RubyGems - arachni - Versions diffs - 1.4 → 1.6.0 - Mend

arachni 1.4 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (748) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +195 -0
data/Gemfile +4 -4
data/LICENSE.md +1 -1
data/README.md +7 -3
data/Rakefile +1 -43
data/arachni.gemspec +35 -30
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +6 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_reproduce +12 -0
data/bin/arachni_rest_server +1 -1
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +6 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +6 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +1 -1
data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +20 -75
data/components/checks/active/file_inclusion.rb +1 -1
data/components/checks/active/ldap_injection.rb +1 -1
data/components/checks/active/no_sql_injection.rb +1 -1
data/components/checks/active/no_sql_injection_differential.rb +3 -3
data/components/checks/active/os_cmd_injection.rb +1 -1
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +3 -3
data/components/checks/active/response_splitting.rb +1 -1
data/components/checks/active/rfi.rb +1 -1
data/components/checks/active/session_fixation.rb +1 -1
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/sql_injection/regexps/hsqldb.yaml +1 -0
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/substrings/java +4 -0
data/components/checks/active/sql_injection/substrings/oracle +0 -1
data/components/checks/active/sql_injection/substrings/sqlite +1 -0
data/components/checks/active/sql_injection.rb +1 -1
data/components/checks/active/sql_injection_differential.rb +3 -3
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +34 -11
data/components/checks/active/unvalidated_redirect_dom.rb +4 -4
data/components/checks/active/xpath_injection.rb +1 -1
data/components/checks/active/xss.rb +54 -29
data/components/checks/active/xss_dom.rb +15 -11
data/components/checks/active/xss_dom_script_context.rb +4 -6
data/components/checks/active/xss_event.rb +46 -34
data/components/checks/active/xss_path.rb +9 -6
data/components/checks/active/xss_script_context.rb +100 -47
data/components/checks/active/xss_tag.rb +41 -15
data/components/checks/active/xxe.rb +1 -1
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +1 -1
data/components/checks/passive/backup_directories.rb +15 -3
data/components/checks/passive/backup_files.rb +39 -6
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +1 -0
data/components/checks/passive/common_admin_interfaces.rb +1 -1
data/components/checks/passive/common_directories/directories.txt +1 -0
data/components/checks/passive/common_directories.rb +1 -1
data/components/checks/passive/common_files.rb +1 -1
data/components/checks/passive/directory_listing.rb +1 -1
data/components/checks/passive/grep/captcha.rb +8 -9
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +1 -1
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +1 -1
data/components/checks/passive/grep/form_upload.rb +3 -5
data/components/checks/passive/grep/hsts.rb +1 -1
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cookies.rb +5 -5
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +4 -4
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +1 -1
data/components/checks/passive/grep/unencrypted_password_forms.rb +3 -3
data/components/checks/passive/grep/x_frame_options.rb +4 -4
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +10 -12
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +3 -5
data/components/path_extractors/areas.rb +3 -4
data/components/path_extractors/comments.rb +4 -5
data/components/path_extractors/data_url.rb +4 -5
data/components/path_extractors/forms.rb +3 -4
data/components/path_extractors/frames.rb +3 -5
data/components/path_extractors/generic.rb +3 -1
data/components/path_extractors/links.rb +3 -4
data/components/path_extractors/meta_refresh.rb +11 -17
data/components/path_extractors/scripts.rb +18 -15
data/components/plugins/autologin.rb +3 -2
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/debug/browser_cluster_job_monitor.rb +60 -0
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +3 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +26 -9
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +3 -4
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +4 -5
data/components/plugins/login_script.rb +2 -2
data/components/plugins/metrics.rb +44 -18
data/components/plugins/page_dump.rb +60 -0
data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
data/components/plugins/proxy/template_scope.rb +6 -1
data/components/plugins/proxy.rb +44 -31
data/components/plugins/rate_limiter.rb +80 -0
data/components/plugins/restrict_to_dom_state.rb +1 -1
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +1 -1
data/components/plugins/waf_detector.rb +3 -3
data/components/plugins/webhook_notify.rb +99 -0
data/components/reporters/ap.rb +1 -1
data/components/reporters/html/default/configuration.erb +2 -0
data/components/reporters/html/default.erb +3 -2
data/components/reporters/html.rb +5 -8
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +46 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +11 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +10 -7
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +6 -3
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +5 -2
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +8 -5
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +3 -2
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml/schema.xsd +29 -13
data/components/reporters/xml.rb +40 -23
data/components/reporters/yaml.rb +1 -1
data/config/write_paths.yml +4 -0
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser/element_locator.rb +9 -5
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +329 -72
data/lib/arachni/browser/javascript/scripts/polyfills.js +0 -28
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +81 -25
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript.rb +111 -198
data/lib/arachni/browser.rb +309 -382
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/job.rb +9 -2
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +8 -2
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +13 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +97 -87
data/lib/arachni/browser_cluster.rb +79 -62
data/lib/arachni/check/auditor.rb +161 -155
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/check.rb +1 -1
data/lib/arachni/component/base.rb +3 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/output.rb +8 -2
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +2 -2
data/lib/arachni/data/framework.rb +3 -2
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +142 -175
data/lib/arachni/element/capabilities/analyzable/signature.rb +40 -18
data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/auditable/buffered.rb +92 -0
data/lib/arachni/element/capabilities/auditable/line_buffered.rb +103 -0
data/lib/arachni/element/capabilities/auditable.rb +2 -8
data/lib/arachni/element/capabilities/dom_only.rb +1 -1
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/mutable.rb +1 -1
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +4 -3
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +3 -3
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +2 -2
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/cookie.rb +49 -24
data/lib/arachni/element/dom/capabilities/auditable.rb +44 -3
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
data/lib/arachni/element/dom/capabilities/mutable.rb +7 -3
data/lib/arachni/element/dom/capabilities/submittable.rb +51 -22
data/lib/arachni/element/dom.rb +1 -1
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +16 -11
