Daniel,
On Sun, Feb 19, 2012 at 1:22 AM, Daniel Zulla
wrote:
> Andres,
>
> Interesting, have you reported a bug to python.org? Maybe submit a
> patch? I think that these things, even if they affect w3af, they
> should be fixed at the python level. If we find one of these that's
> really important
Andres,
> Interesting, have you reported a bug to python.org? Maybe submit a
> patch? I think that these things, even if they affect w3af, they
> should be fixed at the python level. If we find one of these that's
> really important and affects w3af with a code execution then we should
> fix it, k
Daniel,
On Thu, Feb 16, 2012 at 12:59 PM, Daniel Zulla
wrote:
> Nevertheless,
>
> I just wanted to point out that not every library seems to properly
> validate/sanitize all the input:
> (core/data/url/handlers/redirect.py)
>
> # fix a possible malformed URL
> urlparts = urlparse.u
Nevertheless,
I just wanted to point out that not every library seems to properly
validate/sanitize all the input:
(core/data/url/handlers/redirect.py)
# fix a possible malformed URL
urlparts = urlparse.urlparse(newurl)
if not urlparts.path:
urlparts = list(ur
Daniel,
On Thu, Feb 16, 2012 at 10:38 AM, Daniel Zulla
wrote:
> All software has vulnerabilities, it's in their nature :)
>
>
> Right.
>
> Don't really. As soon as the byte string enters w3af, the best
> thing to do is to decode it using the best encoding available (the one
> in Content-Enc
>All software has vulnerabilities, it's in their nature :)
Right.
>Don't really. As soon as the byte string enters w3af, the best
> thing to do is to decode it using the best encoding available (the one
> in Content-Encoding header, or some other we might have in the HTTP
> response) and
Daniel,
On Thu, Feb 16, 2012 at 10:07 AM, Daniel Zulla
wrote:
> I have analyzed some closed source vulnerability scanners, and audited open
> source scanners like skipfish.
> Some of them are ironically vulnerable. Somebody may create an apache2 module
> that recognizes attacks in order to forc
I have analyzed some closed source vulnerability scanners, and audited open
source scanners like skipfish.
Some of them are ironically vulnerable. Somebody may create an apache2 module
that recognizes attacks in order to force penetration testers' software to
crash (or worse, e.g. to execute arb
Daniel,
On Wed, Feb 15, 2012 at 6:33 PM, Daniel Zulla
wrote:
> Hi,
> Why do you even want to convert bytestrings to unicode?
Because the remote HTTP server receives a string of bytes, and
sends a string of bytes back to you in the HTTP response.
> Do you have some code / a example where tho
Hi,
Why do you even want to convert bytestrings to unicode?
Do you have some code / a example where those exceptions usually appear in the
current w3af code?
Regards,
Daniel
Am 15.02.2012 um 22:06 schrieb Javier Andalia:
> Hello Daniel,
>
> On Wed, Feb 15, 2012 at 5:11 PM, Daniel Zulla
> wro
Hello Daniel,
On Wed, Feb 15, 2012 at 5:11 PM, Daniel Zulla
wrote:
> What about switching over to Python3?
> It solves the UnicodeDecodeException madness.
Can you please be more specific? What exactly do you have in mind?
Maybe I'm wrong, but the way I see it w3af would still
receive/transmit e
What about switching over to Python3?
It solves the UnicodeDecodeException madness.
Cheers,
Daniel
Am 14.02.2012 um 12:24 schrieb Taras:
> There is one more thing to say about Unicode.
> Let's use decode(..., errors="ignore") for decoding strings into Unicode
> ones because without this option
Taras, Andres,,
On Tue, Feb 14, 2012 at 8:57 AM, Andres Riancho
wrote:
> Javier,
>
> How do the changes you commited yesterday affect the way we handle
> encodings? Do you agree with Taras' errors=ignore?
>
IMO, the right fix for this is to figure out what are the input
sources for the remain
Javier,
How do the changes you commited yesterday affect the way we handle
encodings? Do you agree with Taras' errors=ignore?
On Tue, Feb 14, 2012 at 8:24 AM, Taras wrote:
> There is one more thing to say about Unicode.
> Let's use decode(..., errors="ignore") for decoding strings into Unico
There is one more thing to say about Unicode.
Let's use decode(..., errors="ignore") for decoding strings into Unicode
ones because without this option in some case it produces
exceptions like: UnicodeDecodeError: 'utf8' codec can't decode byte 0xac
in position 38: invalid start byte
14.02.2012
ping :)
07.02.2012 17:56, Taras пишет:
> Hi, Javier!
>
> Sorry for delay :(
>
>> I'm running a scan against the same target and after 60 minutes and over
>> 20K requests, still no error. Maybe you're using a specific profile
>> configuration that leads to this error? Can you please share it?
>
> S
Hi, Javier!
Sorry for delay :(
I'm running a scan against the same target and after 60 minutes and over
20K requests, still no error. Maybe you're using a specific profile
configuration that leads to this error? Can you please share it?
Sure, see attachment.
Furthermore may be we need to di
Hello Taras!
On 01/27/2012 06:09 AM, Taras wrote:
> Hi, all!
>
> Right now I'm testing trunk version of w3af against some Unicode web
> applications. Good example of such webapp is http://slovari.yandex.ru
> You can use webapp on your language of course. Current result is w3af
> throws a lot of Un
Achim, yes. I mean UTF-8.
Always forget that Unicode == standart, UTF-8 is charset :)
27.01.2012 15:08, Achim Hoffmann пишет:
> did you mean UTF-8 when writing Unicode?
>
> Sorry for the silly question
> Achim
>
> Am 27.01.2012 10:09, schrieb Taras:
>> Hi, all!
>>
>> Right now I'm testing trunk
did you mean UTF-8 when writing Unicode?
Sorry for the silly question
Achim
Am 27.01.2012 10:09, schrieb Taras:
> Hi, all!
>
> Right now I'm testing trunk version of w3af against some Unicode web
> applications. Good example of such webapp is http://slovari.yandex.ru
> You can use webapp on you
20 matches
Mail list logo
