RubyGems - arachni - Versions diffs - 1.5.1 → 1.6.1.1 - Mend

arachni 1.5.1 → 1.6.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (648) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +56 -0
data/Gemfile +2 -4
data/LICENSE.md +1 -1
data/README.md +116 -110
data/Rakefile +1 -1
data/arachni.gemspec +26 -26
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_reproduce +1 -1
data/bin/arachni_rest_server +1 -1
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +1 -1
data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +7 -2
data/components/checks/active/file_inclusion.rb +1 -1
data/components/checks/active/ldap_injection.rb +1 -1
data/components/checks/active/no_sql_injection.rb +1 -1
data/components/checks/active/no_sql_injection_differential.rb +3 -3
data/components/checks/active/os_cmd_injection.rb +1 -1
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +1 -1
data/components/checks/active/response_splitting.rb +1 -1
data/components/checks/active/rfi.rb +1 -1
data/components/checks/active/session_fixation.rb +1 -1
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/sql_injection.rb +1 -1
data/components/checks/active/sql_injection_differential.rb +3 -3
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +1 -1
data/components/checks/active/xss.rb +4 -4
data/components/checks/active/xss_dom.rb +1 -1
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +3 -3
data/components/checks/active/xss_path.rb +1 -1
data/components/checks/active/xss_script_context.rb +3 -3
data/components/checks/active/xss_tag.rb +4 -3
data/components/checks/active/xxe.rb +1 -1
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +1 -1
data/components/checks/passive/backup_directories.rb +1 -1
data/components/checks/passive/backup_files.rb +2 -2
data/components/checks/passive/common_admin_interfaces.rb +1 -1
data/components/checks/passive/common_directories/directories.txt +1 -0
data/components/checks/passive/common_directories.rb +1 -1
data/components/checks/passive/common_files.rb +1 -1
data/components/checks/passive/directory_listing.rb +1 -1
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +1 -1
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +1 -1
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +1 -1
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +1 -1
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -4
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +1 -1
data/components/checks/passive/insecure_cross_domain_policy_access.rb +1 -1
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +1 -1
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +1 -1
data/components/path_extractors/scripts.rb +1 -1
data/components/plugins/autologin.rb +1 -1
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/debug/browser_cluster_job_monitor.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +2 -2
data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +1 -1
data/components/plugins/exec.rb +3 -3
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +1 -1
data/components/plugins/metrics.rb +1 -1
data/components/plugins/page_dump.rb +1 -1
data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/proxy.rb +3 -2
data/components/plugins/rate_limiter.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +1 -1
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +1 -1
data/components/plugins/waf_detector.rb +1 -1
data/components/plugins/webhook_notify.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html/default/css/main.css +4 -0
data/components/reporters/html/default.erb +9 -1
data/components/reporters/html.rb +4 -6
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +6 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml/schema.xsd +1 -0
data/components/reporters/xml.rb +3 -3
data/components/reporters/yaml.rb +1 -1
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser/element_locator.rb +1 -1
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +39 -11
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +41 -30
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript.rb +14 -29
data/lib/arachni/browser.rb +133 -216
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +11 -26
data/lib/arachni/browser_cluster.rb +2 -3
data/lib/arachni/check/auditor.rb +10 -5
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/check.rb +1 -1
data/lib/arachni/component/base.rb +1 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +2 -2
data/lib/arachni/data/framework.rb +2 -2
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/signature.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/auditable/buffered.rb +1 -1
data/lib/arachni/element/capabilities/auditable/line_buffered.rb +1 -1
data/lib/arachni/element/capabilities/auditable.rb +1 -1
data/lib/arachni/element/capabilities/dom_only.rb +1 -1
data/lib/arachni/element/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/capabilities/mutable.rb +1 -1
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +1 -1
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/cookie.rb +1 -1
