Re: [W3af-develop] [off-topic] nimbostratus: Tools to exploit insecure Amazon deployments

Hi, Seems to be cool :-) Le 30 août 2013 00:05, Andres Riancho andres.rian...@gmail.com a écrit : Take a look at nimbostratus [0] my latest toy project :) [0] http://andresriancho.github.io/nimbostratus/ -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack

Re: [W3af-develop] Avoid to commit and push __init__.py file -- Trick

I have updated the Wiki with this information: https://github.com/andresriancho/w3af/wiki/Contributing-101 On 17/08/2013 11:23, Dominique RIGHETTO wrote: Hi, I have just found a trick to avoid to commit and push __init__.py file. I use Git option --assume-unchanged [0]. Ex: git update

[W3af-develop] Access to http response cookie collection in Audit plugin

regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://www.righettod.eu No trees were killed to send this message, but a large number of electrons were terribly inconvenienced

Re: [W3af-develop] Integer overflow detection plugin

is it correct ? Thanks in advance :) -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://www.righettod.eu No trees were killed to send this message, but a large number of electrons were terribly

Re: [W3af-develop] Integer overflow detection plugin

Andres, DM, I will setup ASAP an IRC client (I have never used IRC before) and I will come back to you with a date (Luxembourg time) when I'm able to connect to #w3af channel... Regards, Dom -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe

Re: [W3af-develop] Integer overflow detection plugin

, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://www.righettod.eu No trees were killed to send this message, but a large number of electrons were terribly inconvenienced. On Mon, Jul 15, 2013 at 1:54 PM, Andres Riancho

Re: [W3af-develop] Integer overflow detection plugin

, 2013 at 10:09 AM, Dominique Righetto dominique.righe...@gmail.com mailto:dominique.righe...@gmail.com wrote: Hi Andres, I'm working on integer overflow detection plugin and I try to understand, in a audit plugin, how to access to injection points detected by in discovery

[W3af-develop] Integer overflow detection plugin

Hi Andres, I'm working on integer overflow detection plugin and I try to understand, in a audit plugin, how to access to injection points detected by in discovery part. Can you give me some pointer or plugin example ? Thanks in advance Dom

Re: [W3af-develop] VIM syntax file for W3AF script

will manage update directly from vim.org, the UI seems cool and clear :o) Regards, -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://www.righettod.eu No trees were killed to send this message, but a large

[W3af-develop] W3AF documentation documents update

, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://www.righettod.eu No trees were killed to send this message, but a large number of electrons were terribly inconvenienced

Re: [W3af-develop] VIM syntax file for W3AF script

Hi, To facilitate maintenance I have published the file here: http://www.vim.org/scripts/script.php?script_id=4567 -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://www.righettod.eu No trees were

[W3af-develop] VIM syntax file for W3AF script

Hi Andres, I have wrote an VIM syntax file for W3AF script, can you add it into the project source on Github repository ? I will manage is maintenance because I mainly use W3AF using scripts... I have tested it with Ubuntu and VIM 7.3 Thanks in advance -- Cordialement, Best regards, Dominique

Re: [W3af-develop] NEED HELP

, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://www.righettod.eu No trees were killed to send this message, but a large number of electrons were terribly inconvenienced. On Fri, Apr 26, 2013 at 6:48 AM, w3b giant w3bgi...@gmail.com

Re: [W3af-develop] Use Contributing 101 guide on Threading2 branch

Hi, Small update to provide the GIT command line to use to push commits from git flow feature branch to remote repository (w3af reference repository fork): git push origin [BRANCH_NAME] Ex: git push origin feature/csp_plugin Hope this helps :) Dom

[W3af-develop] CSP grep plugin dev status

Hi, A first draft of the csp grep plugin is implemented with unit tests and PHP scripts. For the moment, it list all csp vulns found for each url but I will continue to work on it in order to apply smart analysis in the end step I keep you informed about status ;o) Dom

Re: [W3af-develop] Beta-testers wanted!

