'
 require 'watir-webdriver'
-require_relative 'watir/element'
-require_relative 'selenium/webdriver/remote/http/typhoeus'
+require_relative 'selenium/webdriver/element'
 require_relative 'processes/manager'
 require_relative 'browser/element_locator'
 require_relative 'browser/javascript'
@@ -70,9 +69,14 @@ class Browser
     # Let the browser take as long as it needs to complete an operation.
     WATIR_COM_TIMEOUT = 3600 # 1 hour.
-    ASSET_EXTENSIONS = Set.new(
-        ['css', 'js', 'jpg', 'jpeg', 'png', 'gif', 'woff', 'json']
-    )
+    ASSET_EXTENSIONS = Set.new(%w( css js jpg jpeg png gif json ))
+    INPUT_EVENTS          = Set.new([
+        :change, :blur, :focus, :select, :keyup, :keypress, :keydown, :input
+    ])
+    INPUT_EVENTS_TO_FORCE = Set.new([
+        :focus, :change, :blur, :select
+    ])
     ASSET_EXTRACTORS = [
         /<\s*link.*?href=['"](.*?)['"].*?>/im,
@@ -92,6 +96,10 @@ class Browser
     #   Watir driver interface.
     attr_reader :watir
+    # @return   [Selenium::WebDriver]
+    #   Selenium driver interface.
+    attr_reader :selenium
     # @return   [Array<Page>]
     #   Same as {#page_snapshots} but it doesn't deduplicate and only contains
     #   pages with sink ({Page::DOM#data_flow_sinks} or {Page::DOM#execution_flow_sinks})
@@ -114,36 +122,44 @@ class Browser
     attr_reader :skip_states
     # @return   [Integer]
-    attr_reader :pid
+    #   PID of the lifeline process managing the browser process.
+    attr_reader :lifeline_pid
+    # @return   [Integer]
+    #   PID of the browser process.
+    attr_reader :browser_pid
     attr_reader :last_url
-    attr_reader :last_dom_url
+    class <<self
-    # @return   [Bool]
-    #   `true` if a supported browser is in the OS PATH, `false` otherwise.
-    def self.has_executable?
-        !!executable
-    end
+        # @return   [Bool]
+        #   `true` if a supported browser is in the OS PATH, `false` otherwise.
+        def has_executable?
+            !!executable
+        end
-    # @return   [String]
-    #   Path to the PhantomJS executable.
-    def self.executable
-        Selenium::WebDriver::PhantomJS.path
-    end
+        # @return   [String]
+        #   Path to the PhantomJS executable.
+        def executable
+            Selenium::WebDriver::PhantomJS.path
+        end
-    def self.asset_domains
-        @asset_domains ||= Set.new
-    end
-    asset_domains
+        def asset_domains
+            @asset_domains ||= Set.new
+        end
-    def self.add_asset_domain( url )
-        return if url.to_s.empty?
-        return if !(curl = Arachni::URI( url ))
-        return if !(domain = curl.domain)
+        def add_asset_domain( url )
+            return if url.to_s.empty?
+            return if !(curl = Arachni::URI( url ))
+            return if !(domain = curl.domain)
+            asset_domains << domain
+            domain
+        end
-        asset_domains << domain
     end
+    asset_domains
     # @param    [Hash]  options
     # @option options   [Integer]    :concurrency
@@ -167,10 +183,10 @@ class Browser
             concurrency:      @options[:concurrency],
             address:          '127.0.0.1',
             request_handler:  proc do |request, response|
-                synchronize { exception_jail { request_handler( request, response ) } }
+                exception_jail { request_handler( request, response ) }
             end,
             response_handler: proc do |request, response|
-                synchronize { exception_jail { response_handler( request, response ) } }
+                exception_jail { response_handler( request, response ) }
             end
         )
@@ -200,6 +216,8 @@ class Browser
         # Captures HTTP::Response objects per URL for open windows.
         @window_responses = {}
+        @elements_with_events = {}
         # Keeps track of resources which should be skipped -- like already fired
         # events and clicked links etc.
         @skip_states = Support::LookUp::HashSet.new( hasher: :persistent_hash )
@@ -212,12 +230,11 @@ class Browser
         @last_url = nil
         @javascript = Javascript.new( self )
-        ensure_open_window
     end
     def clear_buffers
         synchronize do
+            @elements_with_events.clear
             @preloads.clear
             @cache.clear
             @captured_pages.clear
@@ -235,14 +252,13 @@ class Browser
         end.join
     end
-    # @param    [String, HTTP::Response, Page]  resource
+    # @param    [String, HTTP::Response, Page, Page:::DOM]  resource
     #   Loads the given resource in the browser. If it is a string it will be
     #   treated like a URL.
     #
     # @return   [Browser]
     #   `self`
     def load( resource, options = {} )
-        @last_dom_url = nil
         case resource
             when String
@@ -254,13 +270,14 @@ class Browser
             when Page
                 HTTP::Client.update_cookies resource.cookie_jar
-                @transitions = resource.dom.transitions.dup
-                update_skip_states resource.dom.skip_states
+                load resource.dom
-                @last_dom_url = resource.dom.url
+            when Page::DOM
+                @transitions = resource.transitions.dup
+                update_skip_states resource.skip_states
                 @add_request_transitions = false if @transitions.any?
-                resource.dom.restore self
+                resource.restore self
                 @add_request_transitions = true
             else
@@ -350,22 +367,22 @@ class Browser
             url:     url,
             cookies: extra_cookies
         ) do
-            print_debug_level_2 "Loading: #{url}"
-            watir.goto url
-            print_debug_level_2 'Done'
+            print_debug_level_2 "Loading #{url} ..."
+            @selenium.navigate.to url
+            print_debug_level_2 '...done.'
             wait_till_ready
-            url = watir.url
             Options.browser_cluster.css_to_wait_for( url ).each do |css|
                 print_info "Waiting for #{css.inspect} to appear for: #{url}"
                 begin
-                    watir.element( css: css ).
