[W3af-develop] w3af REST API feature requests
Lists, The REST API milestone for w3af is coming to an end, the only pending feature is Expose plugin and core (misc|http) configuration [0] and OwenTuz is already working on it. Before I move to other things... any feature requests for the REST API? [0] https://github.com/andresriancho/w3af/issues/10616 Regards, -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
[W3af-develop] W3af Rest Api
Hello, I'm currently trying to fetch http transaction data sent by w3af using w3af Rest Api . According to this http://docs.w3af.org/en/latest/api/traffic.html doc we can get the http request and response data of a transaction of by sending a GET request to /scans/scan-id/traffic/traffic-id , it is also mentioned that traffic-id attribute can be accessed by sending a GET request to /scans/scan-id/kb/vulnerability-id ,the docs http://docs.w3af.org/en/latest/api/kb.html regarding /kb/ resource mention that it returns only the list of vulnerabilities .So according to docs we should be only able to fetch http transaction data of vulnerable requests . But in twitter andres riancho stated https://twitter.com/w3af/status/615570631204192256 that we can read all http requests sent from scanner . First of all i would like to know how i can i use rest api to fetch http data of scan started w3ag gui , we need scan id to get scan details when i started a scan from w3af gui and then sent request to /scans/0, /scans/1 , /scans/2 . It seems like we can only get scan details of scan only if it is started using rest api . Can anyone explain how can we get scan details of scan started from w3af-gui using rest api and also how to get http transactions details of all the transactions not just the vulnerable ones. . Thanks, Gorantla Sai. -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] W3af Rest Api
Gorantia, On Mon, Jun 29, 2015 at 11:00 PM, Gorantla sai ahik...@gmail.com wrote: Hello, I'm currently trying to fetch http transaction data sent by w3af using w3af Rest Api . According to this doc we can get the http request and response data of a transaction of by sending a GET request to /scans/scan-id/traffic/traffic-id , it is also mentioned that traffic-id attribute can be accessed by sending a GET request to /scans/scan-id/kb/vulnerability-id ,the docs regarding /kb/ resource mention that it returns only the list of vulnerabilities .So according to docs we should be only able to fetch http transaction data of vulnerable requests . But in twitter andres riancho stated that we can read all http requests sent from scanner . First of all i would like to know how i can i use rest api to fetch http data of scan started w3ag gui You can't do that via REST API , we need scan id to get scan details when i started a scan from w3af gui and then sent request to /scans/0, /scans/1 , /scans/2 . It seems like we can only get scan details of scan only if it is started using rest api Yep, GUI and REST API are completely different user interfaces and don't have any method of exchanging data . Can anyone explain how can we get scan details of scan started from w3af-gui using rest api You can't and also how to get http transactions details of all the transactions not just the vulnerable ones. . /scans/scan-id/traffic/any-request-id-you-want Thanks, Gorantla Sai. -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop