Ziadmo, On Thu, Sep 24, 2015 at 3:01 PM, ziadmo1 . <zia...@gmail.com> wrote: > Point 1) > Not sure if its a bug or not.. When I create a custom profile (based on > OWASP top 10 for example), the changes don't take effect on the newly saved > custom profile. For example, if I disable "infrastructure", and I click > "save configuration to profile", then I select any other profile, when I get > back to the "custom" profile I just created, I still see "infrastructure" as > part of that profile.
Failed to reproduce this issue on my workstation. Using the same version you're. Could you send us a detailed step by step or video to better understand the problem? > Point 2) > Which plugin or option is this output generated from? > > Created 27 mutants for "Method: POST | https://XXX.XXX.XXX | URL encoded > form: (category, subcategory, postal_code, distance, validated, > form_build_id, form_id, op)" (post data: 24, query string: 3) That's generated by audit plugins. They receive a fuzzable request (similar to what a browser/regular user would send) and create mutants (modified, ugly versions of the original request). > > Point 3) > When I Stop the scan through w3af_gui, in the console output the core is > still running, and therefore I am forced to hit Ctrl-C.. At that point I > lose all the output that I had generated so far (results, etc). Yep, known bug which sucks. You either wait for stop to work or contribute to the project to fix the issue :) > > Point 4) > When the scan is running, I did not see the HTML output file generated under > ~/ which where it usually saves it. Does it wait until the scan is > completely done to save contents to it? Before you had to wait. In the last month I modified output plugins to write stuff to disk every N seconds (not sure what N is). That change might be only in develop branch. > This is why when I do Ctrl-C on step > 4 I lose all output, since there is nothing saved on the file. I would > suggest creating the file as soon as the scan starts and fill it up as the > scan goes so output is not lost if for whatever reason the scan takes too > long or if w3af freezes for example. > > > Point 5) > Is there a way to specify how much system memory w3af_gui can use? No > Under > http://docs.w3af.org/en/latest/advanced-tips-tricks.html?highlight=memory > > it mentions the cache size of "10", but what does 10 refers to in terms of > memory? There is no way to know. This is the result of parsing an HTML page. HTML pages can be huge in KB, but have only 2 links and 1 form, or be really compact and with thousands of links > > > I am using Version 1.7.6 through Kali Linux 2.0. > > ------------------------------------------------------------------------------ > > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users