Re: [W3af-develop] Wordpress version discovery plugin
Ryan, On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst ryandewhu...@gmail.com wrote: Hello, I have developed a python script that can detect the version of a wordpress installation. I think it would fit well within w3af, Yes, it seems that it's something good to have in the framework. I have like a ton of questions about how it works, could you please send the script (as it is) to this mailing list for us to read it? the only problem being is that I have been unable to find a plugin development manual to be able to implement my script. There is no development manual :( For the type of feature that you want to add, the correct thing is to use a discovery plugin. discovery plugins are simple, they follow these rules: - the entry point is the discover method - the discover method takes a fuzzable request object as a parameter, and returns a list of fuzzable requests (fuzzable requests are representations of GET/POST requests, which represent links, and forms) - the discover method is called several times in the same scan, with the different links that (for example) the webSpider finds. I think that the best thing you can do is to read one or two discovery plugins (my recommendations are discovery.crossDomain and discovery.userDir), and start building your own plugin based on one of those. Is there a dev manual out there? No Does any one have some tips/advice on writting a plugin? Yes, see above, Does any one want me to send them the script for them to develop the plugin? You should develop the plugin yourself, is fun and good for the project =) Cheers, Thank you, Ryan -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] Wordpress version discovery plugin
Hello, Im new to mailing lists so im not sure if this will be sent there. I'll have a look into intergrating the script into w3af over the next couple of days and hopefully have a working version by the weekend. The script is quite simple once you have the gathered the nesesary data. I went through versions 2.2 to 2.7.1 and manually found client side differences in most of them, I also used the official changelogs to help identify them. The client side differences are in files such as CSS, javascript and HTML. Some versions did not have any differences apart from having extra files, which can easliy be identified with HTTP response codes. It works as such... Starting from version 2.7.1 (latest), the script tries to find something that 2.7 doesnt have, if it finds that something then the script stops and echos the version number. If the script doesnt find the difference it moves onto identifying the next version, i.e. does 2.7 have something the earlier version doesnt have. and so on and so forth. Ryan 2009/5/28 Andres Riancho andres.rian...@gmail.com: Ryan, On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst ryandewhu...@gmail.com wrote: Hello, I have developed a python script that can detect the version of a wordpress installation. I think it would fit well within w3af, Yes, it seems that it's something good to have in the framework. I have like a ton of questions about how it works, could you please send the script (as it is) to this mailing list for us to read it? the only problem being is that I have been unable to find a plugin development manual to be able to implement my script. There is no development manual :( For the type of feature that you want to add, the correct thing is to use a discovery plugin. discovery plugins are simple, they follow these rules: - the entry point is the discover method - the discover method takes a fuzzable request object as a parameter, and returns a list of fuzzable requests (fuzzable requests are representations of GET/POST requests, which represent links, and forms) - the discover method is called several times in the same scan, with the different links that (for example) the webSpider finds. I think that the best thing you can do is to read one or two discovery plugins (my recommendations are discovery.crossDomain and discovery.userDir), and start building your own plugin based on one of those. Is there a dev manual out there? No Does any one have some tips/advice on writting a plugin? Yes, see above, Does any one want me to send them the script for them to develop the plugin? You should develop the plugin yourself, is fun and good for the project =) Cheers, Thank you, Ryan -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ #!usr/bin/python import httplib, urllib2, socket, sys #wpurl = raw_input(Enter the WP URL you want to find the version of: ) wpurl = sys.argv[1].replace(http://,;) wpurl = wpurl.replace(www.,) errors = '404' def wp271(): url = wpurl + '/wp-includes/js/thickbox/thickbox.css' # Get page HTML try: Request = urllib2.urlopen('http://' + url) difference = '-ms-filter:' if difference in Request.read(): return 'true' except urllib2.HTTPError: return 'false' def wp27(): url = wpurl + '/wp-admin/css/farbtastic.css' # Get page HTML try: Request = urllib2.urlopen('http://' + url) difference = 'farbtastic' if difference in Request.read(): return 'true' except urllib2.HTTPError: return 'false' def wp26(): try: url = wpurl + '/wp-includes/js/tinymce/wordpress.css' # Get page HTML Request = urllib2.urlopen('http://' + url) difference = '-khtml-border-radius:' if difference in Request.read(): return 'true' except urllib2.HTTPError: return 'false' def wp251(): url = wpurl + '/wp-includes/js/tinymce/tiny_mce.js' # Get page HTML try: Request = urllib2.urlopen('http://' + url) difference = '0.7' if difference in Request.read(): return 'true' except urllib2.HTTPError: return 'false' def wp25(): url = wpurl + '/wp-admin/async-upload.php' # Get page HTML try: Request = urllib2.urlopen('http://' + url) return 'true' except urllib2.HTTPError, e: if e.code == 403: return 'true' else: return 'false' def wp231(): url = wpurl +
Re: [W3af-develop] Wordpress version discovery plugin
Ryan, On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst ryandewhu...@gmail.com wrote: Hello, Im new to mailing lists so im not sure if this will be sent there. It depends on the mailing list. This one is configured to accept attachments, I'll have a look into intergrating the script into w3af over the next couple of days and hopefully have a working version by the weekend. Excellent, if you need ANY help, just let us know. The script is quite simple once you have the gathered the nesesary data. I went through versions 2.2 to 2.7.1 and manually found client side differences in most of them, I also used the official changelogs to help identify them. Ohhh, you are the guy that wrote that blog post with the diffs of different wordpress release packages? The client side differences are in files such as CSS, javascript and HTML. Some versions did not have any differences apart from having extra files, which can easliy be identified with HTTP response codes. It works as such... Starting from version 2.7.1 (latest), the script tries to find something that 2.7 doesnt have, if it finds that something then the script stops and echos the version number. If the script doesnt find the difference it moves onto identifying the next version, i.e. does 2.7 have something the earlier version doesnt have. and so on and so forth. Ok, makes sense. Some comments regarding your code: - w3af uses PEP-8, with among other things says 4-spaces for indentations. Your code has 1-space (?) indentations. Please correct that. - The code is pretty simple, but i think it could be done in a better way. Having that many functions (wp22 to wp271) doesn't seem to be a good option. Do you think that the code could be changed a little bit, and create a database (which can be easily updated) and then use that database to store the information? Example of the databse self._wp_fingerprint = [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', 'farbtastic')] - Also, by default wordpress publishes the version number in every page head. Maybe it would be a good idea to parse that, and compare it with the result of the fingerprinting. What do you think? Cheers, Ryan 2009/5/28 Andres Riancho andres.rian...@gmail.com: Ryan, On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst ryandewhu...@gmail.com wrote: Hello, I have developed a python script that can detect the version of a wordpress installation. I think it would fit well within w3af, Yes, it seems that it's something good to have in the framework. I have like a ton of questions about how it works, could you please send the script (as it is) to this mailing list for us to read it? the only problem being is that I have been unable to find a plugin development manual to be able to implement my script. There is no development manual :( For the type of feature that you want to add, the correct thing is to use a discovery plugin. discovery plugins are simple, they follow these rules: - the entry point is the discover method - the discover method takes a fuzzable request object as a parameter, and returns a list of fuzzable requests (fuzzable requests are representations of GET/POST requests, which represent links, and forms) - the discover method is called several times in the same scan, with the different links that (for example) the webSpider finds. I think that the best thing you can do is to read one or two discovery plugins (my recommendations are discovery.crossDomain and discovery.userDir), and start building your own plugin based on one of those. Is there a dev manual out there? No Does any one have some tips/advice on writting a plugin? Yes, see above, Does any one want me to send them the script for them to develop the plugin? You should develop the plugin yourself, is fun and good for the project =) Cheers, Thank you, Ryan -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers brand creativity professionals. Meet the