that I sent
him an email?
Brett, thanks for your time =)
Cheers,
Brett
-Original Message-
From: Andres Riancho [mailto:[EMAIL PROTECTED]
Sent: Monday, 24 November 2008 10:39 a.m.
To: [EMAIL PROTECTED]
Cc: w3af-develop@lists.sourceforge.net
Subject: Re: [W3af-develop] Advisory SE
!
Saludos,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications
Viktor,
On Sun, Nov 30, 2008 at 6:35 PM, Viktor Gazdag [EMAIL PROTECTED] wrote:
2008/11/30 Viktor Gazdag [EMAIL PROTECTED]
2008/11/30 Andres Riancho [EMAIL PROTECTED]
Viktor,
On Sat, Nov 22, 2008 at 1:18 PM, Andres Riancho
[EMAIL PROTECTED] wrote:
Viktor,
On Sat, Nov 22, 2008 at 12
--
From: Viktor Gazdag [EMAIL PROTECTED]
Date: 2008/12/4
Subject: Re: [W3af-develop] plugin creating question
To: Andres Riancho [EMAIL PROTECTED]
2008/11/30 Andres Riancho [EMAIL PROTECTED]
Viktor,
On Sun, Nov 30, 2008 at 6:35 PM, Viktor Gazdag [EMAIL PROTECTED]
wrote:
2008/11
-contest.org/redirect.php?banner_id=100url=/
___
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit
/clk;208669438;13503038;i?http://2009.visitmix.com/
___
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack
Viktor,
On Tue, Dec 16, 2008 at 8:17 PM, Viktor Gazdag woodsp...@gmail.com wrote:
2008/12/12 Viktor Gazdag woodsp...@gmail.com
2008/12/12 Andres Riancho andres.rian...@gmail.com
Viktor,
On Thu, Dec 11, 2008 at 8:10 PM, Viktor Gazdag woodsp...@gmail.com
wrote:
On Thu, Dec 11, 2008 at 6
Viktor,
On Sat, Dec 20, 2008 at 8:22 PM, Viktor Gazdag woodsp...@gmail.com wrote:
2008/12/20 Andres Riancho andres.rian...@gmail.com
Viktor,
On Sat, Dec 20, 2008 at 10:56 AM, Viktor Gazdag woodsp...@gmail.com
wrote:
2008/12/17 Andres Riancho andres.rian...@gmail.com
Viktor,
On Tue
-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
Ulises,
Should I close bug #2012986: Missing DLLs in windows install
[0]? Is it fixed in the new version of the installer?
[0]
https://sourceforge.net/tracker2/?func=detailaid=2012986group_id=170274atid=853652
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack
browser to use 127.0.0.1:4 as the
proxy server for outgoing connections.
./w3af_console -s scripts/script-spiderMan.w3af
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
about
the target server? Thanks for your input!
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
w3af plugins
w3af/plugins audit localFileInclude
w3af/plugins output console,textFile
w3af/plugins output config textFile
w3af/plugins/output
Updated numbers,
On Sun, Dec 28, 2008 at 1:24 AM, Andres Riancho
andres.rian...@gmail.com wrote:
List,
Last Friday at the office one of the guys found a vulnerability in
a web application, the vulnerability was the classic
index.php?filename=/etc/passwd that let's you read the content
), OSCP
www.securityaudit.ru
Software is like sex: it's better when it's free. - Linus Torvalds
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
Sasha,
On Wed, Jan 21, 2009 at 6:41 AM, Alexander Berezhnoy
alexander.berezh...@gmail.com wrote:
Hi Andres!
2009/1/21 Andres Riancho andres.rian...@gmail.com:
List,
I've created a task in the TODO list for v1.0 some time ago, that
basically says [0]:
I should separate discovery
=2125031group_id=170274atid=853652
[1]
https://sourceforge.net/tracker2/?func=detailaid=2248574group_id=170274atid=853655
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
it, and of course failed. Any ideas?
[38756]
https://sourceforge.net/tracker2/index.php?func=detailaid=2556774group_id=170274atid=853652
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
applications today-http://p.sf.net/sfu/adobe-com
___
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit
On Mon, Mar 2, 2009 at 3:55 PM, Andres Riancho andres.rian...@gmail.com wrote:
List,
Nicolas is going to be contributing to the project during the next
weeks, he's an experienced developer, and he wants to start diving
into the security field. He's going to be working on these three
tasks
Olle, Achim,
On Fri, Mar 13, 2009 at 8:38 AM, Achim Hoffmann a...@securenet.de wrote:
!! When a server redirects requests with a 302, vhost discovery gets
confused.
!!
!! So the bug is basically that w3af follows 302 redirects off-site.
!! This could potentially be problematic in other
://w3af.svn.sourceforge.net/viewvc/w3af/extras/testEnv/webroot/w3af/core/repeated_parameter_names/repeated_parameter_names.php?revision=2758view=markup
On Thu, 2009-03-12 at 14:43 -0200, Facundo Batista wrote:
2009/3/11 Andres Riancho andres.rian...@gmail.com:
http://host.tld/index.do?sp=1sp=spamsp=eggs
List,
What do you think about having something like this [0] for w3af?
[0] http://cihar.com/phpMyAdmin/stats/
Cheers,
--
Andrés Riancho
http://www.bonsai-sec.com/
http://w3af.sourceforge.net/
--
Apps built with
Taras,
On Sun, Mar 22, 2009 at 6:46 AM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Hello, all!
I just added support of more powerful checkbox processing to w3af.
Now when there is generation of form variants in place checkbox var=val
not sending in each fRequest. Only in some variants:
Taras,
On Mon, Mar 23, 2009 at 5:15 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Hello, list!
I'm going to make big presentation on RusCrypto 2009 security conference
about practical requirements of PCI DSS such as pentests, external and
internal vulnerability network scans and
Leo,
On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote:
Hello,
I want to help with some microtask.
Please, bare in mind that I don't know the framwork very well.
Thanks for your email! New contributors are ALWAYS welcome =)
I just found a nice task that you
, Mar 1, 2009 at 8:42 PM, Andres Riancho andres.rian...@gmail.com
wrote:
Albert,
I've never used FreeBSD, so... here are some questions:
- Does FreeBSD have an online repository?
- How well does FreeBSD handle dependencies?
- Do you know any official FreeBSD developer? Could he sponsor
Ulises,
On Thu, Mar 12, 2009 at 9:48 AM, Andres Riancho
andres.rian...@gmail.com wrote:
Ulises,
On Sun, Mar 1, 2009 at 2:04 AM, Andres Riancho andres.rian...@gmail.com
wrote:
Ulises,
I haven't used slackware in years, so I don't know how things are
done there; I've got some questions
/controllers/misc/make_leet.py?revision=2781view=markup
Cheers,
On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho andres.rian...@gmail.com
wrote:
Leo,
On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com
wrote:
Hello,
I want to help with some microtask.
Please, bare
olle,
On Fri, Mar 27, 2009 at 9:37 AM, olle o...@nxs.se wrote:
On Fri, Mar 27, 2009 at 12:58:17PM +0100, olle wrote:
Damn, how the hell do I start diagnosing this crash?
Exception in thread Thread-7:
Traceback (most recent call last):
File /usr/lib/python2.5/threading.py, line 486, in
Olle,
On Fri, Mar 27, 2009 at 7:54 AM, olle o...@nxs.se wrote:
Hi guys!
The regexp in the ajax grep plugin sucks.
Oh, I *love* emails that start like this! =)
It infiniloops on a current site
I'm assessing. So I took the liberty of cleaning it up a bit. The new code
does what I suspect
On Fri, Mar 27, 2009 at 5:42 PM, dblackshell backbon...@gmail.com wrote:
I understand that this is any number of characters which are not ,
but... does this make any sense if you put it in front of a like
this \W*script[^]* ?
Are these equivalent?
\W*script[^]*
one?
You may use my talk from OWASP NYC which was video recorded as a base.
[0] http://ruscrypto.ru/conference/program/open-source/
[1] http://w3af.sourceforge.net/documentation/user/w3af-T2.pdf
On Mon, 2009-03-23 at 18:53 -0300, Andres Riancho wrote:
Taras,
On Mon, Mar 23, 2009 at 5:15 PM
dblackshell,
On Sat, Mar 28, 2009 at 5:10 PM, dblackshell backbon...@gmail.com wrote:
I don't know if there is a difference in performance.