-                        wait_until_present( Options.browser_cluster.job_timeout )
+                    Selenium::WebDriver::Wait.new(
+                        timeout: Options.browser_cluster.job_timeout
+                    ).until { @selenium.find_element( :css, css ) }
                     print_info "#{css.inspect} appeared for: #{url}"
-                rescue Watir::Wait::TimeoutError
+                rescue Selenium::WebDriver::Error::TimeOutError
                     print_bad "#{css.inspect} did not appeared for: #{url}"
                 end
@@ -380,7 +397,7 @@ class Browser
         @add_request_transitions = pre_add_request_transitions
-        HTTP::Client.update_cookies cookies
+        update_cookies
         # Capture the page at its initial state.
         capture_snapshot if take_snapshot
@@ -391,32 +408,35 @@ class Browser
     def wait_till_ready
         print_debug_level_2 'Waiting for custom JS...'
         @javascript.wait_till_ready
-        print_debug_level_2 'Done'
+        print_debug_level_2 '...done.'
-        print_debug_level_2 "Waiting for #{@proxy.active_connections} connections to close.."
-        wait_for_pending_requests
-        print_debug_level_2 'Done'
-        print_debug_level_2 'Waiting for timers...'
         wait_for_timers
-        print_debug_level_2 'Done'
+        wait_for_pending_requests
     end
     def shutdown
         begin
-            watir.close if browser_alive?
-        rescue Selenium::WebDriver::Error::WebDriverError,
-            Watir::Exception::Error
+            watir.close if alive?
+        # Bucnh of dirrent errors can be raised here, Selenium, HTTP client,
+        # don't try to catch them by type because we'll probably miss some.
+        rescue
         end
         kill_process
-        @proxy.shutdown
+        @proxy.shutdown rescue Reactor::Error::NotRunning
     end
     # @return   [String]
-    #   Current URL.
+    #   Current URL, noralized via #{Arachni::URI.}
     def url
-        normalize_url watir.url
+        normalize_url dom_url
+    end
+    # @return   [String]
+    #   Current URL, as provided by the browser.
+    def dom_url
+        javascript.run( 'return document.URL;' )
     end
     # Explores the browser's DOM tree and captures page snapshots for each
@@ -448,15 +468,11 @@ class Browser
     # Iterates over all elements which have events and passes their info to the
     # given block.
     #
-    # @param    [Bool]  mark_state
-    #   Mark each element/events as visited and skip it if it has already been
-    #   seen.
-    #
     # @yield    [ElementLocator,Array<Symbol>]
-    #   Hash with information about the element, its tag name, applicable events
-    #   along with their handlers and attributes.
-    def each_element_with_events( mark_state = true )
-        current_url = url
+    #   Element locator along with the element's applicable events along with
+    #   their handlers and attributes.
+    def each_element_with_events
+        current_url = self.url
         javascript.dom_elements_with_events.each do |element|
             tag_name   = element['tag_name']
@@ -469,7 +485,7 @@ class Browser
                     if !href.empty?
                         if href.downcase.start_with?( 'javascript:' )
-                            events << [ :click, href ]
+                            (events[:click] ||= []) << href
                         else
                             next if skip_path?( to_absolute( href, current_url ) )
                         end
@@ -477,7 +493,7 @@ class Browser
                 when 'input'
                     if attributes['type'].to_s.downcase == 'image'
-                        events << [ :click, 'image' ]
+                        (events[:click] ||= []) << 'image'
                     end
                 when 'form'
@@ -485,7 +501,7 @@ class Browser
                     if !action.empty?
                         if action.downcase.start_with?( 'javascript:' )
-                            events << [ :submit, action ]
+                            (events[:submit] ||= []) << action
                         else
                             next if skip_path?( to_absolute( action, current_url ) )
                         end
@@ -494,12 +510,6 @@ class Browser
             next if events.empty?
-            if mark_state
-                state = "#{tag_name}#{attributes}#{events}"
-                next if skip_state?( state )
-                skip_state state
-            end
             yield ElementLocator.new( tag_name: tag_name, attributes: attributes ),
                     events
         end
@@ -507,21 +517,47 @@ class Browser
         self
     end
+    # @note The results will be cached, if direct access in necessary
+    #   use {#each_element_with_events}.
+    #
+    # @return    [Hash<ElementLocator,Array<Symbol>>]
+    #   Element locator along with the element's applicable events along with
+    #   their handlers and attributes.
+    def elements_with_events( clear_cache = false )
+        current_url = self.url
+        @elements_with_events.clear if clear_cache
+        if @elements_with_events.include?( current_url )
+            return @elements_with_events[current_url]
+        end
+        @elements_with_events.clear
+        @elements_with_events[current_url] ||= {}
+        each_element_with_events do |locator, events|
+            @elements_with_events[current_url][locator] = events
+        end
+        @elements_with_events[current_url]
+    end
     # @return   [String]
     #   Snapshot ID used to determine whether or not a page snapshot has already
-    #   been seen. Uses both elements and their DOM events and possible audit
-    #   workload to determine the ID, as page snapshots should be retained both
-    #   when further browser analysis can be performed and when new element
-    #   audit workload (but possibly without any DOM relevance) is available.
+    #   been seen.
+    #
+    #   Uses both elements and their DOM events and possible audit workload to
+    #   determine the ID, as page snapshots should be retained both when further
+    #   browser analysis can be performed and when new element audit workload
+    #   (but possibly without any DOM relevance) is available.
     def snapshot_id
-        current_url = url
+        current_url = self.url
-        id = []
+        id = Set.new
         javascript.dom_elements_with_events.each do |element|
             tag_name   = element['tag_name']
             attributes = element['attributes']
-            events     = element['events'] +
-                Javascript.select_event_attributes( attributes ).to_a
+            events     = element['events']
             element_id = attributes['id'].to_s
             case tag_name
@@ -531,19 +567,19 @@ class Browser
                     if !href.empty?
                         if href.downcase.start_with?( 'javascript:' )
-                            events << [ :click, href ]
+                            (events[:click] ||= []) << href
                         else
                             absolute = to_absolute( href, current_url )
                             next if skip_path?( absolute )
-                            events << [ :click, href ]
+                            (events[:click] ||= []) << href
                         end
                     else
-                        events << [ :click, current_url ]
+                        (events[:click] ||= []) << current_url
                     end
                 when 'input', 'textarea', 'select'
-                    events     << [ tag_name.to_sym ]
+                    (events[:input] ||= []) << tag_name.to_sym
                     element_id << attributes['name'].to_s
                 when 'form'
@@ -552,24 +588,26 @@ class Browser
                     if !action.empty?
                         if action.downcase.start_with?( 'javascript:' )
-                            events << [ :submit, action ]
+                            (events[:submit] ||= []) << action
                         else
                             absolute = to_absolute( action, current_url )
                             if !skip_path?( absolute )
-                                events << [ :submit, absolute ]
+                                (events[:submit] ||= []) << absolute
                             end
                         end
                     else
-                        events << [ :submit, current_url ]
+                        (events[:submit] ||= []) << current_url
                     end
             end
             next if events.empty?
-            id << "#{tag_name}:#{element_id}:#{events}"
+            id << "#{tag_name}:#{element_id}:#{events.keys.sort}".persistent_hash
         end
-        id.uniq.sort.to_s
+        id << [:cookies, cookies.map(&:name).sort].to_s.persistent_hash
+        id.to_a.sort.map(&:to_s).join(':')
     end
     # Triggers all events on all elements (**once**) and captures
@@ -578,11 +616,15 @@ class Browser
     # @return   [Browser]
     #   `self`
     def trigger_events
-        root_page = to_page
+        dom = self.state
+        elements_with_events( true ).each do |locator, events|
+            state = "#{locator.tag_name}:#{locator.attributes}:#{events.keys.sort}"
+            next if skip_state?( state )
+            skip_state state
-        each_element_with_events do |locator, events|
             events.each do |name, _|
-                distribute_event( root_page, locator, name.to_sym )
+                distribute_event( dom, locator, name.to_sym )
             end
         end
@@ -595,23 +637,23 @@ class Browser
     # Distributes the triggering of `event` on the element at `element_index`
     # on `page`.
     #
-    # @param    [Page]    page
+    # @param    [String, Page, Page::DOM, HTTP::Response]    resource
     # @param    [ElementLocator]  locator
     # @param    [Symbol]  event
-    def distribute_event( page, locator, event )
-        trigger_event( page, locator, event )
+    def distribute_event( resource, locator, event )
+        trigger_event( resource, locator, event )
     end
     # @note Captures page {#page_snapshots}.
     #
     # Triggers `event` on the element described by `tag` on `page`.
     #
-    # @param    [Page]    page
+    # @param    [String, Page, Page::DOM, HTTP::Response]    resource
     #   Page containing the element's `tag`.
     # @param    [ElementLocator]  element
     # @param    [Symbol]  event
     #   Event to trigger.
-    def trigger_event( page, element, event )
+    def trigger_event( resource, element, event, restore = true )
         event = event.to_sym
         transition = fire_event( element, event )
@@ -620,18 +662,21 @@ class Browser
                 ' the page has changed, capturing a new snapshot.'
             capture_snapshot
-            print_info 'Restoring page.'
-            restore page
+            if restore
+                print_info 'Restoring page.'
+                restore( resource )
+            end
             return
         end
         capture_snapshot( transition )
-        restore page
+        restore( resource ) if restore
     end
     # Triggers `event` on `element`.
     #
-    # @param    [Watir::Element, ElementLocator]  element
+    # @param    [Selenium::WebDriver::Element, ElementLocator]  element
     # @param    [Symbol]  event
     # @param    [Hash]  options
     # @option options [Hash<Symbol,String=>String>]  :inputs
@@ -651,10 +696,10 @@ class Browser
             locator = element
             begin
-                element = element.locate( self )
-            rescue Selenium::WebDriver::Error::WebDriverError,
-                Watir::Exception::Error => e
+                Selenium::WebDriver::Wait.new( timeout: ELEMENT_APPEARANCE_TIMEOUT ).
+                    until { element = element.locate( self ) }
+            rescue Selenium::WebDriver::Error::WebDriverError => e
                 print_debug "Element '#{element.inspect}' could not be " <<
                                 "located for triggering '#{event}'."
                 print_debug
@@ -663,23 +708,6 @@ class Browser
             end
         end
-        # The page may need a bit to settle and the element is lazily located
-        # by Watir so give it a few tries.
-        begin
-            with_timeout ELEMENT_APPEARANCE_TIMEOUT do
-                sleep 0.1 while !element.exists?
-            end
-        rescue Timeout::Error
-            print_debug_level_2 "#{element.inspect} did not appear in " <<
-                                    "#{ELEMENT_APPEARANCE_TIMEOUT}."
-            return
-        end
-        if !element.visible?
-            print_debug_level_2 "#{element.inspect} is not visible, skipping..."
-            return
-        end
         if locator
             opening_tag = locator.to_s
             tag_name    = locator.tag_name
@@ -689,71 +717,115 @@ class Browser
             locator     = ElementLocator.from_html( opening_tag )
         end
-        print_debug_level_2 "#{__method__} [start]: #{event} (#{options}) #{locator}"
+        print_debug_level_2 "[start]: #{event} (#{options}) #{locator}"
         tag_name = tag_name.to_sym
         notify_on_fire_event( element, event )
-        tries = 0
+        pre_timeouts = javascript.timeouts
         begin
-            Page::DOM::Transition.new( locator, event, options ) do
-                had_special_trigger = false
+            transition = Page::DOM::Transition.new( locator, event, options ) do
+                force = true
+                # It's better to use the Watir helpers whenever possible instead
+                # of firing events manually.
                 if tag_name == :form
                     fill_in_form_inputs( element, options[:inputs] )
                     if event == :submit
-                        element.to_subtype.submit
-                        had_special_trigger = true
+                        force = false
+                        element.submit
                     end
-                elsif tag_name == :input && event == :click &&
-                        element.attribute_value(:type) == 'image'
-                    element.to_subtype.click
-                    had_special_trigger = true
+                elsif event == :click
+                    force = false
-                elsif [:keyup, :keypress, :keydown, :change, :input, :focus, :blur, :select].include? event
+                    element.click
-                    # Some of these need an explicit event triggers.
-                    had_special_trigger = true if ![:change, :blur, :focus, :select].include? event
+                elsif INPUT_EVENTS.include? event
+                    force = INPUT_EVENTS_TO_FORCE.include?( event )
                     # Send keys will append to the existing value, so we need to
-                    # clear it first. The receiving input may support values
+                    # clear it first. The receiving input may not support values
                     # though, so watch out.
-                    if (subtype = element.to_subtype).respond_to?( :value= )
-                        subtype.value = ''
-                    end
+                    element.clear if [:input, :textarea].include?( tag_name )
+                    # Simulates real text input and will trigger associated events.
