Andres,
I have posted a comment in issue 266 in order to ask you some question
about the code review:
https://github.com/andresriancho/w3af/issues/266
Thanks in advance :)
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter
Hi,
You can start by read W3AF documentation [0] and analyse source code [1]
in order to understand how W3AF is built. After you can check the
features list [2] managed by Andres in order to see which contribution
is opened. You can also contribute in forms of unit tests cases writing
for exis
Hi,
Seems to be cool :-)
Le 30 août 2013 00:05, "Andres Riancho" a écrit :
> Take a look at nimbostratus [0] my latest toy project :)
>
> [0] http://andresriancho.github.io/nimbostratus/
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framew
I have updated the Wiki with this information:
https://github.com/andresriancho/w3af/wiki/Contributing-101
On 17/08/2013 11:23, Dominique RIGHETTO wrote:
> Hi,
>
> I have just found a trick to avoid to commit and push "__init__.py"
> file. I use Git option "--assume-un
.github.com/articles/ignoring-files
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0xC34A4565323D19BA
http://www.righettod.eu
"No trees were killed to send this message, but a large number of
electrons wer
ment, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
"No trees were killed to send this message, but a large number of electrons
were terribly
ment, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
"No trees were killed to send this message, but a large number of electrons
were terribly
Andres, DM,
I will setup ASAP an IRC client (I have never used IRC before) and I will
come back to you with a date (Luxembourg time) when I'm able to connect to
#w3af channel...
Regards,
Dom
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.
.com" then "host" header manipulation seems to be
possible...
My understanding is it correct ?
Thanks in advance :)
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
-
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
"No trees were killed to send this message, but a large number of electrons
were terribly inconvenienced."
On Mon, Jul 15, 2
Hi,
Thanks you. I will use your feedback to understand and find the
vulnerability detection methods.
Best regards,
Dom
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
&qu
t is unfinished.
>
> My code is based on skipfish detection:
> http://code.google.com/p/skipfish/source/browse/trunk/src/checks.c
>
> Regards,
>
>
>
> On Sat, Jul 13, 2013 at 10:09 AM, Dominique Righetto
> mailto:dominique.righe...@gmail.com>> wrote:
>
> H
Hi Andres,
I'm working on integer overflow detection plugin and I try to understand,
in a audit plugin, how to access to injection points detected by in
discovery part.
Can you give me some pointer or plugin example ?
Thanks in advance
Dom
---
-
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
"No trees were killed to send this message, but a large number of electrons
wer
o)
I will manage update directly from vim.org, the UI seems cool and clear :o)
Regards,
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
"No trees were killed to send this
Hi,
To facilitate maintenance I have published the file here:
http://www.vim.org/scripts/script.php?script_id=4567
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
"No
Hi Andres,
I have wrote an VIM syntax file for W3AF script, can you add it into the
project source on Github repository ?
I will manage is maintenance because I mainly use W3AF using scripts...
I have tested it with Ubuntu and VIM 7.3
Thanks in advance
--
Cordialement, Best regards,
Dominique
,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
"No trees were killed to send this message, but a large number of electrons
were terribly inconvenienced."
On Fri, Apr 26, 2013 at 6:48 AM, w3b giant wrote
Hi,
Small update to provide the GIT command line to use to push commits from
git flow feature branch to remote repository (w3af reference repository
fork):
git push origin [BRANCH_NAME]
Ex:
git push origin feature/csp_plugin
Hope this helps :)
Dom
---
Hi,
Sorry for delay, I have searched how to push my git flow feature branch
to my w3af repository fork = "git push origin feature/csp_plugin" ;o)
On
https://github.com/righettod/w3af/tree/feature/csp_plugin
See files below:
- core/data/db/disk_csp_vuln_store_item.py
- core/controllers/csp/util
Hi,
I think that it can be an idea, in order to supports Windows platform, to
provide a Cygwin bundle in the same way than ARACHNI:
"Arachni does not yet run natively on Windows systems, however until that
day comes you can download a pre-configured Cygwin environment containing
Arachni and its d
Hi,
A first draft of the csp grep plugin is implemented with unit tests and PHP
scripts.
For the moment, it list all csp vulns found for each url but I will
continue to work on it in order to apply smart analysis in the end step
I keep you informed about status ;o)
Dom
-
ature start
After the "git flow feature start" command I have the content of the
Threading2 branch.
Hope this help ;)
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0xC34A4565323D19BA
http://www.righ
Hi,
W3AF will be the main tool to apply non-human security check on the next
project on which I will work then I will report any issues...
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http
Hi Andres,
For sure I will use this process ;o)
I will keep you informed.
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://righettod.github.com
"No trees were killed to send this message,
Hi,
Just to inform you that I have started implementation of the CSP grep
plugin based on "ClickJacking" plugin
I will use this work to update my knowledge of the new W3AF contribution
process on Github.
I will keep you informed :)
Dom
---
travis-ci seems to be an interesting options
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://righettod.github.com
"No trees were killed to send this message, but a large number of elec
CloudBees can be used only with Java/JRuby and grails :o
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://righettod.github.com
"No trees were killed to send this message, but a large numb
Hi,
I use CloudBees since almost one year for my github project and it has a
very complete offering...Moreover it provide free account for Open Source
project.
Rendering overview for my project:
https://righettod.ci.cloudbees.com/job/HibernateValidatorSecurityContribs/
Dom
On Thu, Feb 7, 2013
I have created a ticket for this tasks:
https://github.com/righettod/w3af-contribs/issues/4
--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your sk
Hi Andres,
For sure, which existing Grep plugin can I use as template ?
Thanks in advance.
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://righettod.github.com
"No trees were killed to
b.com/righettod/w3af-contribs/issues/2#issuecomment-12192049
[1]
https://github.com/righettod/w3af-contribs/commit/a6c06a1fe0f7d6ee8241a7dfe05a7eed96078633
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0xC
for the each directive
Ticket updated :
https://github.com/righettod/w3af-contribs/issues/2#issuecomment-11926663
;o)
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0xC34A4565323D19BA
http
wrote:
> Dom,
>
> On Wed, Jan 2, 2013 at 7:51 AM, Dominique RIGHETTO
> wrote:
>> Hello,
>>
>> To begin with I present to you my best wishes for 2013 :)
>
> Thanks! My best wishes to you too in this new year that's just starting
> :)
>
>> I hav
test class.
I have executed unit tests against revision 6578 of Threading2 branch of
W3AF SVN repository.
See
https://github.com/righettod/w3af-contribs/commit/b2787b5371267d860b7a73ca23081d4bf2048e04
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe
it would be possible to achieve this kind of
> abstraction? Could you add it to the utils.py module and test it?
>
> Thanks for your contributions and sorry for the delay.
>
> PS: Gtalk to me if you've got a minute to talk about this
>
> Regards,
>
> On Fri, Dec 14,
Hi Andres,
I answer into your mail using !!!> prefix
Dom,
This is my code review for the CSP tests and utils:
* All the tests passed without any modifications
* Code in utils.py looks very clean, great improvement
!!!> Thanks you very much ;)
* Code in test_utils.py did not respect the 8
Hi Andres,
I hope your holidays has been good ;o)
Do you have any news about
http://sourceforge.net/mailarchive/message.php?msg_id=30167485
Have a nice day ;o)
Dom
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
Andres,
I have implemented all your remarks and I have aligned the "utils.py" code
to stick to 80 columns using the Python official style guide recommendation.
I have executed my unit tests against the revision 6177 of Threading2
branch (last from today) and all unit tests pass.
The github repo
many application use script code into their
page and it not implicate always XSS vulnerabilities.
>Recommendation: write a separate python module that parses the CSP
>header, I have the feeling we'll use it in more places than just the
>csp.py grep plugin.
Totally agree, i'm w
a nice day :)
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0xC34A4565323D19BA
http://righettod.github.com
"No trees were killed to send this message, but a large number of electrons were terribly
detect presence of
"default-src","script-src","object-src" directives with value set to "*"
because this indicate
that all sources are allowed and then remote content loading is fully
open
What do you think ?
[0] http://www.w3.org/TR/CSP/#directiv
rk :
https://github.com/righettod/w3af-plugins
Have a nice day.
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://righettod.github.com
"No trees were killed to send this message, but a large numb
have issue with some W3AF dependencies) thus i
cannot test anything then can you update "inspectOriginHeaderScrutiny.py"
script to take in account refactoring of the "utils" script ? I'm
apologize...
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
d
x27;t know when i will
fix my installation...
Regards,
Dom
On Mon, Oct 15, 2012 at 8:30 PM, Andres Riancho wrote:
> Dom,
>
> On Mon, Oct 15, 2012 at 10:25 AM, Dominique Righetto
> wrote:
> > Andres,
> >
> > OK. About preflight, i must admit that you are right and t
rding to a suggestion coming from you some weeks ago :)
Thanks you very much for sharing your experience with me, i'm new in
security area and it's very helpful for me to receive comments and advice
from experienced people :o)
Cordialement, Best regards,
Dominique Righetto
dominiqu
ked on server side then unsafe resource modification
become possible. Perhaps we can move this plugin from Audit type to another
like Discovery or Grep...
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righetto
Hi,
I understand, it's now my turn to find fact and real case to convince you
than this plugin have is place into W3AF...It's the game and it's a very
interesting part ;o
Thanks for review.
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
ot find it
into the threading2 branch and then I will report update into my version (i
will also change the name "cors_origin.py" the sync with the new name of
the other plugin)
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitte
Hi,
OK, in fact i am new in this project and then I don't know the official
release process, it's for this reason that i have asked the question.
Now it's clear and then it will more easy for me for next contributions ;o)
Cordialement, Best regards,
Dominique Righetto
,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
http://righettod.github.com
"No trees were killed to send this message, but a large number of electrons
were terribly inconveni
51 matches
Mail list logo
