Ryan, On Sun, Jun 7, 2009 at 12:31 PM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote: > Here is the final version. (I hope)
I just tried your plugin with http://www.bonsai-sec.com/blog/ as a target, and it's failing to find anything. I think that the problem is in: base_url = urlParser.baseUrl( fuzzableRequest.getURL() ) wp_unique_url = urlParser.urlJoin( base_url , '/wp-login.php' ) Which will always return http://host.tld/wp-login.php , no matter what the fuzzableRequest.getURL() was: in my case it was http://www.bonsai-sec.com/blog/ . And also on the way that self._exec is ALWAYS set to false. I think that self._exec should be set to false only after actually finding a wordpress installation and fingerprinting it. Please test the plugin a little more with different wordpress installs, and then let us know how it worked out =) PS: Please use inline for answering emails, top posting sucks. > 2009/6/7 Ryan Dewhurst <ryandewhu...@gmail.com>: >> Found a bug that I am working on now. >> >> 2009/6/7 Ryan Dewhurst <ryandewhu...@gmail.com>: >>> w00t w00t! >>> >>> All tested and working! >>> >>> Thanks to everyone for their help especially Andres for putting up >>> with my noobness. I will look into implementing the vulns for each >>> version and then eventually a wp plugin version finder. >>> >>> Feedback and suggestions welcome! :-) >>> >>> 2009/6/7 Andres Riancho <andres.rian...@gmail.com>: >>>> Ryan, >>>> >>>> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst<ryandewhu...@gmail.com> >>>> wrote: >>>>> I decided to move over to my Linux box for the development of the >>>>> plugin. One of the reasons I could not get the plugin to run through >>>>> w3af was that the plugin file name was not the same as the class name. >>>> >>>> Ok, makes sense, >>>> >>>>> It now runs through w3af with out any errors. The only thing is that >>>>> the info output is not showing in kb. >>>> >>>> Are you saving it to the kb? >>>> >>>>> Im using this which I found in another plugin: >>>>> >>>>> # Save it to the kb! >>>>> i = info.info() >>>>> i.setName('WordPress version') >>>>> i.setURL( wp_index_url ) >>>>> i.setId( http_response.id ) >>>>> i.setDesc( 'WordPress version "'+ self._version +'" found in the >>>>> index header.' ) >>>>> kb.kb.append( self, 'WordPress version', i ) >>>>> om.out.information( i.getDesc() ) >>>> >>>> That seems to be enough to save the version to the kb, >>>> >>>>> Attached is the latest version. >>>> >>>> I applied some minor changes: >>>> >>>> - Changed the name of the plugin to wordpress_plugin, because >>>> wpvChecker is cryptic to users. >>>> - The code has some serious errors, that are possibly the reason you >>>> don't see anything: >>>> >>>> d...@brick:~/w3af/w3af/trunk$ pylint >>>> --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e >>>> ************* Module wordpress_version >>>> E: 98:wordpress_version.discover: Undefined variable 're' >>>> E:109:wordpress_version.discover: Undefined variable 'http_response' >>>> E:150:wordpress_version.discover: Undefined variable 'http_response' >>>> >>>> Have you tested the plugin? Do you get a big traceback when running it? >>>> >>>> - This line in the fingerprint DB: >>>> >>>> ('/wp-admin/async-upload.php','200','2.5'), >>>> >>>> Doesn't match this line: >>>> >>>> if self._wp_fingerprint[1] == 200 and not >>>> is_404(response): >>>> >>>> '200' and 200 aren't equal in python: >>>> >>>> >>> '200' == 200 >>>> False >>>> >>>> You should change your database to 200, instead of '200' where necessary. >>>> >>>> - One more detail, is that it would be nice to compare the version in >>>> the HTML header, with the fingerprinted version, and report if they >>>> differ. >>>> >>>> You're on the right path, I think that with these recommendations >>>> you'll be able to complete the development of your first w3af plugin >>>> =) >>>> >>>> PS: You should answer inline. >>>> >>>>> Ryan >>>>> >>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>> Ryan, >>>>>> >>>>>> On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst<ryandewhu...