+                    # Except for INPUT_EVENTS_TO_FORCE of course.
                     element.send_keys( (options[:value] || value_for( element )).to_s )
                 end
-                element.fire_event( event ) if !had_special_trigger
+                if force
+                    print_debug_level_2 "[forcing event]: #{event} (#{options}) #{locator}"
+                    fire_event_js locator, event
+                end
-                print_debug_level_2 "#{__method__} [waiting for requests]: #{event} (#{options}) #{locator}"
+                print_debug_level_2 "[waiting for requests]: #{event} (#{options}) #{locator}"
                 wait_for_pending_requests
-                print_debug_level_2 "#{__method__} [done waiting for requests]: #{event} (#{options}) #{locator}"
+                print_debug_level_2 "[done waiting for requests]: #{event} (#{options}) #{locator}"
-                # puts source_with_line_numbers
-                print_debug_level_2 "#{__method__} [done]: #{event} (#{options}) #{locator}"
+                update_cookies
             end
-        rescue Selenium::WebDriver::Error::WebDriverError,
-            Watir::Exception::Error => e
-            sleep 0.1
+            print_debug_level_2 "[done in #{transition.time}s]: #{event} (#{options}) #{locator}"
+            delay = (javascript.timeouts - pre_timeouts).compact.map { |t| t[1].to_i }.max
+            if delay
+                print_debug_level_2 "Found new timers with max #{delay}ms."
+                delay = [Options.http.request_timeout, delay].min / 1000.0
+                print_debug_level_2 "Will wait for #{delay}s."
+                sleep delay
+            end
-            tries += 1
-            retry if tries < 5
+            transition
+        rescue Selenium::WebDriver::Error::WebDriverError => e
             print_debug "Error when triggering event for: #{url}"
-            print_debug "-- '#{event}' on: #{opening_tag}"
+            print_debug "-- '#{event}' on: #{opening_tag} -- #{locator.css}"
             print_debug
             print_debug_exception e
             nil
         end
     end
+    # This is essentially the same thing as Watir::Element#fire_event
+    # but 10 times faster.
+    #
+    # Does not perform any sort of sanitization nor sanity checking, it will
+    # just try to trigger the event.
+    #
+    # @param    [Browser::ElementLocator]   locator
+    # @param    [Symbol,String]   event
+    # @param    [Bool]   ret
+    #   Return JS result?
+    # @param    [Numeric]   wait
+    #   Amount of time to wait (in seconds) after triggering the event.
+    def fire_event_js( locator, event, ret: false, wait: 0.1 )
+        r = javascript.run <<-EOJS
+            var element = document.querySelector( #{locator.css.inspect} );
+            var event   = document.createEvent( "Events" );
+            event.initEvent( "#{event}", true, true );
+            event.view     = window;
+            event.altKey   = false;
+            event.ctrlKey  = false;
+            event.shiftKey = false;
+            event.metaKey  = false;
+            event.keyCode  = 0;
+            event.charCode = 'a';
+            #{'return' if ret} element.dispatchEvent( event );
+        EOJS
+        sleep wait
+        r
+    end
     # Starts capturing requests and parses them into elements of pages,
     # accessible via {#captured_pages}.
     #
@@ -805,13 +877,29 @@ class Browser
         @captured_pages
     end
+    # @return   [Page::DOM]
+    def state
+        d_url = dom_url
+        return if !response
+        Page::DOM.new(
+            url:         d_url,
+            transitions: @transitions.dup,
+            digest:      @javascript.dom_digest,
+            skip_states: skip_states.dup
+        )
+    end
     # @return   [Page]
     #   Converts the current browser window to a {Page page}.
     def to_page
+        d_url = dom_url
         if !(r = response)
             return Page.from_data(
                 dom: {
-                    url: watir.url
+                    url: d_url
                 },
                 response: {
                     code: 0,
@@ -820,12 +908,19 @@ class Browser
             )
         end
+        # We need sink data for both the current taint and to determine cookie
+        # usage, so grab all of the data-flow sinks once.
+        data_flow_sinks = {}
+        if @javascript.supported?
+            data_flow_sinks = @javascript.taint_tracer.data_flow_sinks
+        end
         page                          = r.to_page
         page.body                     = source
-        page.dom.url                  = watir.url
+        page.dom.url                  = d_url
         page.dom.digest               = @javascript.dom_digest
         page.dom.execution_flow_sinks = @javascript.execution_flow_sinks
-        page.dom.data_flow_sinks      = @javascript.data_flow_sinks
+        page.dom.data_flow_sinks      = data_flow_sinks[@javascript.taint] || []
         page.dom.transitions          = @transitions.dup
         page.dom.skip_states          = skip_states.dup
@@ -860,10 +955,9 @@ class Browser
             end
             if Options.audit.cookie_doms?
-                sinks = @javascript.taint_tracer.data_flow_sinks
                 page.cookies.each do |cookie|
-                    next if sinks.include?( cookie.name ) ||
-                        sinks.include?( cookie.value )
+                    next if data_flow_sinks.include?( cookie.name ) ||
+                        data_flow_sinks.include?( cookie.value )
                     cookie.skip_dom = true
                 end
@@ -881,32 +975,46 @@ class Browser
         request_transitions = flush_request_transitions
         transitions = ([transition] + request_transitions).flatten.compact
+        window_handles = @selenium.window_handles
         begin
-            # Skip about:blank windows.
-            watir.windows( url: /^http/ ).each do |window|
-                window.use do
-                    next if !(page = to_page)
-                    if pages.empty?
-                        transitions.each do |t|
-                            @transitions << t
-                            page.dom.push_transition t
-                        end
-                    end
+            window_handles.each do |handle|
+                if window_handles.size > 1
+                    @selenium.switch_to.window( handle )
+                end
-                    capture_snapshot_with_sink( page )
+                # We don't even have an HTTP response for the page, don't
+                # bother trying anything else.
+                next if !response
-                    unique_id  = self.snapshot_id
-                    next if skip_state? unique_id
-                    skip_state unique_id
+                unique_id = self.snapshot_id
+                already_seen = skip_state?( unique_id )
+                skip_state unique_id
-                    notify_on_new_page( page )
+                with_sinks = javascript.has_sinks?
-                    if store_pages?