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/form/dom.rb +1 -1
data/lib/arachni/element/form.rb +21 -32
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
data/lib/arachni/element/header.rb +3 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/json.rb +4 -8
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/dom.rb +1 -1
data/lib/arachni/element/link.rb +11 -30
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -2
data/lib/arachni/element/link_template.rb +10 -19
data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
data/lib/arachni/element/nested_cookie.rb +370 -0
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +11 -11
data/lib/arachni/element/ui_form/dom.rb +1 -1
data/lib/arachni/element/ui_form.rb +5 -6
data/lib/arachni/element/ui_input/dom.rb +1 -1
data/lib/arachni/element/ui_input.rb +4 -6
data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
data/lib/arachni/element/xml.rb +3 -7
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework/parts/audit.rb +6 -1
data/lib/arachni/framework/parts/browser.rb +14 -14
data/lib/arachni/framework/parts/check.rb +1 -1
data/lib/arachni/framework/parts/data.rb +1 -1
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +1 -1
data/lib/arachni/framework/parts/report.rb +3 -3
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +1 -1
data/lib/arachni/framework.rb +1 -1
data/lib/arachni/http/client/dynamic_404_handler.rb +74 -16
data/lib/arachni/http/client.rb +38 -11
data/lib/arachni/http/cookie_jar.rb +13 -8
data/lib/arachni/http/headers.rb +11 -5
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/message.rb +10 -9
data/lib/arachni/http/proxy_server/connection.rb +110 -82
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +8 -6
data/lib/arachni/http/proxy_server/tunnel.rb +4 -4
data/lib/arachni/http/proxy_server.rb +44 -11
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/request.rb +239 -41
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/http/response.rb +73 -10
data/lib/arachni/http.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue.rb +42 -14
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups/audit.rb +11 -2
data/lib/arachni/option_groups/browser_cluster.rb +32 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +39 -10
data/lib/arachni/option_groups/input.rb +1 -1
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +12 -1
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +58 -4
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/options.rb +23 -4
data/lib/arachni/page/dom/transition.rb +5 -2
data/lib/arachni/page/dom.rb +46 -54
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/page.rb +10 -8
data/lib/arachni/parser/document.rb +34 -0
data/lib/arachni/parser/extractors/base.rb +48 -0
data/lib/arachni/parser/nodes/base.rb +22 -0
data/lib/arachni/parser/nodes/comment.rb +32 -0
data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +31 -0
data/lib/arachni/parser/nodes/element/with_attributes.rb +35 -0
data/lib/arachni/parser/nodes/element.rb +48 -0
data/lib/arachni/parser/nodes/text.rb +32 -0
data/lib/arachni/parser/nodes/with_value.rb +29 -0
data/lib/arachni/parser/sax.rb +76 -0
data/lib/arachni/parser/with_children/search.rb +92 -0
data/lib/arachni/parser/with_children.rb +35 -0
data/lib/arachni/parser.rb +181 -78
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/plugin/base.rb +2 -2
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +8 -5
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/executables/base.rb +2 -1
data/lib/arachni/processes/executables/browser.rb +0 -2
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +18 -9
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/report.rb +8 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +1 -1
data/lib/arachni/reporter/manager.rb +1 -1
data/lib/arachni/reporter/options.rb +1 -10
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/rest/server/instance_helpers.rb +10 -1
data/lib/arachni/rest/server.rb +13 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +1 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +9 -5
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/selenium/webdriver/element.rb +4 -4
data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +59 -0
data/lib/arachni/session.rb +32 -13
data/lib/arachni/snapshot.rb +2 -2
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/http.rb +2 -2
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/state.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/database/base.rb +16 -10
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/glob.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/profiler.rb +52 -13
data/lib/arachni/support/signature.rb +18 -6
data/lib/arachni/support.rb +1 -1
data/lib/arachni/trainer.rb +55 -39
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri/scope.rb +15 -13
data/lib/arachni/uri.rb +129 -103
data/lib/arachni/utilities.rb +10 -10
data/lib/arachni/version.rb +1 -1
data/lib/arachni.rb +1 -7
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -18
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +264 -109
data/spec/arachni/browser/javascript/polyfills_spec.rb +0 -15
data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +43 -118
data/spec/arachni/browser/javascript_spec.rb +95 -60
data/spec/arachni/browser_cluster/job_spec.rb +23 -8
data/spec/arachni/browser_cluster/jobs/dom_exploration_spec.rb +6 -1
data/spec/arachni/browser_cluster/worker_spec.rb +29 -87
data/spec/arachni/browser_cluster_spec.rb +124 -43
data/spec/arachni/browser_spec.rb +463 -421
data/spec/arachni/check/auditor_spec.rb +162 -198
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +46 -3
data/spec/arachni/element/cookie/dom_spec.rb +1 -1
data/spec/arachni/element/cookie_spec.rb +159 -64
data/spec/arachni/element/form/dom_spec.rb +1 -1
data/spec/arachni/element/form_spec.rb +101 -54
data/spec/arachni/element/header_spec.rb +3 -1
data/spec/arachni/element/json_spec.rb +2 -0
data/spec/arachni/element/link/dom_spec.rb +2 -2
data/spec/arachni/element/link_spec.rb +46 -15
data/spec/arachni/element/link_template/dom_spec.rb +1 -1
data/spec/arachni/element/link_template_spec.rb +36 -12
data/spec/arachni/element/nested_cookie_spec.rb +687 -0
data/spec/arachni/element/server_spec.rb +22 -5
data/spec/arachni/element/ui_form/dom_spec.rb +1 -1
data/spec/arachni/element/ui_form_spec.rb +2 -2
data/spec/arachni/element/ui_input/dom_spec.rb +1 -1
data/spec/arachni/element/ui_input_spec.rb +1 -1
data/spec/arachni/element/xml_spec.rb +5 -3
data/spec/arachni/framework/parts/audit_spec.rb +2 -14
data/spec/arachni/framework/parts/data_spec.rb +0 -6
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +126 -0
data/spec/arachni/http/client_spec.rb +96 -36
data/spec/arachni/http/cookie_jar_spec.rb +2 -2
data/spec/arachni/http/headers_spec.rb +59 -12
data/spec/arachni/http/proxy_server_spec.rb +58 -25
data/spec/arachni/http/request_spec.rb +382 -35
data/spec/arachni/http/response_spec.rb +135 -7
data/spec/arachni/issue_spec.rb +21 -2
data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
data/spec/arachni/option_groups/http_spec.rb +21 -6
data/spec/arachni/option_groups/paths_spec.rb +23 -1
data/spec/arachni/option_groups/scope_spec.rb +27 -7
data/spec/arachni/options_spec.rb +8 -1
data/spec/arachni/page/dom_spec.rb +20 -6
data/spec/arachni/page_spec.rb +8 -7
data/spec/arachni/parser/document_spec.rb +49 -0
data/spec/arachni/parser/nodes/comment_spec.rb +24 -0
data/spec/arachni/parser/nodes/element/with_attributes/attributes_spec.rb +40 -0
data/spec/arachni/parser/nodes/element/with_attributes_spec.rb +50 -0
data/spec/arachni/parser/nodes/element_spec.rb +18 -0
data/spec/arachni/parser/nodes/text_spec.rb +24 -0