--
I did the test in performance... for the following string: script
type=text/javascript
The results are self explanatory:
\W*script[^]*
Achim,
On Mon, Mar 30, 2009 at 7:36 AM, Achim Hoffmann a...@securenet.de wrote:
!! You may use my talk from OWASP NYC which was video recorded as a base.
off-topic somehow
Is there something about w3af at the upcomming OWASP AppSec2009 and/or
CONFidence in Krakow?
/off-topic somehow
My
Herman,
First of all, thank you in advance and welcome!
On Sun, Apr 5, 2009 at 9:12 PM, Herman A. Junge herman.ju...@gmail.com wrote:
Hi, I want to contribute to the project. Do you have a RoadMap and/or a TODO
List?
In this URL [0] you may find a list of TODO lists, each for every
Aaron,
On Thu, Apr 16, 2009 at 8:10 PM, Aaron Peterson
aa...@midnightresearch.com wrote:
Hi Andres:
We talked on IRC a couple weeks ago about how I might be able to help out
w3af,
and you gave me an easy bug that didn't require much knowledge of the
internals
to fix.
Taras,
On Mon, Apr 27, 2009 at 6:34 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Hello, list!
I had tried WebScarab [0] and Burp Proxy [1]
Here is plan:
* More convenient GUI (multiple requests and history navigation, table
presentation of request/response data and so on)
I
Fabrizio,
On Tue, Apr 28, 2009 at 10:21 AM, Fabrizio Francione
lordfa...@hotmail.it wrote:
Hello everybody!
How can i help you in this cool project ,w3af?
Thanks for considering contributing with the w3af project. We are
always looking for new people to help us improve w3af and achieve to
Juan Carlos,
On Tue, Apr 28, 2009 at 11:24 AM, Juan Carlos Montes
jcmontes@gmail.com wrote:
Hi all!!
Can i do anyone task in the project?
Ahh, this day keeps getting better! =)
Would you like to help Robert Carr carr.m.rob...@gmail.com with his
vulnerability reference task? We were
Fabrizio,
On Tue, Apr 28, 2009 at 12:48 PM, Fabrizio Francione
lordfa...@hotmail.it wrote:
Date: Tue, 28 Apr 2009 17:38:32 +0200
I was joking . I wish they are ok.
I just read the code, here are my comments:
- You shouldn't change the name of the files, you changed
buffOverflow.py to
Fabrizio,
On Tue, Apr 28, 2009 at 1:44 PM, Fabrizio Francione
lordfa...@hotmail.it wrote:
So..
1) In most cases (just to put an example, line 76 of dav.py) you are
using tabs to indent your code. PEP-8 (which we try to follow) says
that python code should be indented using 4 spaces. You
Achim,
On Tue, Apr 28, 2009 at 11:37 AM, Andres Riancho
andres.rian...@gmail.com wrote:
Achim
On Tue, Apr 28, 2009 at 11:30 AM, Achim Hoffmann a...@securenet.de wrote:
When I configure a scan and start it it immediately hangs, happens in GUI
and console. In GUI I see a message like
Taras,
On Wed, Apr 29, 2009 at 5:40 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Andres,
* Transcoder (string to MD5/SH1, URL encode/decode and so on)
We already have that tool! Please see Encode/Decode in the tools
section of the GUI.
Ups :)
hehehe, no problem =)
* Audit
, 2009 at 7:55 PM, Robert Carr carr.m.rob...@gmail.com wrote:
All,
-Original Message-
From: Andres Riancho andres.rian...@gmail.com
To: Taras P. Ivashchenko naplan...@gmail.com
Cc: w3af-develop@lists.sourceforge.net
Subject: Re: [W3af-develop] W3AF Proxy v2 plans - BurpProxy killer
Taras,
On Wed, Apr 29, 2009 at 5:40 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
What about separate branch or I can develop it in trunk?
I think that this will break the MITM proxy in the process, so I think
that we should use a branch. I just created the taras branch once
again =)
Achim,
On Thu, Apr 30, 2009 at 4:52 AM, Achim Hoffmann a...@securenet.de wrote:
Hi all,
while scanning a site, all findings are reported sorted well in the Results -
KB Browser tab.
In the information window top right we read something like:
The remote web server
This Information
Achim,
On Thu, Apr 30, 2009 at 5:26 AM, Achim Hoffmann a...@securenet.de wrote:
How about following enhancements.
why do we need spaces there?
id=42
should be good enough for any DB
hehe, yes, good finding, it was stupid to request that to the user.