-                        @page_snapshots[unique_id.hash] = page
-                        pages << page
+                # Avoid a #to_page call if at all possible because it'll generate
+                # loads of data.
+                next if (already_seen && !with_sinks) ||
+                    (page = to_page).code == 0
+                if pages.empty?
+                    transitions.each do |t|
+                        @transitions << t
+                        page.dom.push_transition t
                     end
                 end
+                capture_snapshot_with_sink( page )
+                next if already_seen
+                notify_on_new_page( page )
+                if store_pages?
+                    @page_snapshots[unique_id] = page
+                    pages << page
+                end
             end
         rescue => e
             print_debug "Could not capture snapshot for: #{@last_url}"
@@ -917,6 +1025,8 @@ class Browser
             print_debug
             print_debug_exception e
+        ensure
+            @selenium.switch_to.default_content
         end
         pages
@@ -947,33 +1057,49 @@ class Browser
     end
     # @return   [Array<Cookie>]
-    #   Browser cookies.
+    #   Cookies visible to JS.
     def cookies
         js_cookies = begin
-            # Watir doesn't tell us if cookies are HttpOnly, so we need to figure
-            # this out ourselves, by checking for JS visibility.
+             # Watir doesn't tell us if cookies are HttpOnly, so we need to figure
+             # this out ourselves, by checking for JS visibility.
             javascript.run( 'return document.cookie' )
         # We may not have a page.
         rescue Selenium::WebDriver::Error::WebDriverError
             ''
         end
-        watir.cookies.to_a.map do |c|
-            original_name = c[:name].to_s
+        # The domain attribute cannot be trusted, PhantomJS thinks all cookies
+        # are for subdomains too.
+        # Do not try to hack around this because it'll be a waste of time,
+        # leading to confusion and duplicate cookies.
+        #
+        # Still, we ask Selenium for cookies instead of parsing the JS ones
+        # and merging with the HTTP cookiejar because this allows us to get
+        # a path attribute for JS cookies.
+        @selenium.manage.all_cookies.map do |c|
+            c[:httponly] = !js_cookies.include?( c[:name].to_s )
+            c[:path]     = c[:path].gsub( /\/+/, '/' )
+            c[:expires]  = Time.parse( c[:expires].to_s ) if c[:expires]
-            c[:path]     = '/' if c[:path] == '//'
-            c[:name]     = Cookie.decode( c[:name].to_s )
-            c[:value]    = Cookie.value_to_v0( c[:value].to_s )
-            c[:httponly] = !js_cookies.include?( original_name )
+            c[:raw_name]  = c[:name].to_s
+            c[:raw_value] = c[:value].to_s
-            Cookie.new c.merge( url: @last_url || url )
+            c[:name]  = Cookie.decode( c[:name].to_s )
+            c[:value] = Cookie.value_to_v0( c[:value].to_s )
+            Cookie.new c.merge( url: @last_url || self.url )
         end
     end
+    def update_cookies
+        HTTP::Client.update_cookies self.cookies
+    end
     # @return   [String]
     #   HTML code of the evaluated (DOM/JS/AJAX) page.
     def source
-        watir.html
+        @selenium.page_source
     end
     def load_delay
@@ -985,7 +1111,11 @@ class Browser
         delay = load_delay
         return if !delay
+        print_debug_level_2 'Waiting for timers...'
         sleep [Options.http.request_timeout, delay].min / 1000.0
+        print_debug_level_2 '...done.'
     end
     def skip_path?( path )
@@ -993,22 +1123,26 @@ class Browser
     end
     def response
-        u = watir.url
+        u = dom_url
-        return if skip_path?( u )
+        if dom_url == 'about:blank'
+            print_debug 'Blank page.'
+            return
+        end
-        begin
-            with_timeout Options.http.request_timeout / 1_000 do
-                while !(r = get_response(u))
-                    sleep 0.1
-                end
+        if skip_path?( u )
+            print_debug "Response is out of scope: #{u}"
+            return
+        end
-                fail Timeout::Error if r.timed_out?
+        r = get_response( u )
-                return r
-            end
-        rescue Timeout::Error
-            print_debug "Response for '#{u}' never arrived."
+        return r if r && r.code != 504
+        if r
+            print_debug "Origin server timed-out when requesting: #{u}"
+        else
+            print_debug "Response never arrived: #{u}"
         end
         nil
@@ -1019,7 +1153,7 @@ class Browser
     def selenium
         return @selenium if @selenium
-        client = Selenium::WebDriver::Remote::Http::Typhoeus.new
+        client = Selenium::WebDriver::Remote::Http::Default.new
         client.timeout = WATIR_COM_TIMEOUT
         @selenium = Selenium::WebDriver.for(
@@ -1033,47 +1167,53 @@ class Browser
         )
     end
+    def alive?
+        @lifeline_pid && Processes::Manager.alive?( @lifeline_pid )
+    end
     def inspect
         s = "#<#{self.class} "
-        s << "pid=#{@pid} "
+        s << "pid=#{@lifeline_pid} "
+        s << "browser_pid=#{@browser_pid} "
         s << "last-url=#{@last_url.inspect} "
         s << "transitions=#{@transitions.size}"
         s << '>'
     end
-    def filter_events( element, events )
-        supported = Set.new( Arachni::Browser::Javascript.events_for( element ) )
-        events.reject { |name, _| !supported.include? ('on' + name.to_s.gsub( /^on/, '' )).to_sym }
-    end
     private
     def fill_in_form_inputs( form, inputs = nil )
-        form.text_fields.each do |input|
+        form.find_elements( :css, 'input, textarea' ).each do |input|
             name_or_id = name_or_id_for( input )
-            value      = inputs ? inputs[name_or_id] : value_for( input )
+            value      = inputs ? inputs[name_or_id] : value_for_name( name_or_id )
             begin
-                input.set( value.to_s.recode )
+                input.clear
+                input.send_keys( value.to_s.recode )
             # Disabled inputs and such...
-            rescue Selenium::WebDriver::Error::WebDriverError,
-                Watir::Exception::Error => e
+            rescue Selenium::WebDriver::Error::WebDriverError => e
                 print_debug_level_2 "Could not fill in form input '#{name_or_id}'" <<
                                         " because: #{e} [#{e.class}"
             end
         end
-        form.selects.each do |input|
-            name_or_id = name_or_id_for( input )
-            value      = inputs ? inputs[name_or_id] : value_for( input )
+        form.find_elements( :tag_name, 'select' ).each do |select|
+            name_or_id = name_or_id_for( select )
+            value      = inputs ? inputs[name_or_id] : value_for_name( name_or_id )
-            begin
-                input.select_value( value.to_s.recode )
-            # Disabled inputs and such...
