Andres, > >> > - w3af plugin integration > >> > >> I think that this will be pretty easy, we just need a button that when > >> clicked displays a menu with all the plugins from the audit and grep > >> types in a small tree, and when the user clicks over the plugin name, > >> the plugin is run with the request/response as a parameter. > > > > What about results of for example audit/xss plugin work. Where in W3AF GUI > > user will > > immediately watch the result of plugin work? In Results tab of main window? > > hmmm, good question. > > I think that the best is to have all the info in one place. If we have > the results for something in the proxy window, and the result for the > scan in another window, that may confuse the users, right?
I agree with you. Results mast be in one place. In Proxy after plugin is executed we can simply show message about results. For example after XSS plugin finished we show message (may be alert) that xss is found in foo param. It's enough for context. Other information user can watch in KB Browser in main window. There is another way. Now in "Results/KB Browser" we can only watch results grouped by type of message. We can also show in "History" tab (Request/Response Navigator) more info about plugin-source of request/response and result of its work. Example: In Request/Response viewer: Request tab: GET http://localhost/w3af/audit/xss/simple_xss.php?text=<SCrIPT>alert("IqT70xSgLlRW4cKEiLU1Sh")</SCrIPT> HTTP/1.1 Response tab: ... Start-- <SCrIPT>alert("IqT70xSgLlRW4cKEiLU1Sh")</SCrIPT>--End </html> ... Initiator tab: XSS plugin Result tab: Cross Site Scripting was found at ... In History tab we will add 2 new columns: - Initiator (text column) - Result (icon column) This way will give more suitable ability to show results to user. -- Тарас Иващенко (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds
pgpuvPgt5fASd.pgp
Description: PGP signature
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