@gmail.com> >>>>>> wrote: >>>>>>>>Also delete the .pyc file, and no reinstall is needed. >>>>>>> >>>>>>> There was none. >>>>>>> >>>>>>>> Yes, many. >>>>>>>> You are missing some required methods, like setOptions, getOptions, >>>>>>>> getLongDescription, etc. Please see other plugins for a complete list, >>>>>>> >>>>>>> They are already in the code: >>>>>>> >>>>>>> # W3af options and output >>>>>>> def getOptions( self ): >>>>>>> ''' >>>>>>> @return: A list of option objects for this plugin. >>>>>>> ''' >>>>>>> ol = optionList() >>>>>>> return ol >>>>>>> >>>>>>> def setOptions( self, OptionList ): >>>>>>> ''' >>>>>>> This method sets all the options that are configured using the >>>>>>> user interface >>>>>>> generated by the framework using the result of getOptions(). >>>>>>> >>>>>>> @parameter OptionList: A dictionary with the options for the >>>>>>> plugin. >>>>>>> @return: No value is returned. >>>>>>> ''' >>>>>>> pass >>>>>>> >>>>>>> def getPluginDeps( self ): >>>>>>> ''' >>>>>>> @return: A list with the names of the plugins that should be >>>>>>> runned before the >>>>>>> current one. >>>>>>> ''' >>>>>>> return [] >>>>>>> >>>>>>> def getLongDesc( self ): >>>>>>> ''' >>>>>>> @return: A DETAILED description of the plugin functions and >>>>>>> features. >>>>>>> ''' >>>>>>> return ''' >>>>>>> This plugin searches for client side differences between >>>>>>> different versions of WordPress. >>>>>>> ''' >>>>>> >>>>>> Then try to run w3af from a console: >>>>>> >>>>>> in cmd.exe run python w3af_console.py >>>>>> >>>>>>> >>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>> Ryan, >>>>>>>> >>>>>>>> On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst <ryandewhu...@gmail.com> >>>>>>>> wrote: >>>>>>>>> I moved the wpvchecker.py file into the /plugin/discovery folder. When >>>>>>>>> I try to launch w3af I get an error (screenshot attached), the prompt >>>>>>>>> only lasts a few seconds so could not copy/paste the full error >>>>>>>>> output. >>>>>>>>> >>>>>>>>> When I remove the wpvchecker.py file out of the dir the error persists >>>>>>>>> and I have to un/re install w3af to get it working again. >>>>>>>> >>>>>>>> Also delete the .pyc file, and no reinstall is needed. >>>>>>>> >>>>>>>>> Any ideas? >>>>>>>> >>>>>>>> Yes, many. >>>>>>>> You are missing some required methods, like setOptions, getOptions, >>>>>>>> getLongDescription, etc. Please see other plugins for a complete list, >>>>>>>> >>>>>>>>> Thanks again, >>>>>>>>> Ryan >>>>>>>>> >>>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>> Ryan, >>>>>>>>>> >>>>>>>>>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst >>>>>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>> Hello, >>>>>>>>>>> Sorry its been so long with the wrodpress version checker plugin, >>>>>>>>>>> had >>>>>>>>>>> some life problems. >>>>>>>>>> >>>>>>>>>> No problem man, I hope things are going better now. >>>>>>>>>> >>>>>>>>>>> Anyway... >>>>>>>>>>> >>>>>>>>>>> I have come to a logic problem which I cannot seem to solve and was >>>>>>>>>>> wondering if any one could give me some pointers... >>>>>>>>>>> >>>>>>>>>>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by a >>>>>>>>>>> file/image being present i.e status 200 >>>>>>>>>>> >>>>>>>>>>> I cannot figure out how to check for this while using the >>>>>>>>>>> self._wp_fingerprint array. >>>>>>>>>> >>>>>>>>>> The for loop that works with the array looks like this: >>>>>>>>>> >>>>>>>>>> for data in self._wp_fingerprint: >>>>>>>>>> >>>>>>>>>> # Complete URL to test, url+file >>>>>>>>>> test_URL = urlParser.urlJoin( base_url, >>>>>>>>>> self._wp_fingerprint[0] ) >>>>>>>>>> >>>>>>>>>> if self._wp_fingerprint[1] in response: >>>>>>>>>> version = self._wp_fingerprint[2] >>>>>>>>>> break >>>>>>>>>> else: >>>>>>>>>> version = 'Version lower than 2.2' >>>>>>>>>> >>>>>>>>>> But there are some parts missing, like actually requesting to the >>>>>>>>>> server the test_URL. On the other part, the "200" logic could be >>>>>>>>>> easily done like this: >>>>>>>>>> >>>>>>>>>> if self._wp_fingerprint[1] == 200 and not >>>>>>>>>> is_404(response): >>>>>>>>>> # it was found! >>>>>>>>>> elif self._wp_fingerprint[1] in response: >>>>>>>>>> version = self._wp_fingerprint[2] >>>>>>>>>> break >>>>>>>>>> else: >>>>>>>>>> version = 'Version lower than 2.2' >>>>>>>>>> >>>>>>>>>> To make this work, you should change the '' in the fingerprint array >>>>>>>>>> by a 200, and it should all work. >>>>>>>>>> >>>>>>>>>>> Here is the code so far, I have not yet tested it out, but should >>>>>>>>>>> give >>>>>>>>>>> you a basic idea of how it will run. >>>>>>>>>> >>>>>>>>>> Yes, and it makes much more sense to me this way. The older version >>>>>>>>>> was "ugly" :) >>>>>>>>>> >>>>>>>>>>> I was also thinking of >>>>>>>>>>> implementing a plugin version checker as there are many plugins with >>>>>>>>>>> vulns. >>>>>>>>>> >>>>>>>>>> Sure, but lets go step by step, lets finish this