Aaron, On Fri, May 1, 2009 at 2:09 PM, Aaron Peterson <aa...@midnightresearch.com> wrote: > Hello: > > On Thu, Apr 30, 2009 at 05:24:07PM -0300, Andres Riancho wrote: >> Do you have any particular idea in mind to add/fix to the framework? >> Would you like me to assign you a new task? > > Yeah, if you have a new task (hopefully coding/bugfix related), I'd love to > help out more. Nothing too time sensitive though as I can't predict my > schedule too far out, :).
There is a new plugin that would be nice to have in the framework, that tests if the remote web application supports different languages, and identifies any possible vulnerabilities in that implementation. In the HTTP RFC [0] there is a specification for a "Accept-Language" (section 14.4) header. That header specifies which is the default language for the user/browser that is accessing a web app. A long time ago, I created a task to develop this plugin [1] but never had the time to actually do it. The idea is to send different requests, with different languages (would require a change in the value of the "Accept-Language" header) and analyze the responses. If the website changes based on the different languages that are requested, a fuzzable request that has the accept-language header value as "modified variable" should be created. With this fuzzable request, any type of vulnerabilities may then be found in that parameter by the audit plugins. It all seems really complex, but it's actually pretty easy if we split it in these steps: 1- Create a new discovery plugin, by copying an existing one (phpEggs.py for example) 2- Search and Replace phpEggs with language 3- Modify the class description and the string returned at getLongDesc 4- Modify the plugin dependencies in getPluginDeps 5- Create the logic to detect if the response changes when you change the language 6- Create the logic to create the custom fuzzable request 7- Remove everything that is not needed by the new plugin In order to be able to test all this, I recommend that you create a PHP script that prints a text in english when the request lang is "en" and a text in spanish when the request lang is "es". > I have a couple other ideas for things I'd like to add, but I need to do a > little research first and then I'll run it by you (and the list). Ok, this task I'm assigning to you is a little more complex than the other one, which you solved in 3 lines of code ;) But I think you'll enjoy it =) [0] http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html [1] https://sourceforge.net/tracker/?func=detail&aid=2168440&group_id=170274&atid=853655 Cheers, > > Thanks, > > Aaron > -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