data/spec/arachni/parser/sax_spec.rb +88 -0
data/spec/arachni/parser/with_children/search_spec.rb +146 -0
data/spec/arachni/parser/with_children_spec.rb +37 -0
data/spec/arachni/parser_spec.rb +211 -27
data/spec/arachni/platform/list_spec.rb +1 -2
data/spec/arachni/report_spec.rb +9 -2
data/spec/arachni/reporter/options_spec.rb +0 -14
data/spec/arachni/rest/server_spec.rb +91 -8
data/spec/arachni/rpc/server/active_options_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +6 -6
data/spec/arachni/ruby/string_spec.rb +6 -0
data/spec/arachni/session_spec.rb +69 -8
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +58 -0
data/spec/arachni/trainer_spec.rb +102 -21
data/spec/arachni/uri_spec.rb +11 -8
data/spec/arachni/utilities_spec.rb +3 -3
data/spec/components/checks/active/code_injection_spec.rb +12 -7
data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/csrf_spec.rb +1 -21
data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/path_traversal_spec.rb +18 -15
data/spec/components/checks/active/response_splitting_spec.rb +5 -4
data/spec/components/checks/active/rfi_spec.rb +9 -8
data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +61 -35
data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
data/spec/components/checks/active/xss_dom_script_context_spec.rb +6 -10
data/spec/components/checks/active/xss_dom_spec.rb +2 -2
data/spec/components/checks/active/xss_event_spec.rb +11 -3
data/spec/components/checks/active/xss_script_context_spec.rb +8 -7
data/spec/components/checks/active/xss_spec.rb +7 -6
data/spec/components/checks/active/xss_tag_spec.rb +11 -3
data/spec/components/checks/passive/backup_directories_spec.rb +3 -1
data/spec/components/checks/passive/backup_files_spec.rb +4 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +2 -2
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
data/spec/components/path_extractors/comments_spec.rb +3 -1
data/spec/components/path_extractors/data_url_spec.rb +6 -2
data/spec/components/path_extractors/links_spec.rb +1 -1
data/spec/components/plugins/autologin_spec.rb +2 -2
data/spec/components/plugins/webhook_notify_spec.rb +69 -0
data/spec/spec_helper.rb +2 -1
data/spec/support/factories/http/response.rb +1 -1
data/spec/support/factories/issue.rb +1 -2
data/spec/support/factories/page/dom.rb +6 -0
data/spec/support/factories/scan_report.rb +1 -0
data/spec/support/factories/vector.rb +7 -3
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +4 -4
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/cookies.txt +2 -2
data/spec/support/fixtures/executables/node.rb +2 -3
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/nested_cookies.txt +11 -0
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +0 -3
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +4 -2
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +48 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +15 -3
data/spec/support/servers/arachni/browser.rb +275 -4
data/spec/support/servers/arachni/check/auditor.rb +9 -0
data/spec/support/servers/arachni/element/cookie.rb +34 -0
data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
data/spec/support/servers/arachni/element/form.rb +36 -2
data/spec/support/servers/arachni/element/header.rb +36 -1
data/spec/support/servers/arachni/element/json.rb +33 -0
data/spec/support/servers/arachni/element/link.rb +33 -1
data/spec/support/servers/arachni/element/link_template.rb +37 -5
data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
data/spec/support/servers/arachni/element/xml.rb +33 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +36 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_1.rb +18 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_2.rb +11 -0
data/spec/support/servers/arachni/http/client.rb +43 -4
data/spec/support/servers/arachni/http/proxy_server.rb +12 -0
data/spec/support/servers/arachni/parser.rb +6 -0
data/spec/support/servers/arachni/session.rb +24 -1
data/spec/support/servers/checks/active/code_injection.rb +18 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
data/spec/support/servers/checks/active/csrf.rb +0 -76
data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
data/spec/support/servers/checks/active/path_traversal.rb +30 -3
data/spec/support/servers/checks/active/response_splitting.rb +30 -1
data/spec/support/servers/checks/active/rfi.rb +30 -2
data/spec/support/servers/checks/active/session_fixation.rb +1 -3
data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
data/spec/support/servers/checks/active/sql_injection/java +2 -0
data/spec/support/servers/checks/active/sql_injection.rb +27 -0
data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
data/spec/support/servers/checks/active/unvalidated_redirect.rb +121 -1
data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
data/spec/support/servers/checks/active/xss.rb +40 -0
data/spec/support/servers/checks/active/xss_event.rb +23 -2
data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
data/spec/support/servers/checks/active/xss_tag.rb +40 -0
data/spec/support/servers/checks/passive/backup_files.rb +20 -1
data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -5
data/spec/support/servers/checks/passive/grep/insecure_cookies_https.rb +9 -0
data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
data/spec/support/servers/plugins/autologin.rb +17 -1
data/spec/support/servers/plugins/webhook_notify.rb +9 -0
data/spec/support/shared/check.rb +1 -0
data/spec/support/shared/element/capabilities/auditable/buffered.rb +791 -0
data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +797 -0
data/spec/support/shared/element/capabilities/auditable.rb +28 -34
data/spec/support/shared/element/capabilities/inputtable.rb +26 -0
data/spec/support/shared/element/capabilities/with_node.rb +2 -2
data/spec/support/shared/element/dom/submittable.rb +10 -10
data/spec/support/shared/path_extractor.rb +17 -5
data/ui/cli/framework/option_parser.rb +78 -13
data/ui/cli/framework.rb +29 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +10 -3
data/ui/cli/reporter/option_parser.rb +1 -1
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reproduce/option_parser.rb +90 -0
data/ui/cli/reproduce.rb +228 -0
data/ui/cli/rest/server/option_parser.rb +1 -1
data/ui/cli/rest/server.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +9 -11
data/ui/cli/rpc/client/instance.rb +7 -4
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +178 -79
data/ACKNOWLEDGMENTS.md +0 -21
data/AUTHORS.md +0 -3
data/CONTRIBUTORS.md +0 -22

data/lib/arachni/browser.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -7,15 +7,16 @@
 =end
 require 'childprocess'
-require 'watir-webdriver'
+require 'watir'
 require_relative 'selenium/webdriver/element'
+require_relative 'selenium/webdriver/remote/typhoeus'
 require_relative 'processes/manager'
 require_relative 'browser/element_locator'
 require_relative 'browser/javascript'
 module Arachni
-# @note Depends on PhantomJS 1.9.2.
+# @note Depends on PhantomJS 2.1.1.
 #
 # Real browser driver providing DOM/JS/AJAX support.
 #
@@ -57,18 +58,20 @@ class Browser
         # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
         class Load < Error
         end
+        # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+        class MissingExecutable < Error
+        end
     end
     # How much time to wait for the PhantomJS process to spawn before respawning.
-    PHANTOMJS_SPAWN_TIMEOUT = 4
+    BROWSER_SPAWN_TIMEOUT = 60
     # How much time to wait for a targeted HTML element to appear on the page
     # after the page is loaded.
     ELEMENT_APPEARANCE_TIMEOUT = 5
-    # Let the browser take as long as it needs to complete an operation.