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
data/lib/arachni/element/dom/capabilities/mutable.rb +1 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/dom.rb +1 -1
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +1 -1
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/form/dom.rb +1 -1
data/lib/arachni/element/form.rb +1 -1
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
data/lib/arachni/element/header.rb +1 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/json.rb +1 -1
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/dom.rb +1 -1
data/lib/arachni/element/link.rb +1 -1
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +1 -1
data/lib/arachni/element/link_template.rb +1 -1
data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
data/lib/arachni/element/nested_cookie.rb +370 -0
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +1 -1
data/lib/arachni/element/ui_form/dom.rb +1 -1
data/lib/arachni/element/ui_form.rb +1 -1
data/lib/arachni/element/ui_input/dom.rb +1 -1
data/lib/arachni/element/ui_input.rb +1 -1
data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
data/lib/arachni/element/xml.rb +1 -1
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework/parts/audit.rb +1 -1
data/lib/arachni/framework/parts/browser.rb +1 -1
data/lib/arachni/framework/parts/check.rb +1 -1
data/lib/arachni/framework/parts/data.rb +1 -1
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +1 -1
data/lib/arachni/framework/parts/report.rb +1 -1
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +1 -1
data/lib/arachni/framework.rb +1 -1
data/lib/arachni/http/client/dynamic_404_handler.rb +1 -1
data/lib/arachni/http/client.rb +7 -5
data/lib/arachni/http/cookie_jar.rb +1 -1
data/lib/arachni/http/headers.rb +1 -1
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/message.rb +1 -1
data/lib/arachni/http/proxy_server/connection.rb +3 -8
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +7 -6
data/lib/arachni/http/proxy_server/tunnel.rb +1 -1
data/lib/arachni/http/proxy_server.rb +1 -1
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/request.rb +8 -2
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/http/response.rb +1 -1
data/lib/arachni/http.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups/audit.rb +11 -2
data/lib/arachni/option_groups/browser_cluster.rb +28 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +5 -5
data/lib/arachni/option_groups/input.rb +1 -1
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +1 -1
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +46 -4
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/options.rb +1 -1
data/lib/arachni/page/dom/transition.rb +1 -1
data/lib/arachni/page/dom.rb +1 -1
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/page.rb +3 -3
data/lib/arachni/parser/document.rb +1 -1
data/lib/arachni/parser/extractors/base.rb +1 -1
data/lib/arachni/parser/nodes/base.rb +1 -1
data/lib/arachni/parser/nodes/comment.rb +1 -1
data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +2 -2
data/lib/arachni/parser/nodes/element/with_attributes.rb +1 -1
data/lib/arachni/parser/nodes/element.rb +1 -1
data/lib/arachni/parser/nodes/text.rb +1 -1
data/lib/arachni/parser/nodes/with_value.rb +2 -2
data/lib/arachni/parser/sax.rb +2 -1
data/lib/arachni/parser/with_children/search.rb +1 -1
data/lib/arachni/parser/with_children.rb +1 -1
data/lib/arachni/parser.rb +31 -2
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +1 -1
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +1 -1
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/executables/base.rb +2 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +9 -5
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +1 -1
data/lib/arachni/reporter/manager.rb +1 -1
data/lib/arachni/reporter/options.rb +1 -10
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/rest/server/instance_helpers.rb +10 -1
data/lib/arachni/rest/server.rb +7 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +1 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +6 -16
data/lib/arachni/session.rb +1 -1
data/lib/arachni/snapshot.rb +1 -1
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/state.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/database/base.rb +15 -7
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/glob.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/profiler.rb +1 -1
data/lib/arachni/support/signature.rb +1 -1
data/lib/arachni/support.rb +1 -1
data/lib/arachni/trainer.rb +1 -1
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/uri.rb +6 -9
data/lib/arachni/utilities.rb +1 -1
data/lib/arachni/version.rb +1 -1
data/lib/arachni.rb +1 -1
data/lib/version +1 -1
data/logs/error-1821117.log +243 -0
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +84 -60
data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -90
data/spec/arachni/browser/javascript_spec.rb +10 -9
data/spec/arachni/browser_cluster/worker_spec.rb +23 -55
data/spec/arachni/browser_spec.rb +160 -158
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/element/cookie_spec.rb +1 -1
data/spec/arachni/element/nested_cookie_spec.rb +687 -0
data/spec/arachni/element/ui_form_spec.rb +2 -2
data/spec/arachni/element/ui_input_spec.rb +1 -1
data/spec/arachni/http/client_spec.rb +14 -26
data/spec/arachni/http/cookie_jar_spec.rb +2 -2
data/spec/arachni/http/proxy_server_spec.rb +2 -0
data/spec/arachni/http/request_spec.rb +3 -2
data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
data/spec/arachni/option_groups/http_spec.rb +6 -6
data/spec/arachni/option_groups/scope_spec.rb +1 -6
data/spec/arachni/page_spec.rb +3 -2
data/spec/arachni/parser_spec.rb +45 -1
data/spec/arachni/reporter/options_spec.rb +0 -14
data/spec/arachni/rest/server_spec.rb +39 -2
data/spec/arachni/uri_spec.rb +1 -1
data/spec/components/checks/active/code_injection_spec.rb +12 -7
data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/path_traversal_spec.rb +10 -7
data/spec/components/checks/active/response_splitting_spec.rb +5 -4
data/spec/components/checks/active/rfi_spec.rb +9 -8
data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +53 -36
data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
data/spec/components/checks/active/xss_dom_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_event_spec.rb +5 -3
data/spec/components/checks/active/xss_script_context_spec.rb +4 -3
data/spec/components/checks/active/xss_spec.rb +5 -4
data/spec/components/checks/active/xss_tag_spec.rb +11 -3
data/spec/components/checks/passive/backup_files_spec.rb +0 -4
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
data/spec/spec_helper.rb +2 -1
data/spec/support/factories/http/response.rb +1 -1
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +4 -4
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/cookies.txt +1 -1
data/spec/support/fixtures/executables/node.rb +2 -3
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/nested_cookies.txt +11 -0
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +1 -1
data/spec/support/servers/arachni/check/auditor.rb +1 -0
data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
data/spec/support/servers/arachni/element/form.rb +4 -4
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
data/spec/support/servers/arachni/parser.rb +6 -0
data/spec/support/servers/checks/active/code_injection.rb +18 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
data/spec/support/servers/checks/active/path_traversal.rb +30 -3
data/spec/support/servers/checks/active/response_splitting.rb +30 -1
data/spec/support/servers/checks/active/rfi.rb +30 -2
data/spec/support/servers/checks/active/session_fixation.rb +1 -3
data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
data/spec/support/servers/checks/active/sql_injection.rb +27 -0
data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
data/spec/support/servers/checks/active/unvalidated_redirect.rb +40 -1
data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
data/spec/support/servers/checks/active/xss.rb +40 -0
data/spec/support/servers/checks/active/xss_event.rb +22 -1
data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
data/spec/support/servers/checks/active/xss_tag.rb +40 -0
data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
data/spec/support/shared/check.rb +1 -0
data/spec/support/shared/element/capabilities/auditable/buffered.rb +2 -2
data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +2 -2
data/spec/support/shared/element/capabilities/auditable.rb +2 -2
data/ui/cli/framework/option_parser.rb +44 -8
data/ui/cli/framework.rb +6 -5
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +1 -1
data/ui/cli/reporter/option_parser.rb +1 -1
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reproduce/option_parser.rb +1 -1
data/ui/cli/reproduce.rb +1 -1
data/ui/cli/rest/server/option_parser.rb +1 -1
data/ui/cli/rest/server.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/instance.rb +7 -4
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +603 -581

data/lib/arachni/browser.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -7,8 +7,9 @@
 =end
 require 'childprocess'
-require 'watir-webdriver'
+require 'watir'
 require_relative 'selenium/webdriver/element'
+require_relative 'selenium/webdriver/remote/typhoeus'
 require_relative 'processes/manager'
 require_relative 'browser/element_locator'
 require_relative 'browser/javascript'
@@ -57,6 +58,11 @@ class Browser
         # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
         class Load < Error
         end
+        # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+        class MissingExecutable < Error
+        end
     end
     # How much time to wait for the PhantomJS process to spawn before respawning.
@@ -80,12 +86,6 @@ class Browser
         /src\s*=\s*['"]?(.*?)?['"]?[\s>]/i,
     ]
-    # Unfortunately, we can't expose the HTTP user-agent for client-side
-    # stuff, because Selenium needs to know that we're using a Webkit-based
-    # browser in order to use the right JS code to trigger events etc.
