Stephen, On Wed, May 2, 2012 at 4:10 PM, Stephen Breen <breen.mach...@gmail.com> wrote: > In case anyone else is interested in this, someone else has already created > a system to scan and detect HTTP parameter pollution vulnerabilities. They > don't provide the source for their tool but it can be found here: > http://papas.iseclab.org/cgi-bin/index.py > > Their paper describing how it works can be found here: > http://www.iseclab.org/people/embyte/papers/hpp.pdf > > I plan on reading it and taking a shot at implementation as a w3af plugin.
Great! For comparing HTTP response bodies (which I assume you'll have to do) take a look at levenshtein.py (relative_distance_boolean function). Regards, > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop