Hi guys,
not sure if it's been flagged previously (is there an issue tracker
like on github?) -
w3af using Yahoo's siteexplorer for some tests - but unfortunately
that great useful tool is no longer available.
Would you rip the related functionality out? If you find other usable
alternatives (bek
Hi Andrés,
> Could you run this test to see what happens?
>- Run python in a shell
>- from OpenSSL import SSL
with my default Python27 the error is:
>>> from OpenSSL import SSL
Traceback (most recent call last):
File "", line 1, in
ImportError: No module named OpenSSL
>>>
but it work
I updated the code tree from SVN and tried to run ./w3af_console. The
full error is below, it included:
On a mac with mac ports installed:
sudo port install py26-socket-ssl py26-openssl
But there is no macport py26-socket-ssl package, only py25-socket-ssl
one - would it work?
This is also ment
Hi Taras,
On Tue, May 19, 2009 at 11:59 PM, Taras P. Ivashchenko
wrote:
>
> How often in real there is such situation (when some input param is echoed
> back to the browser after url decoding)?
>
> I think it's a real risk and we should at least allow for a possibility to
test for it. I've seen
Hi guys,
I played with the w3af for the first time today. I'm specifically
interested in the XSS scanning (crawling + fuzzing).
It seems w3af does not catch the case when the site echoes the
double-encoded Javascript.
I added the following tests in xss.py, function _get_xss_tests :
# D.S