-    USER_AGENT = 'Mozilla/5.0 AppleWebKit/538.1 (KHTML, like Gecko) ' <<
-        "Arachni/#{Arachni::VERSION} Safari/538.1"
     # @return   [Array<Page::DOM::Transition>]
     attr_reader :transitions
@@ -124,14 +124,6 @@ class Browser
     # @see #skip_state?
     attr_reader :skip_states
-    # @return   [Integer]
-    #   PID of the lifeline process managing the browser process.
-    attr_reader :lifeline_pid
-    # @return   [Integer]
-    #   PID of the browser process.
-    attr_reader :browser_pid
     attr_reader :last_url
     class <<self
@@ -139,13 +131,26 @@ class Browser
         # @return   [Bool]
         #   `true` if a supported browser is in the OS PATH, `false` otherwise.
         def has_executable?
-            !!executable
+            executable
+            true
+        rescue Error::MissingExecutable
+            false
         end
         # @return   [String]
         #   Path to the PhantomJS executable.
         def executable
-            Selenium::WebDriver::PhantomJS.path
+            @path ||= begin
+                path = Selenium::WebDriver::Platform.find_binary('chromedriver')
+                raise Error::MissingExecutable, 'chromedriver could not be found in PATH.' unless path
+                Selenium::WebDriver::Platform.assert_executable path
+                path
+            end
+        end
+        # @ private
+        def reset
+            @path = nil
         end
         def asset_domains
@@ -345,7 +350,7 @@ class Browser
                     ).until { @selenium.find_element( :css, css ) }
                     print_info "#{css.inspect} appeared for: #{url}"
-                rescue Selenium::WebDriver::Error::TimeOutError
+                rescue Selenium::WebDriver::Error::TimeoutError
                     print_bad "#{css.inspect} did not appear for: #{url}"
                 end
@@ -370,35 +375,12 @@ class Browser
     def wait_till_ready
         @javascript.wait_till_ready
-        wait_for_timers
-        wait_for_pending_requests
-    end
-    def shutdown
-        print_debug 'Shutting down...'
-        print_debug_level_2 'Killing process.'
-        if @kill_process
-            begin
-                @kill_process.close
-            rescue => e
-                print_debug_exception e
-            end
+        if Options.browser_cluster.wait_for_timers?
+            wait_for_timers
         end
-        print_debug_level_2 'Shutting down proxy...'
-        @proxy.shutdown rescue Reactor::Error::NotRunning
-        print_debug_level_2 '...done.'
-        @proxy        = nil
-        @kill_process = nil
-        @watir        = nil
-        @selenium     = nil
-        @lifeline_pid = nil
-        @browser_pid  = nil
-        @browser_url  = nil
-        print_debug '...shutdown complete.'
+        wait_for_pending_requests
     end
     # @return   [String]
@@ -612,7 +594,9 @@ class Browser
         notify_on_fire_event( element, event )
-        pre_timeouts = javascript.timeouts
+        if Options.browser_cluster.wait_for_timers?
+            pre_timeouts = javascript.timeouts
+        end
         begin
             transition = Page::DOM::Transition.new( locator, event, options ) do
@@ -679,13 +663,15 @@ class Browser
             print_debug_level_2 "[done in #{transition.time}s]: #{event} (#{options}) #{locator}"
-            delay = (javascript.timeouts - pre_timeouts).compact.map { |t| t[1].to_i }.max
-            if delay
-                print_debug_level_2 "Found new timers with max #{delay}ms."
