subject:"\[W3af\-develop\] getaddrinfo after 302 redirect"

Re: [W3af-develop] getaddrinfo after 302 redirect

2009-05-07 Thread Andres Riancho

Achim,

On Wed, May 6, 2009 at 10:59 AM, Achim Hoffmann a...@securenet.de wrote:
 Hi Andres,

 another nasty thing.
 I'll explain first, then see the corresponding debug.
 Tried to write a fix, but it seems not that simple without understanding
 how w3af works.

 Here we go:
   * a requests returns with a 302 status response (including a Location
     header)
   * the given FQDN in the Location header cannot be resolved (for whatever
     reason)
   * w3af fails to open and throws an exception (see below)
   * after several such exceptions (how many?) w3af stops completely

 It would be nice if there is a simple single line for the 302, something like:

    request to http://some.tld/whatever returned 30x to 
 http://other.tld/whatever

 If the FQDN is not resolvable, a corresponding one-line message instead of
 the stack trace.

 In this case (see below) the information returned in the Location header is
 important, it yields some internal hostnames:)

 Here the debug example:

 ---
 [ 05/06/09 14:35:12 - debug ] keepalive: added one connection, 
 len(self._hostmap[pbc-vip:8080]): 10
 [ 05/06/09 14:35:14 - debug ] Incrementing global error count. GEC: 9
 [ 05/06/09 14:35:14 - debug ] w3af failed to reach the server while 
 requesting: https://some.tld/whatever;.
 [ 05/06/09 14:35:14 - debug ] Reason: (11001, 'getaddrinfo failed'); going 
 to retry.
 [ 05/06/09 14:35:14 - debug ] Traceback for this error: Traceback (most 
 recent call last):
 [ 05/06/09 14:35:14 - debug ]   File 
 D:\Programme\w3af\core\data\url\xUrllib.py, line 468, in _send
 [ 05/06/09 14:35:14 - debug ]     res = self._cacheOpener.open( req )
 [ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 387, 
 in open
 [ 05/06/09 14:35:14 - debug ]     response = meth(req, response)
 [ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 498, 
 in http_response
 [ 05/06/09 14:35:14 - debug ]     'http', request, response, code, msg, hdrs)
 [ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 419, 
 in error
 [ 05/06/09 14:35:14 - debug ]     result = self._call_chain(*args)
 [ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 360, 
 in _call_chain
 [ 05/06/09 14:35:14 - debug ]     result = func(*args)
 [ 05/06/09 14:35:14 - debug ]   File 
 D:\Programme\w3af\core\data\url\handlers\logHandler.py, line 108, in 
 mod_http_error_302
 [ 05/06/09 14:35:14 - debug ]     return self.old_http_error_302(req, fp, 
 code, msg, headers)
 [ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 582, 
 in http_error_302
 [ 05/06/09 14:35:14 - debug ]     return self.parent.open(new)
 [ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 381, 
 in open
 [ 05/06/09 14:35:14 - debug ]     response = self._open(req, data)
 [ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 399, 
 in _open
 [ 05/06/09 14:35:14 - debug ]     '_open', req)
 [ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 360, 
 in _call_chain
 [ 05/06/09 14:35:14 - debug ]     result = func(*args)
 [ 05/06/09 14:35:14 - debug ]   File 
 D:\Programme\w3af\core\data\url\handlers\keepalive.py, line 541, in 
 https_open
 [ 05/06/09 14:35:14 - debug ]     return self.do_open(req)
 [ 05/06/09 14:35:14 - debug ]   File 
 D:\Programme\w3af\core\data\url\handlers\keepalive.py, line 421, in do_open
 [ 05/06/09 14:35:14 - debug ]     raise urllib2.URLError(err)
 [ 05/06/09 14:35:14 - debug ] URLError: urlopen error (11001, 'getaddrinfo 
 failed')
 [ 05/06/09 14:35:14 - debug ]
 [ 05/06/09 14:35:14 - debug ] Re-sending request...
 [ 05/06/09 14:35:14 - debug ] keepalive: The connection manager has 11 active 
 connections.
 [ 05/06/09 14:35:14 - debug ] keepalive: The connection manager has 11 active 
 connections.
 [ 05/06/09 14:35:14 - debug ] keepalive: added one connection, 
 len(self._hostmap[pbc-vip:8080]): 11
 [ 05/06/09 14:35:16 - debug ] Incrementing global error count. GEC: 10
 [ 05/06/09 14:35:16 - error ]
 [ 05/06/09 14:35:16 - error ] **IMPORTANT** The following error was detected 
 by
 w3af and couldn't be resolved: The xUrllib found too much consecutive errors.
 The remote webserver doesn't seem to be reachable anymore; please verify 
 manually.
 [ 05/06/09 14:35:16 - error ]
   ---

I think that you will be able to apply a fix, if in the
mod_http_error_302 method of the logHandler.py file, you check if the
new domain can be resolved or not, before actually performing the
request to it. Do you want to give it a try?