-    WATIR_COM_TIMEOUT = 3600 # 1 hour.
     ASSET_EXTENSIONS = Set.new(%w( css js jpg jpeg png gif json ))
     INPUT_EVENTS          = Set.new([
@@ -79,10 +82,8 @@ class Browser
     ])
     ASSET_EXTRACTORS = [
-        /<\s*link.*?href=['"](.*?)['"].*?>/im,
-        /<\s*script.*?src=['"](.*?)['"].*?>/im,
-        /<\s*img.*?src=['"](.*?)['"].*?>/im,
-        /<\s*input.*?src=['"](.*?)['"].*?>/im,
+        /<\s*link.*?href=\s*['"]?(.*?)?['"]?[\s>]/im,
+        /src\s*=\s*['"]?(.*?)?['"]?[\s>]/i,
     ]
     # @return   [Array<Page::DOM::Transition>]
@@ -92,6 +93,8 @@ class Browser
     #   Preloaded resources, by URL.
     attr_reader :preloads
+    attr_reader :proxy
     # @return   [Watir::Browser]
     #   Watir driver interface.
     attr_reader :watir
@@ -121,14 +124,6 @@ class Browser
     # @see #skip_state?
     attr_reader :skip_states
-    # @return   [Integer]
-    #   PID of the lifeline process managing the browser process.
-    attr_reader :lifeline_pid
-    # @return   [Integer]
-    #   PID of the browser process.
-    attr_reader :browser_pid
     attr_reader :last_url
     class <<self
@@ -136,13 +131,26 @@ class Browser
         # @return   [Bool]
         #   `true` if a supported browser is in the OS PATH, `false` otherwise.
         def has_executable?
-            !!executable
+            executable
+            true
+        rescue Error::MissingExecutable
+            false
         end
         # @return   [String]
         #   Path to the PhantomJS executable.
         def executable
-            Selenium::WebDriver::PhantomJS.path
+            @path ||= begin
+                path = Selenium::WebDriver::Platform.find_binary('chromedriver')
+                raise Error::MissingExecutable, 'chromedriver could not be found in PATH.' unless path
+                Selenium::WebDriver::Platform.assert_executable path
+                path
+            end
+        end
+        # @ private
+        def reset
+            @path = nil
         end
         def asset_domains
@@ -179,25 +187,9 @@ class Browser
         @width  = options[:width]  || 1600
         @height = options[:height] || 1200
-        @proxy = HTTP::ProxyServer.new(
-            concurrency:      @options[:concurrency],
-            address:          '127.0.0.1',
-            request_handler:  proc do |request, response|
-                exception_jail { request_handler( request, response ) }
-            end,
-            response_handler: proc do |request, response|
-                exception_jail { response_handler( request, response ) }
-            end
-        )
         @options[:store_pages] = true if !@options.include?( :store_pages )
-        @proxy.start_async
-        @watir = ::Watir::Browser.new( selenium )
-        # User-controlled response cache, by URL.
-        @cache = Support::Cache::LeastRecentlyUsed.new( 200 )
+        start_webdriver
         # User-controlled preloaded responses, by URL.
         @preloads = {}
@@ -216,7 +208,6 @@ class Browser
         # Captures HTTP::Response objects per URL for open windows.
         @window_responses = {}
-        @elements_with_events = {}
         # Keeps track of resources which should be skipped -- like already fired
         # events and clicked links etc.
@@ -234,9 +225,7 @@ class Browser
     def clear_buffers
         synchronize do
-            @elements_with_events.clear
             @preloads.clear
-            @cache.clear
             @captured_pages.clear
             @page_snapshots.clear
             @page_snapshots_with_sinks.clear
@@ -262,9 +251,11 @@ class Browser
         case resource
             when String
+                @transitions = []
                 goto resource, options
             when HTTP::Response
+                @transitions = []
                 goto preload( resource ), options
             when Page
@@ -288,8 +279,7 @@ class Browser
         self
     end
-    # @note The preloaded resource will be removed once used, for a persistent
-    #   cache use {#cache}.
+    # @note The preloaded resource will be removed once used.
     #
     # @param    [HTTP::Response, Page]  resource
     #   Preloads a resource to be instantly available by URL via {#load}.
@@ -303,7 +293,7 @@ class Browser
                         else
                             fail Error::Load,
-                                 "Can't load resource of type #{resource.class}."
+                                 "Can't preload resource of type #{resource.class}."
                     end
         save_response( response ) if !response.url.include?( request_token )
@@ -312,28 +302,6 @@ class Browser
         response.url
     end
-    # @param    [HTTP::Response, Page]  resource
-    #   Cache a resource in order to be instantly available by URL via {#load}.
-    def cache( resource = nil )
-        return @cache if !resource
-        response =  case resource
-                        when HTTP::Response
-                            resource
-                        when Page
-                            resource.response
-                        else
-                            fail Error::Load,
-                                 "Can't load resource of type #{resource.class}."
-                    end
-        save_response response
-        @cache[response.url] = response
-        response.url
-    end
     # @param    [String]  url
     #   Loads the given URL in the browser.
     # @param    [Hash]  options
@@ -382,8 +350,8 @@ class Browser
                     ).until { @selenium.find_element( :css, css ) }
                     print_info "#{css.inspect} appeared for: #{url}"
-                rescue Selenium::WebDriver::Error::TimeOutError
-                    print_bad "#{css.inspect} did not appeared for: #{url}"
+                rescue Selenium::WebDriver::Error::TimeoutError
+                    print_bad "#{css.inspect} did not appear for: #{url}"
                 end
             end
@@ -406,25 +374,13 @@ class Browser
     end
     def wait_till_ready
-        print_debug_level_2 'Waiting for custom JS...'
         @javascript.wait_till_ready
-        print_debug_level_2 '...done.'
-        wait_for_timers
-        wait_for_pending_requests
-    end
-    def shutdown
-        begin
-            watir.close if alive?
-        # Bucnh of dirrent errors can be raised here, Selenium, HTTP client,
-        # don't try to catch them by type because we'll probably miss some.
-        rescue
+        if Options.browser_cluster.wait_for_timers?