-                delay = [Options.http.request_timeout, delay].min / 1000.0
+            if Options.browser_cluster.wait_for_timers?
+                delay = (javascript.timeouts - pre_timeouts).compact.map { |t| t[1].to_i }.max
+                if delay
+                    print_debug_level_2 "Found new timers with max #{delay}ms."
+                    delay = [Options.http.request_timeout, delay].min / 1000.0
-                print_debug_level_2 "Will wait for #{delay}s."
-                sleep delay
+                    print_debug_level_2 "Will wait for #{delay}s."
+                    sleep delay
+                end
             end
             transition
@@ -1040,7 +1026,6 @@ class Browser
     end
     def load_delay
-        #(intervals + timeouts).map { |t| t[1] }.max
         @javascript.timeouts.compact.map { |t| t[1].to_i }.max
     end
@@ -1101,30 +1086,83 @@ class Browser
     def selenium
         return @selenium if @selenium
-        # For some weird reason the Typhoeus client is very slow for
-        # PhantomJS 2.1.1 and causes a boatload of time-outs.
-        client = Selenium::WebDriver::Remote::Http::Default.new
-        client.timeout = Options.browser_cluster.job_timeout
+        start_proxy
-        @selenium = Selenium::WebDriver.for(
-            :remote,
+        proxy_uri = URI( @proxy.url )
+        dir = "#{Options.paths.tmpdir}/Arachni_Chrome_#{self.object_id}/"
+        FileUtils.rm_rf dir
+        FileUtils.mkdir dir
+        at_exit do
+            FileUtils.rm_rf dir
+        end
-            # We need to spawn our own PhantomJS process because Selenium's
-            # way sometimes gives us zombies.
-            url:                  spawn_browser,
-            desired_capabilities: capabilities,
-            http_client:          client
+        @selenium = Selenium::WebDriver.for(
+            :chrome,
+            capabilities: Selenium::WebDriver::Chrome::Options.new(
+                emulation: {
+                    userAgent: Arachni::Options.http.user_agent
+                },
+                args: [
+                        '--allow-running-insecure-content',
+                        '--disable-web-security',
+                        '--reduce-security-for-testing',
+                        '--ignore-certificate-errors',
+                        '--no-sandbox',
+                        '--disable-plugins',
+                        "--user-data-dir=#{dir}",
+                        "--proxy-server=#{proxy_uri.host}:#{proxy_uri.port}",
+                        "--buid=46464646",
+                        "--headless"
+                ]
+            ),
+            http_client: Selenium::WebDriver::Remote::Http::Typhoeus.new
         )
+    rescue Selenium::WebDriver::Error::WebDriverError => e
+        print_error "Please ensure that chromedriver and Chrome are the same" <<
+                      " version and in your PATH."
+        raise e
     end
-    def alive?
-        @lifeline_pid && Processes::Manager.alive?( @lifeline_pid )
+    def shutdown
+        print_debug 'Shutting down...'
+        if @selenium
+            @selenium.close
+            print_debug_level_2 'Quiting Selenium...'
+            # So freaking hacky but @selenium.quit freezes if we don't detach first.
+            @selenium.instance_eval do
+                bridge.quit
+                @service.instance_eval do
+                    Process.detach @process.pid
+                    @process.stop
+                end
+            end
+            @selenium.quit rescue Errno::ECONNREFUSED
+            # @selenium.quit rescue Selenium::WebDriver::Error::WebDriverError
+            print_debug_level_2 '...done.'
+        end
+        if @proxy
+            print_debug_level_2 'Shutting down proxy...'
+            @proxy.shutdown rescue Reactor::Error::NotRunning
+            print_debug_level_2 '...done.'