-            rescue Selenium::WebDriver::Error::WebDriverError,
-                Watir::Exception::Error => e
-                print_debug_level_2 "Could not fill in form select '#{name_or_id}'" <<
-                                        " because: #{e} [#{e.class}"
+            options = select.find_elements( tag_name: 'option' )
+            options.each do |option|
+                begin
+                    if option[:value] == value || option.text == value
+                        option.click
+                        return
+                    end
+                # Disabled inputs and such...
+                rescue Selenium::WebDriver::Error::WebDriverError => e
+                    print_debug_level_2 "Could not fill in form select '#{name_or_id}'" <<
+                                            " because: #{e} [#{e.class}"
+                end
             end
         end
     end
@@ -1091,10 +1231,10 @@ class Browser
     end
     def name_or_id_for( element )
-        name = element.attribute_value(:name).to_s
+        name = element[:name].to_s
         return name if !name.empty?
-        id = element.attribute_value(:id).to_s
+        id = element[:id].to_s
         return id if !id.empty?
         nil
@@ -1119,6 +1259,10 @@ class Browser
         Options.input.value_for_name( name_or_id_for( element ) )
     end
+    def value_for_name( name )
+        Options.input.value_for_name( name )
+    end
     def spawn_browser
         if !spawn_phantomjs
             fail Error::Spawn, 'Could not start the browser process.'
@@ -1134,11 +1278,14 @@ class Browser
         ChildProcess.posix_spawn = true
-        port = nil
-        last_attempt_output = nil
+        port   = nil
+        output = ''
         10.times do |i|
-            done = false
-            port = available_port
+            # Clear output of previous attempt.
+            output = ''
+            done   = false
+            port   = Utilities.available_port
             print_debug "Attempt ##{i}, chose port number #{port}"
@@ -1146,52 +1293,48 @@ class Browser
                 with_timeout 10 do
                     print_debug "Spawning process: #{self.class.executable}"
-                    @process = ChildProcess.build(
-                        self.class.executable,
-                        "--webdriver=#{port}",
-                        "--proxy=http://#{@proxy.address}/",
-                        # As lax as possible to allow for easy SSL interception.
-                        # The actual request to the origin server will obey
-                        # the system-side SSL options.
-                        '--ignore-ssl-errors=true',
-                        '--ssl-protocol=any',
-                        '--disk-cache=true',
-                        "--debug=#{!!debug?}"
+                    r, w  = IO.pipe
+                    ri, @kill_process = IO.pipe
+                    @lifeline_pid = Processes::Manager.spawn(
+                        :browser,
+                        executable: self.class.executable,
+                        without_arachni: true,
+                        fork: false,
+                        new_pgroup: true,
+                        stdin: ri,
+                        stdout: w,
+                        stderr: w,
+                        port: port,
+                        proxy_url: @proxy.url
                     )
-                    # @process.leader = true
-                    @process.detach = true
-                    @process.io.stdout = Tempfile.new( 'phantomjs-out' )
-                    @process.io.stderr = @process.io.stdout
-                    @process.io.stderr.sync = @process.io.stdout.sync = true
+                    w.close
+                    ri.close
-                    @process.start
                     print_debug 'Process spawned, waiting for it to boot-up...'
-                    File.open( @process.io.stdout.path, 'r' ) do |out|
-                        buff = ''
-                        # Wait for PhantomJS to initialize.
-                         while !buff.include?( 'running on port' )
-                             # This can be problematic on something other than
-                             # MRI.
-                             buff << (out.readline rescue '').to_s
+                    # Wait for PhantomJS to initialize.
+                     while !output.include?( 'running on port' )
+                         begin
+                             output << r.readpartial( 8192 )
+                         # EOF or something, take a breather before retrying.
+                         rescue
+                             sleep 0.05
                          end
+                     end
-                        buff = nil
-                        print_debug 'Boot-up complete.'
-                        done = true
-                    end
+                    @browser_pid = output.scan( /^PID: (\d+)/ ).flatten.first.to_i
+                    print_debug 'Boot-up complete.'
+                    done = true
                 end
             rescue Timeout::Error
                 print_debug 'Spawn timed-out.'
             end
-            if @process.io.stdout
-                last_attempt_output = IO.read( @process.io.stdout )
-                print_debug last_attempt_output
-                @process.io.stdout.close!
+            if !output.empty?
+                print_debug output
             end
             if done
@@ -1208,42 +1351,29 @@ class Browser
         #
         # Bail out for now and count on the BrowserCluster to retry to boot
         # another process ass needed.
-        if !@process
+        if !@lifeline_pid
             log_error 'Could not spawn browser process.'
-            log_error last_attempt_output
+            log_error output
             return
         end
-        begin
-            @pid = @process.pid
-        # Not supported on JRuby on MS Windows.
-        rescue NotImplementedError
-        end
         @browser_url = "http://127.0.0.1:#{port}"
     end
     def kill_process
-        begin
-            if @process && @process.alive?
-                @process.stop
-                @process.io.close rescue nil
+        if @kill_process
+            begin
+                @kill_process.close
+            rescue
             end
-        rescue Errno::ECHILD
-            false
         end
-        @process     = nil
-        @watir       = nil
-        @selenium    = nil
-        @pid         = nil
-        @browser_url = nil
-    end
-    def browser_alive?
-        @watir && @process && @process.alive?
-    rescue Errno::ECHILD
-        false
+        @kill_process = nil
+        @watir        = nil
+        @selenium     = nil
+        @lifeline_pid = nil
+        @browser_pid  = nil
+        @browser_url  = nil
     end
     def store_pages?
@@ -1267,52 +1397,50 @@ class Browser
     end
     def wait_for_pending_requests
-        # With AJAX requests being asynchronous and everything we need
-        # to wait a split second to give the browser time to initialize
-        # a connection.
-        #
-        # TODO: Add XMLHttpRequest.send() overrides to the DOMMonitor so
-        # that we'll know for sure when to wait.