+            wait_for_timers
         end
-        kill_process
-        @proxy.shutdown rescue Reactor::Error::NotRunning
+        wait_for_pending_requests
     end
     # @return   [String]
@@ -436,7 +392,7 @@ class Browser
     # @return   [String]
     #   Current URL, as provided by the browser.
     def dom_url
-        javascript.run( 'return document.URL;' )
+        @selenium.current_url
     end
     # Explores the browser's DOM tree and captures page snapshots for each
@@ -471,10 +427,10 @@ class Browser
     # @yield    [ElementLocator,Array<Symbol>]
     #   Element locator along with the element's applicable events along with
     #   their handlers and attributes.
-    def each_element_with_events
+    def each_element_with_events( whitelist = [])
         current_url = self.url
-        javascript.dom_elements_with_events.each do |element|
+        javascript.each_dom_element_with_events whitelist do |element|
             tag_name   = element['tag_name']
             attributes = element['attributes']
             events     = element['events']
@@ -517,99 +473,6 @@ class Browser
         self
     end
-    # @note The results will be cached, if direct access in necessary
-    #   use {#each_element_with_events}.
-    #
-    # @return    [Hash<ElementLocator,Array<Symbol>>]
-    #   Element locator along with the element's applicable events along with
-    #   their handlers and attributes.
-    def elements_with_events( clear_cache = false )
-        current_url = self.url
-        @elements_with_events.clear if clear_cache
-        if @elements_with_events.include?( current_url )
-            return @elements_with_events[current_url]
-        end
-        @elements_with_events.clear
-        @elements_with_events[current_url] ||= {}
-        each_element_with_events do |locator, events|
-            @elements_with_events[current_url][locator] = events
-        end
-        @elements_with_events[current_url]
-    end
-    # @return   [String]
-    #   Snapshot ID used to determine whether or not a page snapshot has already
-    #   been seen.
-    #
-    #   Uses both elements and their DOM events and possible audit workload to
-    #   determine the ID, as page snapshots should be retained both when further
-    #   browser analysis can be performed and when new element audit workload
-    #   (but possibly without any DOM relevance) is available.
-    def snapshot_id
-        current_url = self.url
-        id = Set.new
-        javascript.dom_elements_with_events.each do |element|
-            tag_name   = element['tag_name']
-            attributes = element['attributes']
-            events     = element['events']
-            element_id = attributes['id'].to_s
-            case tag_name
-                when 'a'
-                    href        = attributes['href'].to_s
-                    element_id << href
-                    if !href.empty?
-                        if href.downcase.start_with?( 'javascript:' )
-                            (events[:click] ||= []) << href
-                        else
-                            absolute = to_absolute( href, current_url )
-                            next if skip_path?( absolute )
-                            (events[:click] ||= []) << href
-                        end
-                    else
-                        (events[:click] ||= []) << current_url
-                    end
-                when 'input', 'textarea', 'select'
-                    (events[:input] ||= []) << tag_name.to_sym
-                    element_id << attributes['name'].to_s
-                when 'form'
-                    action      = attributes['action'].to_s
-                    element_id << "#{action}#{attributes['name']}"
-                    if !action.empty?
-                        if action.downcase.start_with?( 'javascript:' )
-                            (events[:submit] ||= []) << action
-                        else
-                            absolute = to_absolute( action, current_url )
-                            if !skip_path?( absolute )
-                                (events[:submit] ||= []) << absolute
-                            end
-                        end
-                    else
-                        (events[:submit] ||= []) << current_url
-                    end
-            end
-            next if events.empty?
-            id << "#{tag_name}:#{element_id}:#{events.keys.sort}".persistent_hash
-        end
-        id << [:cookies, cookies.map(&:name).sort].to_s.persistent_hash
-        id.to_a.sort.map(&:to_s).join(':')
-    end
     # Triggers all events on all elements (**once**) and captures
     # {#page_snapshots page snapshots}.
     #
@@ -617,14 +480,25 @@ class Browser
     #   `self`
     def trigger_events
         dom = self.state
+        return self if !dom
-        elements_with_events( true ).each do |locator, events|
-            state = "#{locator.tag_name}:#{locator.attributes}:#{events.keys.sort}"
+        url = normalize_url( dom.url )
+        count = 1
+        each_element_with_events do |locator, events|
+            state = "#{url}:#{locator.tag_name}:#{locator.attributes}:#{events.keys.sort}"
             next if skip_state?( state )
             skip_state state
             events.each do |name, _|
+                if Options.scope.dom_event_limit_reached?( count )
+                    print_debug "DOM event limit reached for: #{dom.url}"
+                    next
+                end
                 distribute_event( dom, locator, name.to_sym )
+                count += 1
             end
         end
@@ -654,13 +528,10 @@ class Browser
     # @param    [Symbol]  event
     #   Event to trigger.
     def trigger_event( resource, element, event, restore = true )
-        event = event.to_sym
         transition = fire_event( element, event )
         if !transition
-            print_info "Could not trigger '#{event}' on '#{element}' because" <<
-                ' the page has changed, capturing a new snapshot.'
-            capture_snapshot
+            print_info "Could not trigger '#{event}' on: #{element}"
             if restore
                 print_info 'Restoring page.'
@@ -723,21 +594,36 @@ class Browser
         notify_on_fire_event( element, event )
-        pre_timeouts = javascript.timeouts
+        if Options.browser_cluster.wait_for_timers?
+            pre_timeouts = javascript.timeouts
+        end
         begin
             transition = Page::DOM::Transition.new( locator, event, options ) do
                 force = true
-                # It's better to use the Watir helpers whenever possible instead
-                # of firing events manually.
+                # It's better to use the helpers whenever possible instead of
+                # firing events manually.
                 if tag_name == :form
                     fill_in_form_inputs( element, options[:inputs] )
+                    if event == :fill
+                        force = false
+                    end
                     if event == :submit
                         force = false
-                        element.submit
+                        begin
+                            element.find_elements( :css,
+                                "input[type='submit'], button[type='submit']"
+                            ).first.click
+                        rescue => e
+                            print_debug "No submit button, will trigger 'submit' event."
+                            print_debug_exception e
+                            element.submit
+                        end
                     end
                 elsif event == :click
@@ -767,24 +653,31 @@ class Browser
                 wait_for_pending_requests
                 print_debug_level_2 "[done waiting for requests]: #{event} (#{options}) #{locator}"
+                # Maybe we switched to a different page, wait until the custom
+                # JS env has been put in place.
+                javascript.wait_till_ready
+                javascript.set_element_ids
                 update_cookies
             end
             print_debug_level_2 "[done in #{transition.time}s]: #{event} (#{options}) #{locator}"
-            delay = (javascript.timeouts - pre_timeouts).compact.map { |t| t[1].to_i }.max
-            if delay
-                print_debug_level_2 "Found new timers with max #{delay}ms."