When I tried to fix it, I saw:
Achim,
On Thu, Apr 30, 2009 at 7:31 AM, Achim Hoffmann a...@securenet.de wrote:
On Thu, 30 Apr 2009, Achim Hoffmann wrote:
!! it seems to be just the GUI which freezes.
!! The symtoms are:
!! * GUI does not refresh if you click on the window frame (means that it
does
!! not get the
Achim,
On Thu, Apr 30, 2009 at 3:02 PM, Achim Hoffmann a...@securenet.de wrote:
On Thu, 30 Apr 2009, Andres Riancho wrote:
!! Achim,
!!
!! On Thu, Apr 30, 2009 at 5:26 AM, Achim Hoffmann a...@securenet.de wrote:
!! How about following enhancements.
!!
!! why do we need spaces
Achim
On Thu, Apr 30, 2009 at 3:15 PM, Achim Hoffmann a...@securenet.de wrote:
On Thu, 30 Apr 2009, Andres Riancho wrote:
!! On Thu, Apr 30, 2009 at 7:31 AM, Achim Hoffmann a...@securenet.de wrote:
!!
!! On Thu, 30 Apr 2009, Achim Hoffmann wrote:
!! !! it seems to be just the GUI which
Matt,
On Fri, May 1, 2009 at 12:57 PM, Matt Tesauro mtesa...@gmail.com wrote:
Andres Riancho wrote:
Aaron,
On Thu, Apr 30, 2009 at 4:59 PM, Aaron Peterson
aa...@midnightresearch.com wrote:
Hello:
On Wed, Apr 29, 2009 at 08:20:47PM -0300, Andres Riancho wrote:
On Wed, Apr 29, 2009
Aaron,
On Fri, May 1, 2009 at 2:09 PM, Aaron Peterson
aa...@midnightresearch.com wrote:
Hello:
On Thu, Apr 30, 2009 at 05:24:07PM -0300, Andres Riancho wrote:
Do you have any particular idea in mind to add/fix to the framework?
Would you like me to assign you a new task?
Yeah, if you have
List,
Today I'm releasing moth, a new tool which I think you'll enjoy.
This release is for this mailing list only, the public release (full
disclosure, web app sec mailing list, etc.) is going to be in a couple
of days!
Moth is a VMware image with a set of vulnerable Web Applications, that
Achim,
On Wed, May 6, 2009 at 6:51 AM, Achim Hoffmann a...@securenet.de wrote:
Hi Andres,
got following degug output when using robotsreader plugin
[ 05/06/09 11:09:41 - information ] A robots.txt file was found at:
https://some.tld/robots.txt;. This information was found in
Achim,
On Wed, May 6, 2009 at 8:26 AM, Achim Hoffmann a...@securenet.de wrote:
what does following mean?
[ 05/06/09 12:36:03 - vulnerability ] An unidentified web application error
was
found at: https://some.tld/report_popup.jsp;. Enable all
plugins and try again, if the error still is
Achim,
On Wed, May 6, 2009 at 8:31 AM, Achim Hoffmann a...@securenet.de wrote:
got 100s of following message in the console window right befor w3af GUI
crashed:
File D:\Programs\w3af\core\data\kb\info.py, line 168, in _convert_to_range
respomse_string += ' ' +
Achim
On Wed, May 6, 2009 at 9:29 AM, Achim Hoffmann a...@securenet.de wrote:
Andres,
sometimes (mainly after changing the Scan config) the [Clear] or
[Start] button right to the target URL is disabled.
Nothing seem to enable it again.
I've to close w3af GUI and start again.
Any ideas?
Achim,
On Wed, May 6, 2009 at 10:59 AM, Achim Hoffmann a...@securenet.de wrote:
Hi Andres,
another nasty thing.
I'll explain first, then see the corresponding debug.
Tried to write a fix, but it seems not that simple without understanding
how w3af works.
Here we go:
* a requests
Achim,
On Wed, May 6, 2009 at 11:47 AM, Achim Hoffmann a...@securenet.de wrote:
while browsung through the requsts reported by the dav-methods plugin
I detected that the plugin seems to send the request without the
specicified UA, at least the listed request does not contain the
UA header.