-        sleep 0.1
+        print_debug_level_2 "Waiting for #{@proxy.pending_requests} requests to complete..."
-        # Wait for pending requests to complete.
-        #
-        # The HTTP timeout option already guards us against this but I don't
-        # fully trust the proxy so we're using #with_timeout as a fallback.
-        with_timeout Options.http.request_timeout / 1_000 do
-            sleep 0.1 while @proxy.has_connections?
-        end
+        sleep 0.1
+        sleep 0.01 while @proxy.has_pending_requests?
-        true
-    rescue Timeout::Error
-        #ap 'PENDING REQUESTS TIMEOUT'
-        #ap caller
-        false
+        print_debug_level_2 '...done.'
     end
     def load_cookies( url, cookies = {} )
         # First clears the browser's cookies and then tricks it into accepting
         # the system cookies for its cookie-jar.
+        #
+        # Well, it doesn't really clear the browser's cookie-jar, but that's
+        # not necessary because whatever cookies the browser has have already
+        # gotten into the system-wide cookiejar, and since we're passing
+        # all applicable cookies to the browser the end result will be that
+        # it'll have the wanted values.
         url = normalize_url( url )
-        watir.cookies.clear
         set_cookies = {}
         HTTP::Client.cookie_jar.for_url( url ).each do |cookie|
             cookie = cookie.dup
-            cookie.data.delete :domain
             set_cookies[cookie.name] = cookie
         end
         cookies.each do |name, value|
             if set_cookies[name]
                 set_cookies[name] = set_cookies[name].dup
+                # Don't forget this, otherwise the #to_set_cookie call will
+                # return the original raw data.
+                set_cookies[name].affected_input_name = name
                 set_cookies[name].update( name => value )
             else
                 set_cookies[name] = Cookie.new( url: url, inputs: { name => value } )
             end
         end
-        url = "#{url}/set-cookies-#{request_token}"
+        return if set_cookies.empty? &&
+            Arachni::Options::browser_cluster.local_storage.empty?
+        set_cookie = set_cookies.values.map(&:to_set_cookie)
+        print_debug_level_2 "Setting cookies: #{set_cookie}"
         body = ''
         if Arachni::Options::browser_cluster.local_storage.any?
@@ -1327,11 +1455,12 @@ class Browser
 EOJS
         end
-        watir.goto preload( HTTP::Response.new(
-            url:     url,
+        @selenium.navigate.to preload( HTTP::Response.new(
+            code:    200,
+            url:     "#{url}/set-cookies-#{request_token}",
             body:    body,
             headers: {
-                'Set-Cookie' => set_cookies.values.map(&:to_set_cookie)
+                'Set-Cookie' => set_cookie
             }
         ))
     end
@@ -1339,12 +1468,26 @@ EOJS
     # Makes sure we have at least 2 windows open so that we can switch to the
     # last available one in case there's some JS in the page that closes one.
     def ensure_open_window
-        return if watir.windows.size > 1
+        window_handles = @selenium.window_handles
+        if window_handles.size == 0
+            @javascript.run( 'window.open()' )
+            @selenium.switch_to.window( @selenium.window_handles.last )
+        else
+            if window_handles.size > 1
+                # Keep the first
+                window_handles[1..-1].each do |handle|
+                    @selenium.switch_to.window( handle )
+                    @selenium.close
+                end
-        watir.windows.last.use
-        watir.window.resize_to( @width, @height )
+                @selenium.switch_to.window( @selenium.window_handles.first )
+            end
-        @javascript.run( 'window.open()' )
+            @selenium.navigate.to 'about:blank'
+        end
+        @selenium.manage.window.resize_to( @width, @height )
     end
     # # Firefox driver, only used for debugging.
@@ -1362,6 +1505,11 @@ EOJS
     def capabilities
         Selenium::WebDriver::Remote::Capabilities.phantomjs(
+            # Selenium tries to be helpful by including screenshots for errors
+            # in the JSON response. That's not gonna fly in this use case as
+            # parsing lots of massive JSON responses at the same time will
+            # have a significant impact on performance.
+            takes_screenshot: false,
             'phantomjs.page.settings.userAgent'  => Options.http.user_agent,
             'phantomjs.page.customHeaders.X-Arachni-Browser-Auth' => auth_token,
             'phantomjs.page.settings.resourceTimeout' => Options.http.request_timeout,
@@ -1389,6 +1537,8 @@ EOJS
         return if request.headers['X-Arachni-Browser-Auth'] != auth_token
         request.headers.delete 'X-Arachni-Browser-Auth'
+        print_debug_level_2 "Request: #{request.url}"
         # We can't have 304 page responses in the framework, we need full request
         # and response data, the browser cache doesn't help us here.
         #
@@ -1399,41 +1549,47 @@ EOJS
             request.headers.delete 'If-Modified-Since'
         end
-        return if @javascript.serve( request, response )
+        if @javascript.serve( request, response )
+            print_debug_level_2 "Serving local JS."
+            return
+        end
         if !request.url.include?( request_token )
-            return if ignore_request?( request )
+            if ignore_request?( request )
+                print_debug_level_2 "Out of scope, ignoring."
+                return
+            end
             if @add_request_transitions
-                @request_transitions << Page::DOM::Transition.new( request.url, :request )
+                synchronize do
+                    @request_transitions << Page::DOM::Transition.new(
+                        request.url, :request
+                    )
+                end
             end
         end
         # Signal the proxy to not actually perform the request if we have a
         # preloaded or cached response for it.
         if from_preloads( request, response ) || from_cache( request, response )
+            print_debug_level_2 'Resource has been preloaded.'
             # There may be taints or custom JS code that need to be updated.
             javascript.inject response
             return
         end
+        print_debug_level_2 'Request can proceed to origin.'
         # Capture the request as elements of pages -- let's us grab AJAX and
         # other browser requests and convert them into elements we can analyze
         # and audit.
-        capture( request )
+        if request.scope.in?
+            capture( request )
+        end
         request.headers['user-agent'] = Options.http.user_agent
-        # The proxy has an unlimited response_max_size so if we're not requesting
-        # an asset remove the response_max_size option so that it'll end up using
-        # the system settings.
-        #
-        # However, this is not foolproof, a lot of assets don't have the expected
-        # extension.
