Christian,
On Mon, Jun 1, 2015 at 6:33 AM, spass-bill...@gmx.de wrote:
Hello,
I didn't get it right to ignore some URLs during evaluation of a target
webapp.
Let's say the target URL should be
http://test.host/foo/bar/index.html
On this entry site there are two links (among others) which should NOT be
considered for further investigation by W3AF:
http://test.host/foo/search/
http://test.host/print.html
I didn't get it right yet trying for instance:
set ignore_regex .*(search|print\.html)$
or (to get rid of at least the first link)
set ignore_regex .*search.*
or even (trying to match the second URL to ignore)
set ignore_regex .*print\.html$
But W3AF always comes up with timeouts regarding both of the two URLs (the
target webapp is running in a special test environment where the mentioned
links are not backed by a responding application); it also lists the links in
the report's section URLs found during application scan.
What am I doing wrong here? I've tested the regular expressions for
compatibility issues regarding PERL's syntax etc. here:
http://www.pythonregex.com/
Thank you for any kind of help.
The regular expressions look good. Some ideas about what might be going on:
* These regular expressions only apply to the web spider [0]. If you
have other plugins enabled and those plugins find the URLs then they
will be crawled. If I don't remember incorrectly there is a
framework-wide setting called non-target to avoid visiting a URL with
ANY plugin
* You might add some print statements around these lines [1] to
understand what's going on
[0]
https://github.com/andresriancho/w3af/blob/master/w3af/plugins/crawl/web_spider.py
[1]
https://github.com/andresriancho/w3af/blob/master/w3af/plugins/crawl/web_spider.py#L283-L287
Regards,
Christian
--
___
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
--
___
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users