Achim,
On Wed, May 6, 2009 at 10:59 AM, Achim Hoffmann a...@securenet.de wrote:
Hi Andres,
another nasty thing.
I'll explain first, then see the corresponding debug.
Tried to write a fix, but it seems not that simple without understanding
how w3af works.
Here we go:
* a requests
Achim,
On Wed, May 6, 2009 at 11:47 AM, Achim Hoffmann a...@securenet.de wrote:
while browsung through the requsts reported by the dav-methods plugin
I detected that the plugin seems to send the request without the
specicified UA, at least the listed request does not contain the
UA header.
Achim,
On Wed, May 6, 2009 at 11:51 AM, Achim Hoffmann a...@securenet.de wrote:
all the requests reported by the dav-method plugin are shown as
GET
even the description shows multiple DAV methods, the request is always
GET. Is this correct? It's at least confusing, and the reported request
On Thu, 7 May 2009, Andres Riancho wrote:
!! On Wed, May 6, 2009 at 11:51 AM, Achim Hoffmann a...@securenet.de wrote:
!! all the requests reported by the dav-method plugin are shown as
!! GET
!! even the description shows multiple DAV methods, the request is always
!! GET. Is this correct?
Andres,
it interesting idea!
It looks like DVL[0] but especially for web security?
[0] http://www.damnvulnerablelinux.org/
wget http://dfn.dl.sourceforge.net/sourceforge/w3af/moth-v0.6.7z
--2009-05-07 22:41:28--
http://dfn.dl.sourceforge.net/sourceforge/w3af/moth-v0.6.7z
... =)
List,
Taras,
On Thu, May 7, 2009 at 3:43 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Andres,
it interesting idea!
It looks like DVL[0] but especially for web security?
Yep, its basically the same idea.
[0] http://www.damnvulnerablelinux.org/
wget