-        if !request_for_asset?( request )
-            request.response_max_size = nil
-        end
         # Signal the proxy to continue with its request to the origin server.
         true
     end
@@ -1441,41 +1597,99 @@ EOJS
     def response_handler( request, response )
         return if request.url.include?( request_token )
+        print_debug_level_2 "Got response: #{response.url}"
         @request_transitions.each do |transition|
             next if !transition.running? || transition.element != request.url
             transition.complete
         end
-        javascript.inject response
+        # If we abort the request because it's out of scope we need to emulate
+        # an OK response because we **do** want to be able to grab a page with
+        # the out of scope URL, even if it's empty.
+        # For example, unvalidated_redirect checks need this.
+        if response.code == 0
+            if enforce_scope? && response.scope.out?
+                response.code = 200
+            end
+        else
+            if javascript.inject( response )
+                print_debug_level_2 'Injected custom JS.'
+            end
+        end
         # Don't store assets, the browsers will cache them accordingly.
-        return if request_for_asset?( request ) || !response.text?
+        if request_for_asset?( request ) || !response.text?
+            print_debug_level_2 'Asset detected, will not store.'
+            return
+        end
         # No-matter the scope, don't store resources for external domains.
-        return if !response.scope.in_domain?
+        if !response.scope.in_domain?
+            print_debug_level_2 'Outside of domain scope, will not store.'
+            return
+        end
-        return if enforce_scope? && response.scope.out?
+        if enforce_scope? && response.scope.out?
+            print_debug_level_2 'Outside of general scope, will not store.'
+            return
+        end
         whitelist_asset_domains( response )
         save_response response
+        print_debug_level_2 'Stored.'
         nil
     end
     def ignore_request?( request )
-        return if !enforce_scope?
+        print_debug_level_2 "Checking: #{request.url}"
+        if !enforce_scope?
+            print_debug_level_2 'Allow: Scope enforcement disabled.'
+            return
+        end
+        if request_for_asset?( request )
+            print_debug_level_2 'Allow: Asset detected.'
+            return false
+        end
+        if !request.scope.follow_protocol?
+            print_debug_level_2 'Disallow: Cannot follow protocol.'
+            return true
+        end
+        if !request.scope.in_domain?
+            if self.class.asset_domains.include?( request.parsed_url.domain )
+                print_debug_level_2 'Allow: Out of scope but in CDN list.'
+                return false
+            end
-        return false if request_for_asset?( request )
+            print_debug_level_2 'Disallow: Domain out of scope and not in CDN list.'
+            return true
+        end
-        return true if !request.scope.follow_protocol?
+        if request.scope.too_deep?
+            print_debug_level_2 'Disallow: Too deep.'
+            return true
+        end
-        return true if !request.scope.in_domain? &&
-            !self.class.asset_domains.include?( request.parsed_url.domain )
+        if !request.scope.include?
+            print_debug_level_2 'Disallow: Does not match inclusion rules.'
+            return true
+        end
-        return true if request.scope.too_deep?
-        return true if !request.scope.include?
-        return true if request.scope.exclude?
-        return true if request.scope.redundant?
+        if request.scope.exclude?
+            print_debug_level_2 'Disallow: Matches exclusion rules.'
+            return true
+        end
+        if request.scope.redundant?
+            print_debug_level_2 'Disallow: Matches redundant rules.'
+            return true
+        end
         false
     end
@@ -1485,9 +1699,13 @@ EOJS
     end
     def whitelist_asset_domains( response )
-        ASSET_EXTRACTORS.each do |regexp|
-            response.body.scan( regexp ).flatten.compact.each do |url|
-                self.class.add_asset_domain url
+        synchronize do
+            ASSET_EXTRACTORS.each do |regexp|
+                response.body.scan( regexp ).flatten.compact.each do |url|
+                    next if !(domain = self.class.add_asset_domain( url ))
+                    print_debug_level_2 "#{domain} from #{url} based on #{regexp.source}"
+                end
             end
         end
     end
@@ -1504,11 +1722,15 @@ EOJS
         found_element = false
         if (json = JSON.from_request( @last_url, request ))
+            print_debug_level_2 "Extracted JSON input:\n#{json.source}"
             elements[:jsons] << json
             found_element = true
         end
         if !found_element && (xml = XML.from_request( @last_url, request ))
+            print_debug_level_2 "Extracted XML input:\n#{xml.source}"
             elements[:xmls] << xml
             found_element = true
         end
@@ -1539,13 +1761,30 @@ EOJS
                 return
         end
+        if (form = elements[:forms].last)
+            print_debug_level_2 "Extracted form input:\n" <<
+                "#{form.method.to_s.upcase} #{form.action} #{form.inputs}"
+        end
         el = elements.values.flatten
+        if el.empty?
+            print_debug_level_2 'No elements found.'
+            return
+        end
         # Don't bother if the system in general has already seen the vectors.
-        return if el.empty? || !el.find { |e| !ElementFilter.include?( e ) }
+        if el.empty? || !el.find { |e| !ElementFilter.include?( e ) }
+            print_debug_level_2 'Ignoring, already seen.'
+            return
+        end
         begin
-            return if !el.find { |e| !skip_state?( e ) }
+            if !el.find { |e| !skip_state?( e ) }
+                print_debug_level_2 'Ignoring, already seen.'
+                return
+            end
             el.each { |e| skip_state e.id }
         # This could be an orphaned HTTP request, without a job, if running in
         # BrowserCluster::Worker.
@@ -1565,21 +1804,25 @@ EOJS
     end
     def from_preloads( request, response )
-        return if !(preloaded = preloads.delete( request.url ))
+        synchronize do
+            return if !(preloaded = preloads.delete( request.url ))
-        copy_response_data( preloaded, response )
-        response.request = request
-        save_response( response ) if !preloaded.url.include?( request_token )
+            copy_response_data( preloaded, response )
+            response.request = request
+            save_response( response ) if !preloaded.url.include?( request_token )
-        preloaded
+            preloaded
+        end
     end
     def from_cache( request, response )
-        return if !@cache.include?( request.url )
+        synchronize do
+            return if !@cache.include?( request.url )
-        copy_response_data( @cache[request.url], response )
-        response.request = request
-        save_response response
+            copy_response_data( @cache[request.url], response )
+            response.request = request
+            save_response response
+        end
     end
     def copy_response_data( source, destination )