-                delay = [Options.http.request_timeout, delay].min / 1000.0
+            if Options.browser_cluster.wait_for_timers?
+                delay = (javascript.timeouts - pre_timeouts).compact.map { |t| t[1].to_i }.max
+                if delay
+                    print_debug_level_2 "Found new timers with max #{delay}ms."
+                    delay = [Options.http.request_timeout, delay].min / 1000.0
-                print_debug_level_2 "Will wait for #{delay}s."
-                sleep delay
+                    print_debug_level_2 "Will wait for #{delay}s."
+                    sleep delay
+                end
             end
             transition
         rescue Selenium::WebDriver::Error::WebDriverError => e
-            print_debug "Error when triggering event for: #{url}"
+            print_debug "Error when triggering event for: #{dom_url}"
             print_debug "-- '#{event}' on: #{opening_tag} -- #{locator.css}"
             print_debug
             print_debug_exception e
@@ -800,14 +693,19 @@ class Browser
     #
     # @param    [Browser::ElementLocator]   locator
     # @param    [Symbol,String]   event
-    # @param    [Bool]   ret
-    #   Return JS result?
     # @param    [Numeric]   wait
     #   Amount of time to wait (in seconds) after triggering the event.
-    def fire_event_js( locator, event, ret: false, wait: 0.1 )
+    def fire_event_js( locator, event, wait: 0.1 )
         r = javascript.run <<-EOJS
             var element = document.querySelector( #{locator.css.inspect} );
-            var event   = document.createEvent( "Events" );
+            // Could not be found.
+            if( !element ) return false;
+            // Invisible.
+            if( element.offsetWidth <= 0 && element.offsetHeight <= 0 ) return false;
+            var event = document.createEvent( "Events" );
             event.initEvent( "#{event}", true, true );
@@ -819,10 +717,13 @@ class Browser
             event.keyCode  = 0;
             event.charCode = 'a';
-            #{'return' if ret} element.dispatchEvent( event );
+            element.dispatchEvent( event );
+            return true;
         EOJS
-        sleep wait
+        sleep( wait ) if r
         r
     end
@@ -918,6 +819,7 @@ class Browser
         page                          = r.to_page
         page.body                     = source
         page.dom.url                  = d_url
+        page.dom.cookies              = self.cookies
         page.dom.digest               = @javascript.dom_digest
         page.dom.execution_flow_sinks = @javascript.execution_flow_sinks
         page.dom.data_flow_sinks      = data_flow_sinks[@javascript.taint] || []
@@ -956,8 +858,22 @@ class Browser
             if Options.audit.cookie_doms?
                 page.cookies.each do |cookie|
-                    next if data_flow_sinks.include?( cookie.name ) ||
-                        data_flow_sinks.include?( cookie.value )
+                    if (sinks = data_flow_sinks[cookie.name] ||
+                        data_flow_sinks[cookie.value])
+                        # Don't be satisfied with just a taint match, make sure
+                        # the full value is identical.
+                        #
+                        # For example, if a cookie has '1' as a name or value
+                        # that's too generic and can match irrelevant data.
+                        #
+                        # The current approach isn't perfect of course, but it's
+                        # the best we can do.
+                        next if sinks.find do |sink|
+                            sink.tainted_value == cookie.name ||
+                                sink.tainted_value == cookie.value
+                        end
+                    end
                     cookie.skip_dom = true
                 end
@@ -987,7 +903,7 @@ class Browser
                 # bother trying anything else.
                 next if !response
-                unique_id = self.snapshot_id
+                unique_id = javascript.dom_event_digest
                 already_seen = skip_state?( unique_id )
                 skip_state unique_id
@@ -1009,6 +925,13 @@ class Browser
                 next if already_seen
+                # Safegued against pages which generate an inf number of DOM
+                # states regardless of UI interactions.
+                transition_id ="#{page.dom.url}:#{page.dom.playable_transitions.map(&:hash)}"
+                transition_id_seen = skip_state?( transition_id )
+                skip_state transition_id
+                next if transition_id_seen
                 notify_on_new_page( page )
                 if store_pages?
@@ -1103,7 +1026,6 @@ class Browser
     end
     def load_delay
-        #(intervals + timeouts).map { |t| t[1] }.max
         @javascript.timeouts.compact.map { |t| t[1].to_i }.max
     end
@@ -1111,9 +1033,10 @@ class Browser
         delay = load_delay
         return if !delay
-        print_debug_level_2 'Waiting for timers...'
+        effective_delay = [Options.http.request_timeout, delay].min / 1000.0
+        print_debug_level_2 "Waiting for max timer #{effective_delay}s (original was #{delay}ms)..."
-        sleep [Options.http.request_timeout, delay].min / 1000.0
+        sleep effective_delay
         print_debug_level_2 '...done.'
     end
@@ -1125,7 +1048,7 @@ class Browser
     def response
         u = dom_url
-        if dom_url == 'about:blank'
+        if u == 'about:blank'
             print_debug 'Blank page.'
             return
         end
@@ -1142,7 +1065,17 @@ class Browser
         if r
             print_debug "Origin server timed-out when requesting: #{u}"
         else
-            print_debug "Response never arrived: #{u}"
+            print_debug "Response never arrived for: #{u}"
+            print_debug 'Available responses are:'
+            @window_responses.each do |k, _|
+                print_debug "-- #{k}"
+            end
+            print_debug 'Tried:'
+            print_debug "-- #{u}"
+            print_debug "-- #{normalize_url( u )}"
+            print_debug "-- #{normalize_watir_url( u )}"
         end
         nil
@@ -1153,28 +1086,82 @@ class Browser
     def selenium
         return @selenium if @selenium
-        client = Selenium::WebDriver::Remote::Http::Default.new
-        client.timeout = WATIR_COM_TIMEOUT
+        start_proxy
-        @selenium = Selenium::WebDriver.for(
-            :remote,
+        proxy_uri = URI( @proxy.url )
-            # We need to spawn our own PhantomJS process because Selenium's
-            # way sometimes gives us zombies.
-            url:                  spawn_browser,
-            desired_capabilities: capabilities,
-            http_client:          client
+        dir = "#{Options.paths.tmpdir}/Arachni_Chrome_#{self.object_id}/"
+        FileUtils.rm_rf dir
+        FileUtils.mkdir dir
+        at_exit do
+            FileUtils.rm_rf dir
+        end
+        @selenium = Selenium::WebDriver.for(
+            :chrome,
+            capabilities: Selenium::WebDriver::Chrome::Options.new(
+                emulation: {
+                    userAgent: Arachni::Options.http.user_agent
+                },
+                args: [
+                        '--allow-running-insecure-content',
+                        '--disable-web-security',
+                        '--reduce-security-for-testing',
+                        '--ignore-certificate-errors',
+                        '--disable-plugins',
+                        "--user-data-dir=#{dir}",
+                        "--proxy-server=#{proxy_uri.host}:#{proxy_uri.port}",
+                        "--buid=46464646",
+                        "--headless"
+                ]
+            ),
+            http_client: Selenium::WebDriver::Remote::Http::Typhoeus.new
         )
+    rescue Selenium::WebDriver::Error::WebDriverError => e
+        print_error "Please ensure that chromedriver and Chrome are the same" <<
+                      " version and in your PATH."
