Andres, great job! :-) I will try to test it.
В Чт, 10/09/2015 в 12:16 -0300, Andres Riancho пишет:
> List,
>
> I'm glad to announce that w3af can now detect 100% of the XSS
> vulnerabilities in WAVSEP!
>
> As part of the "Improve w3af's score for WAVSEP XSS by at least
> 20%" [0] task, I completely rewrote (twice) the context detection
> engine originally developed by Taras. The new engine has the
> following
> improvements:
>
> * Code is easier to read
> * Context detection false positive is reduced (But can still be
> improved by migrating from HTMLParser to lxml)
> * Added JavaScript sub-parser
> * Added CSS sub-parser
>
> I've also added new payloads to the XSS plugin which were
> required
> to "break out" of the new contexts we're identifying.
>
> These changes are part of the "develop" branch, just switch to
> the
> branch using "git checkout develop" and enjoy the new features (bug
> reports are always welcome!).
>
> For those who love to read code, you'll find most of the changes
> here [1]
>
> Enjoy!
>
> [0] https://github.com/andresriancho/w3af/issues/37
> [1] https://github.com/andresriancho/w3af/tree/develop/w3af/core/data
> /context
>
> Regards,
------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