+        end
+        @proxy    = nil
+        @watir    = nil
+        @selenium = nil
+        print_debug '...shutdown complete.'
     end
     def inspect
         s = "#<#{self.class} "
-        s << "pid=#{@lifeline_pid} "
-        s << "browser_pid=#{@browser_pid} "
         s << "last-url=#{@last_url.inspect} "
         s << "transitions=#{@transitions.size}"
         s << '>'
@@ -1213,107 +1251,6 @@ class Browser
         Options.input.value_for_name( name )
     end
-    def spawn_browser
-        if !spawn_phantomjs
-            fail Error::Spawn, 'Could not start the browser process.'
-        end
-        @browser_url
-    end
-    def spawn_phantomjs
-        return @browser_url if @browser_url
-        print_debug 'Spawning PhantomJS...'
-        ChildProcess.posix_spawn = true
-        port   = nil
-        output = ''
-        10.times do |i|
-            # Clear output of previous attempt.
-            output = ''
-            done   = false
-            port   = Utilities.available_port
-            start_proxy
-            print_debug_level_2 "Attempt ##{i}, chose port number #{port}"
-            begin
-                with_timeout BROWSER_SPAWN_TIMEOUT do
-                    print_debug_level_2 "Spawning process: #{self.class.executable}"
-                    r, w  = IO.pipe
-                    ri, @kill_process = IO.pipe
-                    @lifeline_pid = Processes::Manager.spawn(
-                        :browser,
-                        executable: self.class.executable,
-                        without_arachni: true,
-                        fork: false,
-                        new_pgroup: true,
-                        stdin: ri,
-                        stdout: w,
-                        stderr: w,
-                        port: port,
-                        proxy_url: @proxy.url
-                    )
-                    w.close
-                    ri.close
-                    print_debug_level_2 'Process spawned, waiting for WebDriver server...'
-                    # Wait for PhantomJS to initialize.
-                     while !output.include?( 'running on port' )
-                         begin
-                             output << r.readpartial( 8192 )
-                         # EOF or something, take a breather before retrying.
-                         rescue
-                             sleep 0.05
-                         end
-                     end
-                    @browser_pid = output.scan( /^PID: (\d+)/ ).flatten.first.to_i
-                    print_debug_level_2 '...WebDriver server is up.'
-                    done = true
-                end
-            rescue Timeout::Error
-                print_debug 'Spawn timed-out.'
-            end
-            if !output.empty?
-                print_debug_level_2 output
-            end
-            if done
-                print_debug 'PhantomJS is ready.'
-                break
-            end
-            print_debug_level_2 'Killing process.'
-            # Kill everything.
-            shutdown
-        end
-        # Something went really bad, the browser couldn't be spawned even
-        # after our valiant efforts.
-        #
-        # Bail out for now and count on the BrowserCluster to retry to boot
-        # another process ass needed.
-        if !@lifeline_pid
-            log_error 'Could not spawn browser process.'
-            log_error output
-            return
-        end
-        @browser_url = "http://127.0.0.1:#{port}"
-    end
     def start_proxy
         print_debug 'Booting up...'
@@ -1335,7 +1272,7 @@ class Browser
     def start_webdriver
         print_debug_level_2 'Starting WebDriver...'
         @watir = ::Watir::Browser.new( selenium )
-        print_debug_level_2 "... started WebDriver at: #{@browser_url}"
+        print_debug_level_2 "... started WebDriver."
         print_debug '...boot-up completed.'
     end
@@ -1422,16 +1359,17 @@ class Browser
         end
         return if set_cookies.empty? &&
-            Arachni::Options.browser_cluster.local_storage.empty?
+            Options.browser_cluster.local_storage.empty? &&
+            Options.browser_cluster.session_storage.empty?
         set_cookie = set_cookies.values.map(&:to_set_cookie)
         print_debug_level_2 "Setting cookies: #{set_cookie}"
         body = ''
-        if Arachni::Options.browser_cluster.local_storage.any?
-            body = <<EOJS
+        if Options.browser_cluster.local_storage.any?
+            body << <<EOJS
                 <script>
-                    var data = #{Arachni::Options.browser_cluster.local_storage.to_json};
+                    var data = #{Options.browser_cluster.local_storage.to_json};
                     for( prop in data ) {
                         localStorage.setItem( prop, data[prop] );
@@ -1440,6 +1378,18 @@ class Browser
 EOJS
         end
+        if Options.browser_cluster.session_storage.any?