+        raise e
     end
-    def alive?
-        @lifeline_pid && Processes::Manager.alive?( @lifeline_pid )
+    def shutdown
+        print_debug 'Shutting down...'
+        if @selenium
+            @selenium.close
+            print_debug_level_2 'Quiting Selenium...'
+            # So freaking hacky but @selenium.quit freezes if we don't detach first.
+            @selenium.instance_eval do
+                bridge.quit
+                @service.instance_eval do
+                    Process.detach @process.pid
+                    @process.stop
+                end
+            end
+            @selenium.quit rescue Errno::ECONNREFUSED
+            # @selenium.quit rescue Selenium::WebDriver::Error::WebDriverError
+            print_debug_level_2 '...done.'
+        end
+        if @proxy
+            print_debug_level_2 'Shutting down proxy...'
+            @proxy.shutdown rescue Reactor::Error::NotRunning
+            print_debug_level_2 '...done.'
+        end
+        @proxy    = nil
+        @watir    = nil
+        @selenium = nil
+        print_debug '...shutdown complete.'
     end
     def inspect
         s = "#<#{self.class} "
-        s << "pid=#{@lifeline_pid} "
-        s << "browser_pid=#{@browser_pid} "
         s << "last-url=#{@last_url.inspect} "
         s << "transitions=#{@transitions.size}"
         s << '>'
@@ -1263,117 +1250,30 @@ class Browser
         Options.input.value_for_name( name )
     end
-    def spawn_browser
-        if !spawn_phantomjs
-            fail Error::Spawn, 'Could not start the browser process.'
-        end
-        @browser_url
-    end
-    def spawn_phantomjs
-        return @browser_url if @browser_url
-        print_debug 'Spawning PhantomJS...'
-        ChildProcess.posix_spawn = true
-        port   = nil
-        output = ''
-        10.times do |i|
-            # Clear output of previous attempt.
-            output = ''
-            done   = false
-            port   = Utilities.available_port
+    def start_proxy
+        print_debug 'Booting up...'
-            print_debug "Attempt ##{i}, chose port number #{port}"
-            begin
-                with_timeout 10 do
-                    print_debug "Spawning process: #{self.class.executable}"
-                    r, w  = IO.pipe
-                    ri, @kill_process = IO.pipe
-                    @lifeline_pid = Processes::Manager.spawn(
-                        :browser,
-                        executable: self.class.executable,
-                        without_arachni: true,
-                        fork: false,
-                        new_pgroup: true,
-                        stdin: ri,
-                        stdout: w,
-                        stderr: w,
-                        port: port,
-                        proxy_url: @proxy.url
-                    )
-                    w.close
-                    ri.close
-                    print_debug 'Process spawned, waiting for it to boot-up...'
-                    # Wait for PhantomJS to initialize.
-                     while !output.include?( 'running on port' )
-                         begin
-                             output << r.readpartial( 8192 )
-                         # EOF or something, take a breather before retrying.
-                         rescue
-                             sleep 0.05
-                         end
-                     end
-                    @browser_pid = output.scan( /^PID: (\d+)/ ).flatten.first.to_i
-                    print_debug 'Boot-up complete.'
-                    done = true
-                end
-            rescue Timeout::Error
-                print_debug 'Spawn timed-out.'
-            end
-            if !output.empty?
-                print_debug output
-            end
-            if done
-                print_debug 'PhantomJS is ready.'
-                break
+        print_debug_level_2 'Starting proxy...'
+        @proxy = HTTP::ProxyServer.new(
+            concurrency:      @options[:concurrency],
+            address:          '127.0.0.1',
+            request_handler:  proc do |request, response|
+                exception_jail { request_handler( request, response ) }
+            end,
+            response_handler: proc do |request, response|
+                exception_jail { response_handler( request, response ) }
             end
-            print_debug 'Killing process.'
-            kill_process
-        end
-        # Something went really bad, the browser couldn't be spawned even
-        # after our valiant efforts.
-        #
-        # Bail out for now and count on the BrowserCluster to retry to boot
-        # another process ass needed.
-        if !@lifeline_pid
-            log_error 'Could not spawn browser process.'
-            log_error output
-            return
-        end
-        @browser_url = "http://127.0.0.1:#{port}"
+        )
+        @proxy.start_async
+        print_debug_level_2 "... started proxy at: #{@proxy.url}"
     end
-    def kill_process
-        if @kill_process
-            begin
-                @kill_process.close
-            rescue
-            end
-        end
+    def start_webdriver
+        print_debug_level_2 'Starting WebDriver...'
+        @watir = ::Watir::Browser.new( selenium )
+        print_debug_level_2 "... started WebDriver."
-        @kill_process = nil
-        @watir        = nil
-        @selenium     = nil
-        @lifeline_pid = nil
-        @browser_pid  = nil
-        @browser_url  = nil
+        print_debug '...boot-up completed.'
     end
     def store_pages?
@@ -1397,12 +1297,33 @@ class Browser
     end
     def wait_for_pending_requests
-        print_debug_level_2 "Waiting for #{@proxy.pending_requests} requests to complete..."
+        sleep 0.2
+        t = Time.now
+        last_connections = []
+        while @proxy.has_pending_requests?
+            connections = @proxy.active_connections
+            if last_connections != connections
+                print_debug_level_2 "Waiting for #{@proxy.pending_requests} requests to complete:"
+                connections.each do |connection|
+                    if connection.request
+                        print_debug_level_2 " * #{connection.request.url}"
+                    else
+                        print_debug_level_2 ' * Still reading request data.'
+                    end
+                end
+            end
+            last_connections = connections
-        sleep 0.1
-        sleep 0.01 while @proxy.has_pending_requests?
+            sleep 0.1
-        print_debug_level_2 '...done.'
+            # If the browser sends incomplete data the connection will remain
+            # open indefinitely.
+            next if Time.now - t < Options.browser_cluster.job_timeout
+            connections.each(&:close)
+            break
+        end
     end
     def load_cookies( url, cookies = {} )
@@ -1437,16 +1358,17 @@ class Browser
         end
         return if set_cookies.empty? &&
-            Arachni::Options::browser_cluster.local_storage.empty?
+            Options.browser_cluster.local_storage.empty? &&
+            Options.browser_cluster.session_storage.empty?
         set_cookie = set_cookies.values.map(&:to_set_cookie)
         print_debug_level_2 "Setting cookies: #{set_cookie}"
         body = ''
-        if Arachni::Options::browser_cluster.local_storage.any?
-            body = <<EOJS
+        if Options.browser_cluster.local_storage.any?
+            body << <<EOJS
                 <script>
-                    var data = #{Arachni::Options::browser_cluster.local_storage.to_json};
+                    var data = #{Options.browser_cluster.local_storage.to_json};
                     for( prop in data ) {
                         localStorage.setItem( prop, data[prop] );
@@ -1455,6 +1377,18 @@ class Browser
 EOJS
         end
+        if Options.browser_cluster.session_storage.any?
+            body << <<EOJS
+                <script>
+                    var data = #{Options.browser_cluster.session_storage.to_json};
+                    for( prop in data ) {
+                        sessionStorage.setItem( prop, data[prop] );
+                    }
+                </script>
+EOJS
+        end
         @selenium.navigate.to preload( HTTP::Response.new(
             code:    200,
             url:     "#{url}/set-cookies-#{request_token}",
@@ -1490,33 +1424,6 @@ EOJS
         @selenium.manage.window.resize_to( @width, @height )
     end
-    # # Firefox driver, only used for debugging.
-    # def firefox
-    #     profile = Selenium::WebDriver::Firefox::Profile.new
-    #     profile.proxy = Selenium::WebDriver::Proxy.new http: @proxy.address,
-    #                                                    ssl: @proxy.address
-    #     [:firefox, profile: profile]
-    # end
-    #
-    # # Chrome driver, only used for debugging.
-    # def chrome
-    #     [ :chrome, switches: [ "--proxy-server=#{@proxy.address}" ] ]
-    # end
-    def capabilities
-        Selenium::WebDriver::Remote::Capabilities.phantomjs(
-            # Selenium tries to be helpful by including screenshots for errors
-            # in the JSON response. That's not gonna fly in this use case as
-            # parsing lots of massive JSON responses at the same time will
-            # have a significant impact on performance.
-            takes_screenshot: false,
-            'phantomjs.page.settings.userAgent'  => Options.http.user_agent,
-            'phantomjs.page.customHeaders.X-Arachni-Browser-Auth' => auth_token,
-            'phantomjs.page.settings.resourceTimeout' => Options.http.request_timeout,
-            'phantomjs.page.settings.loadImages' => !Options.browser_cluster.ignore_images
-        )
-    end
     def flush_request_transitions
         @request_transitions.dup
     ensure
@@ -1534,8 +1441,8 @@ EOJS
     def request_handler( request, response )
         request.performer = self
-        return if request.headers['X-Arachni-Browser-Auth'] != auth_token
-        request.headers.delete 'X-Arachni-Browser-Auth'
+        # return if request.headers['X-Arachni-Browser-Auth'] != auth_token
+        # request.headers.delete 'X-Arachni-Browser-Auth'
         print_debug_level_2 "Request: #{request.url}"
@@ -1544,19 +1451,19 @@ EOJS
         #
         # Still, it's a nice feature to have when requesting assets or anything
         # else.
-        if request.url == @last_url
+        if !@last_url || request.url == @last_url
             request.headers.delete 'If-None-Match'
             request.headers.delete 'If-Modified-Since'
         end
         if @javascript.serve( request, response )
-            print_debug_level_2 "Serving local JS."
+            print_debug_level_2 'Serving local JS.'
             return
         end
         if !request.url.include?( request_token )
             if ignore_request?( request )
-                print_debug_level_2 "Out of scope, ignoring."
+                print_debug_level_2 'Out of scope, ignoring.'
                 return
             end
@@ -1570,8 +1477,8 @@ EOJS
         end
         # Signal the proxy to not actually perform the request if we have a
-        # preloaded or cached response for it.
-        if from_preloads( request, response ) || from_cache( request, response )
+        # preloaded response for it.
+        if from_preloads( request, response )
             print_debug_level_2 'Resource has been preloaded.'
             # There may be taints or custom JS code that need to be updated.
@@ -1597,6 +1504,22 @@ EOJS
     def response_handler( request, response )
         return if request.url.include?( request_token )
+        # Prevent PhantomJS from caching the root page, we need to have an
+        # associated response.
+        #
+        # Also don't cache when we don't have a @last_url because this could
+        # be driven directly from Selenium/Watir via a plugin and caching it
+        # can ruin the scan.
+        if !@last_url || @last_url == response.url
+            response.headers.delete 'Cache-control'
+            response.headers.delete 'Etag'
+            response.headers.delete 'Date'
+            response.headers.delete 'Last-Modified'
+        end
+        # Allow our own scripts to run.
+        response.headers.delete 'Content-Security-Policy'
         print_debug_level_2 "Got response: #{response.url}"
         @request_transitions.each do |transition|
@@ -1700,6 +1623,10 @@ EOJS
     def whitelist_asset_domains( response )
         synchronize do
+            @whitelist_asset_domains ||= Support::LookUp::HashSet.new
+            return if @whitelist_asset_domains.include? response.body
+            @whitelist_asset_domains << response.body
             ASSET_EXTRACTORS.each do |regexp|
                 response.body.scan( regexp ).flatten.compact.each do |url|
                     next if !(domain = self.class.add_asset_domain( url ))
@@ -1748,6 +1675,16 @@ EOJS
                 )
             when :post
+                inputs = request.parsed_url.query_parameters
+                if inputs.any?
+                    elements[:forms] << Form.new(
+                        url:    @last_url,
+                        action: request.url,
+                        method: :get,
+                        inputs: inputs
+                    )
+                end
                 if !found_element && (inputs = request.body_parameters).any?
                     elements[:forms] << Form.new(
                         url:    @last_url,
@@ -1815,16 +1752,6 @@ EOJS
         end
     end
-    def from_cache( request, response )
-        synchronize do
-            return if !@cache.include?( request.url )
-            copy_response_data( @cache[request.url], response )
-            response.request = request
-            save_response response
-        end
-    end
     def copy_response_data( source, destination )
         [:code, :url, :body, :headers, :ip_address, :return_code,
          :return_message, :headers_string, :total_time, :time].each do |m|
@@ -1861,7 +1788,7 @@ EOJS
     end
     def normalize_watir_url( url )
-        normalize_url( ::URI.encode( url, ';' ) ).gsub( '%3B', '%253B' )
+        normalize_url( url.gsub( ';', '%3B' )  ).gsub( '%3B', '%253B' )
     end
 end