plugins/form_dicattack.rb in arachni-0.3 vs plugins/form_dicattack.rb in arachni-0.4

@@ -1,8 +1,8 @@
 =begin
                   Arachni
-  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 
   This is free software; you can copy and distribute and modify
   this program under the term of the GPL v2.0 License
   (See LICENSE file for details)
 
@@ -19,27 +19,18 @@
 #
 class FormDicattack < Arachni::Plugin::Base
 
     attr_accessor :http
 
-    #
-    # @param    [Arachni::Framework]    framework
-    # @param    [Hash]        options    options passed to the plugin
-    #
-    def initialize( framework, options )
-        @framework = framework
-        @options   = options
-
+    def prepare
         # disable spidering and the subsequent audit
         # @framework.opts.link_count_limit = 0
 
         # don't scan the website just yet
         @framework.pause!
         print_info( "System paused." )
-    end
 
-    def prepare
         @url     = @framework.opts.url.to_s
         @users   = File.read( @options['username_list'] ).split( "\n" )
         @passwds = File.read( @options['password_list'] ).split( "\n" )
         @user_field   = @options['username_field']
         @passwd_field = @options['password_field']
@@ -50,14 +41,14 @@
         @http = @framework.http
 
         @found = false
     end
 
-    def run( )
+    def run
 
         if !form = login_form
-            print_error( 'Could not find a form suiting the provided params at: ' +
+            print_bad( 'Could not find a form suiting the provided params at: ' +
                 @url )
             return
         end
 
         name = form.raw['attrs']['name'] ? form.raw['attrs']['name'] : '<n/a>'
@@ -85,11 +76,12 @@
 
                 # we need a clean cookie slate for each request
                 opts = {
                     :headers => {
                         'cookie'  => ''
-                    }
+                    },
+                    :update_cookies => true
                 }
                 form.submit( opts ).on_complete {
                     |res|
 
                     next if @found
@@ -104,20 +96,20 @@
                     print_ok( "Found a match. #{@user_field}: '#{res.request.params[@user_field]}'" +
                         " -- #{@passwd_field}: '#{res.request.params[@passwd_field]}'" )
 
                     # register our findings...
                     register_results( { :username => user, :password => pass } )
-                    clean_up( )
+                    clean_up
 
                     raise "Stopping the attack."
                 }
 
             }
         }
 
         print_status( "Waiting for the requests to complete..." )
         @http.run
-        print_error( "Couldn't find a match." )
+        print_bad( "Couldn't find a match." )
 
     end
 
     def clean_up
         # abort the rest of the queued requests