Hi, W3AF will be the main tool to apply non-human security check on the next project on which I will work then I will report any issues... -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http

[W3af-develop] CSP grep plugin dev status

Hi, Just to inform you that I have started implementation of the CSP grep plugin based on ClickJacking plugin I will use this work to update my knowledge of the new W3AF contribution process on Github. I will keep you informed :) Dom

Re: [W3af-develop] Travis-CI

CloudBees can be used only with Java/JRuby and grails :o -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://righettod.github.com No trees were killed to send this message, but a large number

Re: [W3af-develop] Travis-CI

travis-ci seems to be an interesting options -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://righettod.github.com No trees were killed to send this message, but a large number of electrons

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

Hi Andres, For sure, which existing Grep plugin can I use as template ? Thanks in advance. -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://righettod.github.com No trees were killed to send

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

/issues/2#issuecomment-12192049 [1] https://github.com/righettod/w3af-contribs/commit/a6c06a1fe0f7d6ee8241a7dfe05a7eed96078633 -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0xC34A4565323D19BA http

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

for the each directive Ticket updated : https://github.com/righettod/w3af-contribs/issues/2#issuecomment-11926663 ;o) -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0xC34A4565323D19BA http

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

test class. I have executed unit tests against revision 6578 of Threading2 branch of W3AF SVN repository. See https://github.com/righettod/w3af-contribs/commit/b2787b5371267d860b7a73ca23081d4bf2048e04 -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

, On Wed, Jan 2, 2013 at 7:51 AM, Dominique RIGHETTO dominique.righe...@gmail.com wrote: Hello, To begin with I present to you my best wishes for 2013 :) Thanks! My best wishes to you too in this new year that's just starting :) I have added a method to find vulnerabilities into CSP

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

wrote: Damn! Forgot about this one, reading right now. Give me some mins. On Fri, Nov 30, 2012 at 12:16 PM, Andres Riancho andres.rian...@gmail.com wrote: I'm on vacations until next Monday, I'll answer that day. On Fri, Nov 30, 2012 at 2:41 AM, Dominique Righetto dominique.righe...@gmail.com

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

Hi Andres, I hope your holidays has been good ;o) Do you have any news about http://sourceforge.net/mailarchive/message.php?msg_id=30167485 Have a nice day ;o) Dom -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

Andres, I have implemented all your remarks and I have aligned the utils.py code to stick to 80 columns using the Python official style guide recommendation. I have executed my unit tests against the revision 6177 of Threading2 branch (last from today) and all unit tests pass. The github repo

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

the csp.py grep plugin. Totally agree, i'm working on this way ;o) -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0xC34A4565323D19BA http://righettod.github.com No trees were killed to send this message

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

:) -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0xC34A4565323D19BA http://righettod.github.com "No trees were killed to send this message, but a large number of electrons were terribly inconveni

Re: [W3af-develop] Grep plugin type suggestion : Content Security Policy

this indicate that all sources are allowed and then remote content loading is fully open What do you think ? [0] http://www.w3.org/TR/CSP/#directives -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA

Re: [W3af-develop] w3af Todo List

://github.com/righettod/w3af-plugins Have a nice day. -- Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://righettod.github.com No trees were killed to send this message, but a large number of electrons

Re: [W3af-develop] CORS plugins validation for adding into W3AF SVN repository

know when i will fix my installation... Regards, Dom On Mon, Oct 15, 2012 at 8:30 PM, Andres Riancho andres.rian...@gmail.comwrote: Dom, On Mon, Oct 15, 2012 at 10:25 AM, Dominique Righetto dominique.righe...@gmail.com wrote: Andres, OK. About preflight, i must admit that you are right

Re: [W3af-develop] CORS plugins validation for adding into W3AF SVN repository

Hi, OK, in fact i am new in this project and then I don't know the official release process, it's for this reason that i have asked the question. Now it's clear and then it will more easy for me for next contributions ;o) Cordialement, Best regards, Dominique Righetto dominique.righe

Re: [W3af-develop] CORS plugins validation for adding into W3AF SVN repository

it into the threading2 branch and then I will report update into my version (i will also change the name cors_origin.py the sync with the new name of the other plugin) Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod Google Code

Re: [W3af-develop] CORS plugins validation for adding into W3AF SVN repository

Hi, I understand, it's now my turn to find fact and real case to convince you than this plugin have is place into W3AF...It's the game and it's a very interesting part ;o Thanks for review. Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe

Re: [W3af-develop] CORS plugins validation for adding into W3AF SVN repository

resource modification become possible. Perhaps we can move this plugin from Audit type to another like Discovery or Grep... Cordialement, Best regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod Google Code Repository http://righettod.googlecode.com