ok i'm working on audit.bufferOverflow.py and audit.dav.py. As soon i've
finished i'll post you the two files compiled.
Francione Fabrizio
> Date: Tue, 28 Apr 2009 11:45:28 -0300
> Subject: Re: [W3af-develop] contribution
> From: andres.rian...@gmail.com
> To: lordfa...@hotmail.it
> CC: w3af-develop@lists.sourceforge.net
>
> Fabrizio,
>
> On Tue, Apr 28, 2009 at 11:41 AM, Fabrizio Francione
> <lordfa...@hotmail.it> wrote:
> > yes, i can try.audit core is in w3af/plugins/audit right?
>
> Yes, the audit plugins are in w3af/plugins/audit. Please work with the
> latest version from the SVN, which is available for download issuing
> the command:
>
> svn co https://w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af
>
> For starters, please modify two plugins (you choose which) and send
> them to me for review, I'll commit your changes to the SVN. After
> that, we'll keep on working that way until you manage to add that
> feature to all audit plugins.
>
> Thanks!
>
> PS: Please answer the emails inline.
>
> > Francione Fabrizio
> >
> >
> >
> >
> >> Date: Tue, 28 Apr 2009 10:39:13 -0300
> >> Subject: Re: [W3af-develop] contribution
> >> From: andres.rian...@gmail.com
> >> To: lordfa...@hotmail.it
> >> CC: w3af-develop@lists.sourceforge.net
> >>
> >> Fabrizio,
> >>
> >> On Tue, Apr 28, 2009 at 10:21 AM, Fabrizio Francione
> >> <lordfa...@hotmail.it> wrote:
> >> >
> >> > Hello everybody!
> >> >
> >> > How can i help you in this cool project ,w3af?
> >>
> >> Thanks for considering contributing with the w3af project. We are
> >> always looking for new people to help us improve w3af and achieve to
> >> the highest levels of quality.
> >>
> >> One of the latest features that were added to w3af, was the
> >> highlighting of the text from which the vulnerability was identified.
> >> You should have noted this in the results tab of the GUI, in the
> >> response of each of the grep plugins you'll see how the "vulnerable
> >> string" was highlighted.
> >>
> >> For example, if a request is made to the server, and the
> >> grep.privateIP finds a private IP address, you'll be able to see that
> >> IP address highlighted in the response part of the results tab.
> >>
> >> To highlight a text in the GUI, you need to set the following to the
> >> info or vuln object: "v.addToHighlight( match )". Here is a small
> >> copy+paste from the grep.privateIP plugin:
> >>
> >> """
> >> v = vuln.vuln()
> >> v.setURL( response.getURL() )
> >> v.setId( response.id )
> >> v.setSeverity(severity.LOW)
> >> v.setName( 'Private IP disclosure vulnerability' )
> >>
> >> msg = 'The URL: "' + v.getURL() + '" returned an
> >> HTTP header '
> >> msg += 'with an IP address: "' + match + '".'
> >> v.setDesc( msg )
> >> v['IP'] = match
> >> v.addToHighlight( match )
> >> """
> >>
> >> Your task, if you want to accept it, is really simple: add the
> >> "addToHighlight" method, with the corresponding parameter, to all
> >> audit plugins. For example, in the audit.sqli plugin, after line #84,
> >> you would need to add something like "v.addToHighlight( sql_error )".
> >>
> >> What do you think about the task? Will you be able to perform it?
> >>
> >> > I know some c,html and java.
> >>
> >> Cool, this will help,
> >>
> >> > thanks!
> >>
> >> Thank you!
> >>
> >> > bye!
> >> > Francione Fabrizio
> >> >
> >> >
> >> >
> >> > ________________________________
> >> > È arrivato il nuovo Messenger! Provalo subito
> >> >
> >> > ------------------------------------------------------------------------------
> >> > Register Now & Save for Velocity, the Web Performance & Operations
> >> > Conference from O'Reilly Media. Velocity features a full day of
> >> > expert-led, hands-on workshops and two days of sessions from industry
> >> > leaders in dedicated Performance & Operations tracks. Use code vel09scf
> >> > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> >> > _______________________________________________
> >> > W3af-develop mailing list
> >> > W3af-develop@lists.sourceforge.net
> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> http://www.bonsai-sec.com/
> >> http://w3af.sourceforge.net/
> >
> > ________________________________
> > Il remix esclusivo di Messenger. Scaricalo gratis!
> > ------------------------------------------------------------------------------
> > Register Now & Save for Velocity, the Web Performance & Operations
> > Conference from O'Reilly Media. Velocity features a full day of
> > expert-led, hands-on workshops and two days of sessions from industry
> > leaders in dedicated Performance & Operations tracks. Use code vel09scf
> > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> > _______________________________________________
> > W3af-develop mailing list
> > W3af-develop@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
> >
>
>
>
> --
> Andrés Riancho
> http://www.bonsai-sec.com/
> http://w3af.sourceforge.net/
_________________________________________________________________
25 GB di spazio gratuito su Internet! Prova SkyDrive
http://clk.atdmt.com/GBL/go/140630371/direct/01/
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
