Hi Andres,
got following degug output when using robotsreader plugin
[ 05/06/09 11:09:41 - information ] A robots.txt file was found at:
"https://some.tld/robots.txt";. This information was found in the request with
id 17.
[ 05/06/09 11:09:41 - error ]
[ 05/06/09 11:09:41 - error ]
Hi Andres,
got a buggy charset in a meta tag, which forced following:
---
[ 05/06/09 11:09:40 - debug ] GET https://some.tld/some.do?WSDL returned HTTP
code "204"
[ 05/06/09 11:09:40 - debug ] Unhandled exception in xUrllib._send(): unknown
encoding: utf-81
[ 05/06/09 11:09:40 - debug ]
what does following mean?
[ 05/06/09 12:36:03 - vulnerability ] An unidentified web application error was
found at: "https://some.tld/report_popup.jsp";. Enable all
plugins and try again, if the error still is not identified, please verify
mannually. And report it to the w3af developers. This
Achim,
On Wed, May 6, 2009 at 6:51 AM, Achim Hoffmann wrote:
> Hi Andres,
>
> got following degug output when using robotsreader plugin
>
>
> [ 05/06/09 11:09:41 - information ] A robots.txt file was found at:
> "https://some.tld/robots.txt";. This information was found in the reques
got 100s of following message in the console window right befor w3af GUI
crashed:
File "D:\Programs\w3af\core\data\kb\info.py", line 168, in _convert_to_range
respomse_string += ' ' + self._convert_to_range()
RuntimeError: maximum recursion depth exceeded
Achim
---
Achim,
On Wed, May 6, 2009 at 7:08 AM, Achim Hoffmann wrote:
> Hi Andres,
>
> got a buggy charset in a meta tag, which forced following:
>
> ---
> [ 05/06/09 11:09:40 - debug ] GET https://some.tld/some.do?WSDL returned HTTP
> code "204"
> [ 05/06/09 11:09:40 - debug ] Unhandled exceptio
Achim,
On Wed, May 6, 2009 at 8:26 AM, Achim Hoffmann wrote:
>
> what does following mean?
>
>
> [ 05/06/09 12:36:03 - vulnerability ] An unidentified web application error
> was
> found at: "https://some.tld/report_popup.jsp";. Enable all
> plugins and try again, if the error still is not ident
Achim,
On Wed, May 6, 2009 at 8:31 AM, Achim Hoffmann wrote:
> got 100s of following message in the console window right befor w3af GUI
> crashed:
>
> File "D:\Programs\w3af\core\data\kb\info.py", line 168, in _convert_to_range
> respomse_string += ' ' + self._convert_to_range()
> Runtim
Hi Andres,
On Wed, 6 May 2009, Andres Riancho wrote:
!! It means that a request performed by w3af, returned an error 500, but
!! this request/response pair could not be associated with a specific
!! vulnerability like "SQL injection". w3af warns you in order for you to
!! manually check this reso
!! > File "D:\Programs\w3af\core\data\kb\info.py", line 168, in
_convert_to_range
!! > respomse_string += ' ' + self._convert_to_range()
!! > RuntimeError: maximum recursion depth exceeded
!! >
!!
!! I got that message some times before, but I failed to debug it
!! properly. Could you pl
Andres,
sometimes (mainly after changing the Scan config) the [Clear] or
[Start] button right to the target URL is disabled.
Nothing seem to enable it again.
I've to close w3af GUI and start again.
Any ideas?
Achim
--
T
Achim
On Wed, May 6, 2009 at 9:29 AM, Achim Hoffmann wrote:
> Andres,
>
> sometimes (mainly after changing the Scan config) the [Clear] or
> [Start] button right to the target URL is disabled.
> Nothing seem to enable it again.
> I've to close w3af GUI and start again.
>
> Any ideas?
make sure y
Hi Andres,
another nasty thing.
I'll explain first, then see the corresponding debug.
Tried to write a fix, but it seems not that simple without understanding
how w3af works.
Here we go:
* a requests returns with a 302 status response (including a Location
header)
* the given FQDN in t
while browsung through the requsts reported by the dav-methods plugin
I detected that the plugin seems to send the request without the
specicified UA, at least the listed request does not contain the
UA header. This is for most, but not all requests.
I guess this is a bug, somehow.
Achim
--
all the requests reported by the dav-method plugin are shown as
GET
even the description shows multiple DAV methods, the request is always
GET. Is this correct? It's at least confusing, and the reported request
is useless (according the description).
Achim
Some requests are missing in the output logfiles. I guess that are requests
which timed out.
Would not be a problem, but some plugins (at least seen in dav-method plugin)
refer to the id of such requests and then show an empty request and response
tab.
As the information is missing, I can't debu
The knowledge base under the results tab is a very useful sheet to
get a quick information about the total findigs.
Unfortunatelly some plugins show their findings in different ways.
For example:
> strangeHeaders (1)
> strangeHeaders (2)
! Strange header
! Strange header
> s
17 matches
Mail list logo