+            body << <<EOJS
+                <script>
+                    var data = #{Options.browser_cluster.session_storage.to_json};
+                    for( prop in data ) {
+                        sessionStorage.setItem( prop, data[prop] );
+                    }
+                </script>
+EOJS
+        end
         @selenium.navigate.to preload( HTTP::Response.new(
             code:    200,
             url:     "#{url}/set-cookies-#{request_token}",
@@ -1475,43 +1425,6 @@ EOJS
         @selenium.manage.window.resize_to( @width, @height )
     end
-    # # Firefox driver, only used for debugging.
-    # def firefox
-    #     profile = Selenium::WebDriver::Firefox::Profile.new
-    #     profile.proxy = Selenium::WebDriver::Proxy.new http: @proxy.address,
-    #                                                    ssl: @proxy.address
-    #     [:firefox, profile: profile]
-    # end
-    #
-    # # Chrome driver, only used for debugging.
-    # def chrome
-    #     [ :chrome, switches: [ "--proxy-server=#{@proxy.address}" ] ]
-    # end
-    def capabilities
-        Selenium::WebDriver::Remote::Capabilities.phantomjs(
-            # Selenium tries to be helpful by including screenshots for errors
-            # in the JSON response. That's not gonna fly in this use case as
-            # parsing lots of massive JSON responses at the same time will
-            # have a significant impact on performance.
-            takes_screenshot: false,
-            # Needs to include the string Webkit:
-            #   https://github.com/ariya/phantomjs/issues/14198
-            #
-            # Default is:
-            #   Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.1.1 Safari/538.1
-            'phantomjs.page.settings.userAgent'                   =>
-                USER_AGENT,
-            'phantomjs.page.customHeaders.X-Arachni-Browser-Auth' =>
-                auth_token,
-            'phantomjs.page.settings.resourceTimeout'             =>
-                Options.http.request_timeout,
-            'phantomjs.page.settings.loadImages'                  =>
-                !Options.browser_cluster.ignore_images
-        )
-    end
     def flush_request_transitions
         @request_transitions.dup
     ensure
@@ -1529,8 +1442,8 @@ EOJS
     def request_handler( request, response )
         request.performer = self
-        return if request.headers['X-Arachni-Browser-Auth'] != auth_token
-        request.headers.delete 'X-Arachni-Browser-Auth'
+        # return if request.headers['X-Arachni-Browser-Auth'] != auth_token
+        # request.headers.delete 'X-Arachni-Browser-Auth'
         print_debug_level_2 "Request: #{request.url}"
@@ -1539,7 +1452,7 @@ EOJS
         #
         # Still, it's a nice feature to have when requesting assets or anything
         # else.
-        if request.url == @last_url
+        if !@last_url || request.url == @last_url
             request.headers.delete 'If-None-Match'
             request.headers.delete 'If-Modified-Since'
         end
@@ -1594,7 +1507,11 @@ EOJS
         # Prevent PhantomJS from caching the root page, we need to have an
         # associated response.
-        if @last_url == response.url
+        #
+        # Also don't cache when we don't have a @last_url because this could
+        # be driven directly from Selenium/Watir via a plugin and caching it
+        # can ruin the scan.
+        if !@last_url || @last_url == response.url
             response.headers.delete 'Cache-control'
             response.headers.delete 'Etag'
             response.headers.delete 'Date'
@@ -1872,7 +1789,7 @@ EOJS
     end
     def normalize_watir_url( url )
-        normalize_url( ::URI.encode( url, ';' ) ).gsub( '%3B', '%253B' )
+        normalize_url( url.gsub( ';', '%3B' )  ).gsub( '%3B', '%253B' )
     end
 end

data/lib/arachni/browser_cluster/job/result.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/job.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/browser_provider.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/dom_exploration.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/browser_cluster/jobs/taint_trace.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework