Re: [W3af-users] HTTP redirect

ugh the website? > --- > --- > ___ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users -- Taras

Re: [W3af-users] [W3af-develop] Long term goals 1.7 and 1.8 releases

://github.com/andresriancho/w3af/issues?milestone=3page=1state=open [1] https://github.com/andresriancho/w3af/issues?milestone=9page=1state=open Regards, -- Taras https://www.oxdef.info

Re: [W3af-users] [W3af-develop] Test the develop branch before Monday's release

, etc. here [0]. All your bug reports will be much appreciated! Thanks! [0] https://github.com/andresriancho/w3af/issues/new [1] http://docs.w3af.org/en/develop/gui/scanning.html#configuring-the-scan Regards, -- Taras https://www.oxdef.info

Re: [W3af-users] [W3af-develop] Test the develop branch before Monday's release

30, 2014 at 10:40 AM, Andres Riancho andres.rian...@gmail.com wrote: And if inside the virtualenv you run: pip freeze | grep gtk You get something? On Sun, Mar 30, 2014 at 10:26 AM, Taras ox...@oxdef.info wrote: Ok, install them all. Try ./w3af_gui Actual result: $ ./w3af_gui The GTK

Re: [W3af-users] [W3af-develop] Test the develop branch before Monday's release

Andres, it is strange but now everything is fine... I see normal tree in KB Browser. 30.03.2014 20:27, Andres Riancho пишет: Taras, Can't repro (see screenshot). If you see the console where you're running w3af_gui , is there anything there that could be useful? Traceback? Error

Re: [W3af-users] [W3af-develop] Freaking fast HTTP client

, but wanted to hear your input and experiences with architectures like the one proposed. Regards, On Tue, Jun 5, 2012 at 10:03 AM, Andres Riancho andres.rian...@gmail.com wrote: Taras, On Mon, Jun 4, 2012 at 5:00 PM, Taras ox...@oxdef.info wrote: Andres, geventhttpclient looks very fast HTTP

Re: [W3af-users] Moving documentation to readthedocs - Deprecating translations

-tastypie.readthedocs.org/en/latest/index.html [3] https://raw.github.com/toastdriven/django-tastypie/master/docs/index.rst -- Taras https://www.oxdef.info -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases

Re: [W3af-users] Migrated source repo to Github

Andres, w3af's code repo has been migrated to github! Great news! So it's time to study git...:) I can help with moving wiki stuff and so on. -- Taras http://oxdef.info GPG: C8D1F510 -- Master Visual Studio

[W3af-users] w3af webUI 3.3 released!

and fixed bugs Our plans to 3.4 * False positive issues management [0] http://w3af.svn.sourceforge.net/svnroot/w3af/extras/w3af_webui/tags/3.3/ -- Taras http://oxdef.info GPG: C8D1F510 -- Live Security

Re: [W3af-users] What's new with w3af?

/branches/webapps/plugins/discovery/web20Spider.py [1] http://sourceforge.net/apps/trac/w3af/browser/branches/webapps/moth/w3af/discovery/web20Spider -- Taras http://oxdef.info -- Live Security Virtual Conference Exclusive

Re: [W3af-users] What's new with w3af?

Just wanted to let you know what's new with w3af these days :) * Taras is working on improving the XSS detection with the aim of increasing accuracy and reducing the number of HTTP requests PoC is finished and available in xss branch. Working on stabilization and tests. It uses concept

Re: [W3af-users] What's new with w3af?

this now) I don't think that it will have real advantages over keeping XSS detection logic in one place. + Taras is also working on web20Spider which gives w3af possibility to at least crawl modern web apps with heavy usage of AJAX. I think PoC will be finished in the nearest days. I use

Re: [W3af-users] [W3af-develop] Freaking fast HTTP client

of fast HTTP clients? Opinions? Ideas? [0] http://sourceforge.net/apps/trac/w3af/browser/extras/measure_http?rev=5041 [1] https://github.com/gwik/geventhttpclient Regards, -- Taras http://oxdef.info -- Live Security

[W3af-users] w3af webUI 3.2 released

/ -- Taras http://oxdef.info -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint

Re: [W3af-users] [W3af-develop] w3af webUI 3.2 released

;) On 05/17/2012 06:59 PM, Stephen Breen wrote: Great! I look forward to trying it out. Just curious, how to you plan to support AJAX webapps in 3.3? Using some kind of browser automation like Selenium? On Thu, May 17, 2012 at 11:47 AM, Taras ox...@oxdef.info mailto:ox...@oxdef.info wrote

Re: [W3af-users] [W3af-develop] does w3af can scan the new vulnerabitiy HTML5 - ClickJacking attack detection

Done! Now in csrf branch only new CSRF plugin needs QA. On 04/24/2012 10:42 PM, Andres Riancho wrote: Taras, Nice! Could you please merge it to the trunk? I'll write a nice unit-test for it tomorrow. Regards, On Tue, Apr 24, 2012 at 1:46 PM, Tarasox...@oxdef.info wrote

[W3af-users] Fwd: [W3af-develop] w3afException: An internal error occurred while searching for id 57, even after commit/retry

-- Taras http://oxdef.info -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2

Re: [W3af-users] [W3af-develop] does w3af can scan the new vulnerabitiy HTML5 - ClickJacking attack detection

Everybody ping :) lukesun629@, you was interested in HTML5 security risks. Did you try this simple plugin to detect possible ClickJacking flaws? On 04/03/2012 04:11 PM, Taras wrote: Andres, what do you think about it? 01.04.2012 21:36, Taras пишет: Hi, all! Just want to inform you

Re: [W3af-users] does w3af can scan the new vulnerabitiy HTML5 - ClickJacking attack detection

/clickJacking.py [1] https://www.owasp.org/index.php/Clickjacking [2] w3af.svn.sourceforge.net/viewvc/w3af/branches/csrf/extras/testEnv/webroot/w3af/grep/clickjacking/ -- Taras http://oxdef.info -- This SF email is sponsosred

[W3af-users] [news] w3af web interface

job, but web UI looks better choice ;) We will be glad to get feedback from you! [0] https://w3af.svn.sourceforge.net/svnroot/w3af/extras/w3af_webui/trunk/ -- Taras http://oxdef.info -- This SF email is sponsosred

Re: [W3af-users] w3af website redesign - referrals needed!

:) * Blog we can use here existing platform, e.g. blogger.com * @w3af twitter feed frame * (potentially) Mailing list archives * (potentially) Homepage for contributors (ie. http://www.w3af.org/contributor/~taras/) -- Taras http://oxdef.info

Re: [W3af-users] w3af website redesign - referrals needed!

be subjectively but every page in our Trac takes on my really good connection about 3-5 sec to load. Horrible: 1. can't edit issues 2. not user friendly UI 3. there is no dashboard/custom (per user) reports or saved filters -- Taras http://oxdef.info

Re: [W3af-users] problem on FC 16

, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users -- Taras http

Re: [W3af-users] Sectools list

-- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users -- Taras http

Re: [W3af-users] Unicode support in w3af

your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users -- Taras http://oxdef.info Software is like

Re: [W3af-users] [TOOL] w3af 1.0-stable released!

, and making the user experience more intuitive in the UI. As usual, you can get our latest installable packages from the w3af.com [0] website! Just download and enjoy our latest improvements! [0] http://w3af.sourceforge.net/#download Regards, -- Taras http://oxdef.info Software is like sex

Re: [W3af-users] Python31 problem

Hi, Damian! We currently don't support Python 3.x :( Hi all, I have a problem with running w3af with Python31. I get an exception in w3af_console line 23 - syntax error - invalid syntax. Thank you in advance. Cheers, Damian -- Taras http://oxdef.info

Re: [W3af-users] Performance improvement!

. If you're interested in the changes I've introduced, please take a look at these commits [1][2] [0] http://en.wikipedia.org/wiki/Bloom_filter [1] http://w3af.svn.sourceforge.net/w3af/?rev=3787view=rev [2] http://w3af.svn.sourceforge.net/w3af/?rev=3788view=rev Regards, -- Taras http

Re: [W3af-users] How to perform a fast scan

experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users -- Taras http://oxdef.info

Re: [W3af-users] [W3af-develop] Playing with python-gtksourceview2

://w3af.svn.sourceforge.net/viewvc/w3af/branches/1.0/ -- Taras http://oxdef.info Software is like sex: it's better when it's free. - Linus Torvalds -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ -- Taras http

Re: [W3af-users] w3af On the Rise

are a developer with Python skills and are good at Web application security, please contact me at andres_rian...@rapid7.com. Regards, -- Taras http://oxdef.info Software is like sex: it's better when it's free. - Linus Torvalds

Re: [W3af-users] [W3af-develop] W3AF for enterprise?

ping On Mon, 2010-08-23 at 11:59 +0400, Taras wrote: Andres, 1. Usable login area scan capabilities. We can make something like in Acunetix (How it made in other scanners). e.g. special (plain text) files with auth information: - login request - logout request - check

Re: [W3af-users] w3af On the Rise

and are good at Web application security, please contact me at andres_rian...@rapid7.com. Regards, -- Taras http://oxdef.info Software is like sex: it's better when it's free. - Linus Torvalds -- The Palm PDK

Re: [W3af-users] spiderman issue if form using POST?

this or when it might be fixed? -- Taras http://oxdef.info Software is like sex: it's better when it's free. - Linus Torvalds -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone

Re: [W3af-users] How To Pen-Test for Sql Injection Flaw

: http://p.sf.net/sfu/thinkgeek-promo ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users -- Taras http://oxdef.info Software is like sex: it's better when it's free. - Linus

Re: [W3af-users] Auto-enabling plugin

automatically. Why happens that??? Thanks.- -- Taras -- ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users

Re: [W3af-users] Fwd: [Full-disclosure] 2010 Nmap/SecTools.org survey

at http://nmap.org/survey Regards -- Henri ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Taras Software is like sex

[W3af-users] Mod_rewrite, URL with ID params and so on

is using of maxDiscoveryLoops option. But what is the best way to scan such sites with w3af? May be we will add some option to webSpider or we need some core option? [0] http://sourceforge.net/mailarchive/message.php?msg_id=140339.90793.qm%40web43507.mail.sp1.yahoo.com Taras -- Software is like

Re: [W3af-users] w3af being asked as job requirement

, and I like it! =) [0] https://factset.tms.hrdepartment.com/cgi-bin/a/highlightjob.cgi?jobid=281lcid=en-US -- Taras -- Software is like sex: it's better when it's free., - Linus Torvalds. smime.p7s Description: S/MIME Cryptographic Signature

Re: [W3af-users] One step closer to JavaScript support?

Andres, One of the biggest TODOs that the w3af project has in order to compete with the commercial scanners is Javascript support. could you please write more about this support? What W3AF must can to do with JavaScript and what the purpose of such support? -- Taras - OSCP, OSWP

Re: [W3af-users] [W3af-develop] [New Feature] Request export: javascript and python

to add some filter to output and print it like: ... scriptalert(/XSS/)/scripth1 ... -- Taras Software is like sex: it's better when it's free. - Linus Torvalds pgpyJpON5h2cp.pgp Description: PGP signature

Re: [W3af-users] Pauldotcom interview

Andres, Damn... I sound very bad! :) It's strange to hear myself http://pauldotcom.com/2009/06/pauldotcom-security-weekly---w.html you are becoming media star =) I downloaded it in my N82 and will listen soon. -- Taras Software is like sex: it's better when it's free. - Linus Torvalds

Re: [W3af-users] Two different trainings @ Confidence - Poland

. [0] http://2009.confidence.org.pl/warsztaty/andres-riancho-w3af-ninja [1] http://2009.confidence.org.pl/warsztaty/andres-riancho-web-application-security -- Taras P. Ivashchenko naplan...@gmail.com -- Crystal Reports

[W3af-users] RusCrypto 2009 presentation and video

] or download source video [1] [0] http://securityaudit.ru/slides/t.ivashchenko-w3af-ruscrypto2009.pdf [1] http://securityaudit.ru/slides/w3af-ruscrypto2009.ogv [2] http://www.youtube.com/watch?v=exBktG0rwFUfeature=player_embedded -- Тарас Иващенко (Taras Ivashchenko), OSCP www.securityaudit.ru