Cheers,

 Achim


 --
 The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
 production scanning environment may not be a perfect world - but thanks to
 Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
 Series Scanner you'll get full speed at 300 dpi even with all image
 processing

[W3af-develop] getaddrinfo after 302 redirect

2009-05-06 Thread Achim Hoffmann

Hi Andres,

another nasty thing.
I'll explain first, then see the corresponding debug.
Tried to write a fix, but it seems not that simple without understanding
how w3af works.

Here we go:
   * a requests returns with a 302 status response (including a Location
 header)
   * the given FQDN in the Location header cannot be resolved (for whatever
 reason)
   * w3af fails to open and throws an exception (see below)
   * after several such exceptions (how many?) w3af stops completely

It would be nice if there is a simple single line for the 302, something like:

request to http://some.tld/whatever returned 30x to 
http://other.tld/whatever

If the FQDN is not resolvable, a corresponding one-line message instead of
the stack trace.

In this case (see below) the information returned in the Location header is
important, it yields some internal hostnames:)

Here the debug example:

---
[ 05/06/09 14:35:12 - debug ] keepalive: added one connection, 
len(self._hostmap[pbc-vip:8080]): 10
[ 05/06/09 14:35:14 - debug ] Incrementing global error count. GEC: 9
[ 05/06/09 14:35:14 - debug ] w3af failed to reach the server while requesting: 
https://some.tld/whatever;.
[ 05/06/09 14:35:14 - debug ] Reason: (11001, 'getaddrinfo failed'); going to 
retry.
[ 05/06/09 14:35:14 - debug ] Traceback for this error: Traceback (most recent 
call last):
[ 05/06/09 14:35:14 - debug ]   File 
D:\Programme\w3af\core\data\url\xUrllib.py, line 468, in _send
[ 05/06/09 14:35:14 - debug ] res = self._cacheOpener.open( req )
[ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 387, in 
open
[ 05/06/09 14:35:14 - debug ] response = meth(req, response)
[ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 498, in 
http_response
[ 05/06/09 14:35:14 - debug ] 'http', request, response, code, msg, hdrs)
[ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 419, in 
error
[ 05/06/09 14:35:14 - debug ] result = self._call_chain(*args)
[ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 360, in 
_call_chain
[ 05/06/09 14:35:14 - debug ] result = func(*args)
[ 05/06/09 14:35:14 - debug ]   File 
D:\Programme\w3af\core\data\url\handlers\logHandler.py, line 108, in 
mod_http_error_302
[ 05/06/09 14:35:14 - debug ] return self.old_http_error_302(req, fp, code, 
msg, headers)
[ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 582, in 
http_error_302
[ 05/06/09 14:35:14 - debug ] return self.parent.open(new)
[ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 381, in 
open
[ 05/06/09 14:35:14 - debug ] response = self._open(req, data)
[ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 399, in 
_open
[ 05/06/09 14:35:14 - debug ] '_open', req)
[ 05/06/09 14:35:14 - debug ]   File C:\Python25\lib\urllib2.py, line 360, in 
_call_chain
[ 05/06/09 14:35:14 - debug ] result = func(*args)
[ 05/06/09 14:35:14 - debug ]   File 
D:\Programme\w3af\core\data\url\handlers\keepalive.py, line 541, in https_open
[ 05/06/09 14:35:14 - debug ] return self.do_open(req)
[ 05/06/09 14:35:14 - debug ]   File 
D:\Programme\w3af\core\data\url\handlers\keepalive.py, line 421, in do_open
[ 05/06/09 14:35:14 - debug ] raise urllib2.URLError(err)
[ 05/06/09 14:35:14 - debug ] URLError: urlopen error (11001, 'getaddrinfo 
failed')
[ 05/06/09 14:35:14 - debug ]
[ 05/06/09 14:35:14 - debug ] Re-sending request...
[ 05/06/09 14:35:14 - debug ] keepalive: The connection manager has 11 active 
connections.
[ 05/06/09 14:35:14 - debug ] keepalive: The connection manager has 11 active 
connections.
[ 05/06/09 14:35:14 - debug ] keepalive: added one connection, 
len(self._hostmap[pbc-vip:8080]): 11
[ 05/06/09 14:35:16 - debug ] Incrementing global error count. GEC: 10
[ 05/06/09 14:35:16 - error ]
[ 05/06/09 14:35:16 - error ] **IMPORTANT** The following error was detected by 
w3af and couldn't be resolved: The xUrllib found too much consecutive errors. 
The remote webserver doesn't seem to be reachable anymore; please verify 
manually.
[ 05/06/09 14:35:16 - error ]
   ---

Achim


--
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
___
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Re: [W3af-develop] getaddrinfo after 302 redirect

[W3af-develop] getaddrinfo after 302 redirect

2 matches

Site Navigation

Mail list logo

Footer information