Achim,
On Wed, May 6, 2009 at 11:51 AM, Achim Hoffmann a...@securenet.de wrote:
all the requests reported by the dav-method plugin are shown as
GET
even the description shows multiple DAV methods, the request is always
GET. Is this correct? It's at least confusing, and the reported request
Taras,
On Thu, May 7, 2009 at 3:43 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Andres,
it interesting idea!
It looks like DVL[0] but especially for web security?
Yep, its basically the same idea.
[0] http://www.damnvulnerablelinux.org/
wget
Taras,
On Sun, May 10, 2009 at 5:10 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Hi, list!
There is a some code joke was found =)
$ cat core/data/db/persist.py | grep -A3 -B3 SQL injection
# Get the row(s)
c = self._db.cursor()
select_stm = select * from
Taras,
Hi! How are you? I hope you're well,
I've been offline for a week or so, and I saw that you commited
some changes to your branch. Could you please make a summary of your
changes (two lines) for me? I'll be able to download and read the code
tomorrow, or maybe on Wendsday :(
Chris,
Sorry for the late response, but I was pretty busy at OWASP EU and
CONFidence (w0w, great conferences!!)
On Mon, May 11, 2009 at 12:21 PM, Chris Teodorski
chris.teodor...@gmail.com wrote:
Hello all,
I'd be interested in proofing and contributing to the User Guide - I
found some
Taras,
On Tue, May 19, 2009 at 6:27 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Hello, Andres and all!
Hi! How are you? I hope you're well,
Thanks, I'm in the mood for coding =)
And you?
I've been offline for a week or so, and I saw that you commited
some changes to your
Muffys,
On Wed, May 20, 2009 at 4:46 AM, Muffys Wump muff...@hotmail.com wrote:
Hi List,
Some time ago we've implemented a feature into the webSpider which allows
you to set URL parameters to all discovered pages. e.g.
http://foo.bar/page.jsp;jsessionid=x?id=5.
My motivation was to set
Taras,
On Wed, May 20, 2009 at 6:27 PM, Taras P. Ivashchenko
naplan...@gmail.com wrote:
Andres,
For the first I made some clean-up of GUI:
- in history tab added Clean button for viewing all entries
I think that if the user hasn't supplied a search string, the clear
button should be
Ryan,
On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst ryandewhu...@gmail.com wrote:
Hello,
I have developed a python script that can detect the version of a
wordpress installation. I think it would fit well within w3af,
Yes, it seems that it's something good to have in the framework.
I have
. Maybe it would be a good idea to parse that, and compare it
with the result of the fingerprinting. What do you think?
Cheers,
Ryan
2009/5/28 Andres Riancho andres.rian...@gmail.com:
Ryan,
On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst ryandewhu...@gmail.com
wrote:
Hello,
I have developed
email conversation that wordpress echos its
version number in the page head. I managed to find an example of it.
Your right I do have a security plugin installed which must have
removed it from my blog.
Here is an example:
meta name=generator content=WordPress 2.7.1 /
2009/5/28 Andres Riancho
seemanta,
On Fri, May 29, 2009 at 9:37 AM, seemanta patnaik
seemantapatn...@yahoo.co.in wrote:
Hello Everybody,
I have a requirement to crawl a website from my base existing
software(program) and to push the output into an xml file. Please let me
know if there is any API on w3af which can be
seemanta,
On Fri, May 29, 2009 at 10:09 AM, Andres Riancho
andres.rian...@gmail.com wrote:
seemanta,
On Fri, May 29, 2009 at 9:37 AM, seemanta patnaik
seemantapatn...@yahoo.co.in wrote:
Hello Everybody,
I have a requirement to crawl a website from my base existing
software(program
that with these recommendations
you'll be able to complete the development of your first w3af plugin
=)
PS: You should answer inline.
Ryan
2009/6/6 Andres Riancho andres.rian...@gmail.com:
Ryan,
On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurstryandewhu...@gmail.com wrote:
Also delete the .pyc
m0ses,
On Mon, Jun 8, 2009 at 10:24 AM, mOsestrklis...@networksamurai.org wrote:
Andres and all members of the dev list,
I was able to find a project took the original NTLMAPS and ported
it to use urllib2.
Excellent!! I was searching for that a long time ago, and failed! Thanks!!
Could
Ryan,
First of all, I would like to congratulate you for a job well
done. The wordpress_fingerprint plugin is now part of w3af.
I just commited it [0] to the trunk with a couple of changes
(please review those changes, they are important).
On the other hand, we still need to work a
Ryan,
On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paolawi...@wisec.it wrote:
Guys,
Sorry for getting into the middle of this thread without knocking...
hehehe
Inline since I hate bottom posting :)
ok,
Il giorno lun, 08/06/2009 alle 12.05 -0300, Andres Riancho ha scritto:
Ryan
Taras,
On Mon, Jun 8, 2009 at 5:36 PM, Tarasta...@securityaudit.ru wrote:
Hello, list!
I decided to inform you about current status of proxy tool improvement:
Good,
* Table presentation and editing of request/response data (headers) and so
on - done
* Table presentation of request
Ryan,
On Mon, Jun 8, 2009 at 4:50 PM, Ryan Dewhurstryandewhu...@gmail.com wrote:
I have implemented the re and data checker, to compare them both and
output as appropriate.
That part seems to be ok,
Seems to be working however in KB the request/response windows are incorrect.
Could you
Ryan,
On Mon, Jun 8, 2009 at 8:26 PM, Ryan Dewhurstryandewhu...@gmail.com wrote:
2009/6/8 Andres Riancho andres.rian...@gmail.com:
Ryan,
On Mon, Jun 8, 2009 at 4:50 PM, Ryan Dewhurstryandewhu...@gmail.com wrote:
I have implemented the re and data checker, to compare them both and
output
Taras,
On Tue, Jun 9, 2009 at 1:25 AM, Tarasta...@securityaudit.ru wrote:
Andres,
* More convenient History navigation and presentation - in progress
(Let's moving from hacker's search with SQL syntax to more convenient
search by URL in main text entry + hidden advanced options bar for
Ryan,
On Tue, Jun 9, 2009 at 9:39 PM, Ryan Dewhurstryandewhu...@gmail.com wrote:
2009/6/10 Andres Riancho andres.rian...@gmail.com:
Stefano, All,
On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paolawi...@wisec.it wrote:
Guys,
Sorry for getting into the middle of this thread without knocking
m0ses,
On Wed, Jun 10, 2009 at 12:09 AM, mOsestrklis...@networksamurai.org wrote:
Andres and team,
On Jun 8, 2009, at 11:28 AM, Andres Riancho wrote:
m0ses,
On Mon, Jun 8, 2009 at 12:01 PM, mOsestrklis...@networksamurai.org
wrote:
Andres,
On Jun 8, 2009, at 10:42 AM, Andres Riancho
Wagner,
On Tue, Jun 9, 2009 at 11:25 AM, Wagner Eliaswagner.el...@gmail.com wrote:
Hi Guys
What do you think of Fingerprint_WAF update the plugin to use the
newly launched tool Waffit
(http://code.google.com/p/waffit/source/browse/trunk/wafw00f.py)? She
has the most established and can
List,
On Wed, Jun 10, 2009 at 11:07 PM, mOsestrklis...@networksamurai.org wrote:
Andres,
On Jun 10, 2009, at 8:59 AM, Andres Riancho wrote:
m0ses,
On Wed, Jun 10, 2009 at 12:09 AM, mOsestrklis...@networksamurai.org
wrote:
Andres and team,
I have started work on this and I believe I
Jon,
On Thu, Jun 11, 2009 at 2:21 PM, jrosejr...@owasp.org wrote:
Has anyone written a plugin to bruteforce directories or file names
similar to Dirbuster by OWASP?
I haven't, and I don't know of anyone that has... but there have been
people interested in doing it. I think that the reason that
with the
flexibility to use any list you want.
Yes
I'll take a shot at writing this
plugin and email it out to the list when I'm done.
Sure! Thanks!
Thanks,
Jon
On Jun 11, 2009, at 2:50 PM, Andres Riancho wrote:
Jon,
On Thu, Jun 11, 2009 at 2:21 PM, jrosejr...@owasp.org wrote:
Has
mOses,
On Sat, Jun 20, 2009 at 7:38 PM, mOsestrklis...@networksamurai.org wrote:
Andres,
On Jun 12, 2009, at 8:42 AM, Andres Riancho wrote:
I'm attaching a slightly modified version of the urlOpenerSettings
file, which fixes 1-. I'll try to performs some tests tomorrow
morning
Eduardo,
On Tue, Jun 30, 2009 at 12:12 AM, Eduardo Jorgeserrano.ne...@gmail.com wrote:
Hi Adam, and all :)
I made a little modification and i will think this bug as fixed.
Thanks!
Andres, do you like I send the code here? or a simple patch?
A diff will do it.
w3af project have a coding
(Althought, I thought I was)
Calling setBasicAuth doesn't happen from within this file huh?
Please svn up and perform your patch against that, sorry :(
Moses
On Jun 21, 2009, at 10:24 PM, Andres Riancho wrote:
mOses,
On 6/21/09, mOses trklis...@networksamurai.org wrote:
Andres,
On Jun 20
Eduardo,
How're you? I hope you're doing well,
You asked me privately if I had any tasks for you, so here I'm
sending you a couple from which you can choose:
-
https://sourceforge.net/tracker/?func=detailaid=2675349group_id=170274atid=853652
This bug is pretty lame, the problem is that
=revrevision=2934
Cheers,
On Mon, Mar 30, 2009 at 9:37 PM, leo fishmanleo.mail...@gmail.com wrote:
Here is a new version, if its ok, I can start coding the append to the kb.
On Fri, Mar 27, 2009 at 5:38 PM, Andres Riancho andres.rian...@gmail.com
wrote:
Leo,
On Fri, Mar 27, 2009 at 5:27 PM
Jon,
On Fri, Jul 10, 2009 at 8:29 AM, Andres Rianchoandres.rian...@gmail.com wrote:
Jon,
On Wed, Jul 8, 2009 at 1:14 PM, jrosejr...@owasp.org wrote:
Hey Achim and Andres,
I wrote this simple directory bruteforcing plugin awhile back and have been
using it with my local w3af install. It
Taras,
On Thu, Jul 16, 2009 at 4:52 PM, Tarasta...@securityaudit.ru wrote:
Andres,
How're you? I hope you're doing fine,
Thanks, I'm fine studing WiFu and developing W3AF =)
And you?
Fine, I'm doing some pentesting gigs, having fun with some broken
business logic =)
- What do you
Sasha,
On Fri, Jul 17, 2009 at 7:19 AM, Alexander
Berezhnoyalexander.berezh...@gmail.com wrote:
Andres, guys,
2009/7/16 Andres Riancho andres.rian...@gmail.com:
Sasha,
On Tue, Jul 14, 2009 at 3:34 AM, Alexander
Berezhnoyalexander.berezh...@gmail.com wrote:
Hi list,
I want to share
Taras,
On Fri, Jul 17, 2009 at 3:04 AM, Tarasta...@securityaudit.ru wrote:
Andres,
And make the fourth button at the bottom with Audit with.. popup menu?
Yes, that's exactly what I was talking about. Also, I think that you
should add a All at the beginning of the list, that iterates through
pham,
On Sat, Jul 18, 2009 at 10:53 AM, pham toanpham0van0t...@gmail.com wrote:
I'am a student from vietnam, i'm very interesting with your project so i'm
wish to contribute a little for it. Please tell me what i should done now?
Welcome to the w3af team =)
I have a rather simple task you can
Eduardo,
On Tue, Jun 30, 2009 at 9:22 AM, Andres Rianchoandres.rian...@gmail.com wrote:
Eduardo,
How're you? I hope you're doing well,
You asked me privately if I had any tasks for you, so here I'm
sending you a couple from which you can choose:
-
Taras,
On Mon, Jul 13, 2009 at 7:30 PM, Andres Rianchoandres.rian...@gmail.com wrote:
Taras,
On Mon, Jul 13, 2009 at 3:30 PM, Tarasta...@securityaudit.ru wrote:
Andres,
Yes, I totally agree, we need to change that. I'll do it in a minute,
please wait,
I think it's done =)
Great!
Taras,
I've been playing with your branch for a couple of hours, and now
we are ready to launch plugins from any HTTP request and find
vulnerabilities! Some comments:
- The vulns are only shown in the console (print vuln), but all
the rest is working.
- I also added thread support to
Taras,
On Sun, Jul 26, 2009 at 5:53 PM, Tarasta...@securityaudit.ru wrote:
Andres,
Sorry for late response. I was in business trip.
No problem mate,
By the way I begin to write on russian and english about W3AF in my secure
blog [0]
Nice! =)
I've been playing with your branch for a
1 - 100 of 631 matches
Mail list logo