I think it's difficult to identify this, maybe they should all be logged as
informational.
Plenty of applications use custom session tokens, it wouldn't be possible
to separate these from other types of cookie.
On Fri, Sep 14, 2012 at 10:46 AM, Andres Riancho
andres.rian...@gmail.comwrote:
it? in _createMutantsWorker? May be we will add some
limit?
On 05/15/2012 07:27 PM, Stephen Breen wrote:
I did, the most efficient way I could think to do it required the
following changes to dataContainer.py and queryString.py. Basically all
I did was add a _safeEncodeChars field
Hi Christopher,
I'm fairly new to w3af development as well, the developers guide which may
help you a bit can be found here:
http://sourceforge.net/apps/trac/w3af/wiki/developers-guide
Other than that, I just picked it up by looking at the current plugins and
the core and seeing how it all fits
a couple of test scripts for HTTP Parameter
Pollution that you can see here:
http://sourceforge.net/apps/trac/w3af/browser/extras/testEnv/webroot/w3af/audit/hpp
You might find them useful for testing your stuff,
Regards,
On Tue, May 15, 2012 at 7:27 PM, Stephen Breen breen.mach...@gmail.com
Try this:
ls /usr/lib/ssl/certs
I get the same error as you for openssl ca on Ubuntu and a different
error on CentOS5 and RedHat5.
On Sun, May 20, 2012 at 11:38 AM, Andres Riancho
andres.rian...@gmail.comwrote:
Achim, Taras,
On Sun, May 20, 2012 at 5:12 PM, Achim Hoffmann
Looks good! I tested it with my plugin and it still works with the new
code. Thanks!
On Thu, May 17, 2012 at 9:30 AM, Andres Riancho andres.rian...@gmail.comwrote:
Stephen,
On Tue, May 15, 2012 at 12:00 PM, Stephen Breen breen.mach...@gmail.com
wrote:
Actually that isn't a syntax error
Great! I look forward to trying it out.
Just curious, how to you plan to support AJAX webapps in 3.3? Using some
kind of browser automation like Selenium?
On Thu, May 17, 2012 at 11:47 AM, Taras ox...@oxdef.info wrote:
Hi, all!
We are glad to inform you that 3.2 version of w3af_webui has
)
+else:
+m.setModValue( mutant_str )
# Done, add it to the result
result.append( m )
On Tue, May 15, 2012 at 11:44 AM, Andres Riancho
andres.rian...@gmail.comwrote:
Stephen,
On Wed, May 9, 2012 at 2:58 PM, Stephen Breen breen.mach
...@gmail.comwrote:
Stephen,
On Sat, May 12, 2012 at 3:31 PM, Stephen Breen breen.mach...@gmail.com
wrote:
After comparing the browser and w3af requests/responses in wireshark I
was
able to figure it out. When I send the request:
http://www.example.com/?x=abc%26ZJkL%3DNrZp
In w3af it is being
I've been working on an HTTP Parameter Pollution plugin a little bit lately
and noticed that the append functionality of createMutants in
core/data/fuzzer/fuzzer.py doesn't seem to work, unless I'm
misunderstanding its use. I've fixed it for my current purposes (simple
query string mutants) by
Thanks for the code review, really appreciate it. I've attached the updated
file and made some inline comments:
* Line 2 incorrectly says crossDomainXMLChecker.py
Oops, that one escaped my notice after copy/paste.
* Remove _testCheck
Done. Another brain fart.
* Might be a good idea to
written was a little too narrow anyways.
On Wed, May 2, 2012 at 9:52 AM, Andres Riancho andres.rian...@gmail.comwrote:
Stephen,
Please read inline,
On Tue, May 1, 2012 at 6:16 PM, Stephen Breen breen.mach...@gmail.com
wrote:
Hi, I've recently started using the w3af scanner and love
Many wordpress vulnerabilities are theme specific, this plugin finds the
running theme on a blog, attempts to find installed but not running themes
by enumerating popular theme names from a list and for any themes found,
runs tests to see if they are vulnerable to some common vulnerabilities
Hi, I've recently started using the w3af scanner and love it! I'd like to
contribute some code to the project and am wondering how to go about this?
I've written 2 new discovery plugins; one is a wordpress theme auditor.
Many wordpress vulnerabilities are theme specific, this plugin finds the
14 matches
Mail list logo
