Aaron, On Thu, Apr 30, 2009 at 5:10 PM, Aaron Peterson <aa...@midnightresearch.com> wrote: > Hello: > > On Thu, Apr 16, 2009 at 08:34:24PM -0300, Andres Riancho wrote: >> On Thu, Apr 16, 2009 at 8:10 PM, Aaron Peterson >> <aa...@midnightresearch.com> wrote: >> > Hi Andres: >> > >> > We talked on IRC a couple weeks ago about how I might be able to help out >> > w3af, >> > and you gave me an easy bug that didn't require much knowledge of the >> > internals >> > to fix. >> > >> > http://sourceforge.net/tracker/?func=detail&aid=2675986&group_id=170274&atid=853652 > > [...] > >> <dz0> I think that we could do a nicer match >> <dz0> and don't ignore all htmls that have the X-Forwarded-For string >> <dz0> we should follow this logic: >> <dz0> - find all private ip addresses >> <dz0> - for each private ip, check if in the same line, there is >> an X-Forwarded-For: >> <dz0> - if no X-Forwarded-For: in the same line (before the IP), >> then we found something >> <dz0> - if the ip address is preceeded by "X-Forwarded-For:", then >> ignore it > > Here's another small patch that should address this a little better than the > previous one. It's actually pretty similar to the old one, it just moves the > check for the proxy headers down to only match against the line that contains > prospective private IP to eliminate the false negatives you mentioned. > > Let me know if you have any comments,
Excellent patch, just commited it =) Thank you very much! Do you have any particular idea in mind to add/fix to the framework? Would you like me to assign you a new task? > > Aaron > -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