plugin, test it a >>>>>>>>>> little bit, and then we can go for the next one. >>>>>>>>>> >>>>>>>>>>> Thank you, >>>>>>>>>>> Ryan >>>>>>>>>>> >>>>>>>>>>> P.S. To test it through w3af, do I just pop the py file into the >>>>>>>>>>> plugin folder or is there any other code to be changed? >>>>>>>>>> >>>>>>>>>> Yes, you have to move this file to the discovery directory and >>>>>>>>>> that's it. >>>>>>>>>> >>>>>>>>>>> 2009/5/31 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>>>>>>>>>> Just to let everyone know where I am with the plugin. >>>>>>>>>>>> >>>>>>>>>>>> I'm a complete n00b at re and couldnt get backbone's code to work, >>>>>>>>>>>> so >>>>>>>>>>>> I read a couple of manuals and finally got it working with: >>>>>>>>>>>> <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" /> >>>>>>>>>>>> >>>>>>>>>>>> An explanation of what the plugin will do: >>>>>>>>>>>> ----------------------------------------------------------- >>>>>>>>>>>> >>>>>>>>>>>> It will first check to see if the server has the following file >>>>>>>>>>>> "/wp-admin/index.php". >>>>>>>>>>>> >>>>>>>>>>>> If it does >>>>>>>>>>>> >>>>>>>>>>>> It will check to see whether or not the version is in the index >>>>>>>>>>>> header. >>>>>>>>>>>> >>>>>>>>>>>> If it finds the version it will store it in a variable. >>>>>>>>>>>> >>>>>>>>>>>> It will then run through the checks from my original code to try >>>>>>>>>>>> and >>>>>>>>>>>> guess the version. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> The output will be as follows: >>>>>>>>>>>> ------------------------------------------ >>>>>>>>>>>> >>>>>>>>>>>> If the version is not in the index and not found with the data = >>>>>>>>>>>> "version under 2.2" >>>>>>>>>>>> If the version is in the index and in the data are the same = >>>>>>>>>>>> "whatever version was found" >>>>>>>>>>>> If the version is in the index and in the data are different = >>>>>>>>>>>> ""Version shows as $version in index header however the data shows >>>>>>>>>>>> $version" >>>>>>>>>>>> >>>>>>>>>>>> I still need to implement the data checks however my girlfriend has >>>>>>>>>>>> fallen ill and has been admitted to hospital for an emergency >>>>>>>>>>>> operation. I don't think I will be able to finish the plugin this >>>>>>>>>>>> weekend as promised earlier however will still be working on it >>>>>>>>>>>> next >>>>>>>>>>>> week. >>>>>>>>>>>> >>>>>>>>>>>> I was also thinking on listing the vulnerabilitys for each version >>>>>>>>>>>> (if >>>>>>>>>>>> any) on the output. >>>>>>>>>>>> >>>>>>>>>>>> Ryan >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 2009/5/29 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>> Ryan, >>>>>>>>>>>>> >>>>>>>>>>>>> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst >>>>>>>>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>>>> Im loooking into searching the response html of the index page >>>>>>>>>>>>>> for the >>>>>>>>>>>>>> following string: >>>>>>>>>>>>>> <meta name="generator" content="WordPress $version" /> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Ive tried with regular expressions and am unable to get it to >>>>>>>>>>>>>> work, >>>>>>>>>>>>> >>>>>>>>>>>>> backbone sent you a solution, >>>>>>>>>>>>> >>>>>>>>>>>>>> Ive read that re is bad for parsing HTML and that BeautifulSoup >>>>>>>>>>>>>> should be used. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Does w3af already have BeautifulSoup in its dependency list? >>>>>>>>>>>>> >>>>>>>>>>>>> Yes, it's in the dependency list, but we aren't using it "for >>>>>>>>>>>>> that". >>>>>>>>>>>>> Long story short, please use the re =) >>>>>>>>>>>>> >>>>>>>>>>>>>> Ryan >>>>>>>>>>>>>> >>>>>>>>>>>>>> P.S. Thanks for the advice backbone46, I'll have a look into >>>>>>>>>>>>>> that once >>>>>>>>>>>>>> Ive sorted this out. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2009/5/28 <backbon...@gmail.com>: >>>>>>>>>>>>>>> Sorry to bump in just like that in the discussion, about the >>>>>>>>>>>>>>> meta tag that >>>>>>>>>>>>>>> displays >>>>>>>>>>>>>>> the WordPress version. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Only since version 2.7 the generator function is in the core of >>>>>>>>>>>>>>> WordPress, >>>>>>>>>>>>>>> on >>>>>>>>>>>>>>> earlier versions it was only in the theme. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Just wanted to mention that. :) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>> http://insanesecurity.info >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst >>>>>>>>>>>>>>> <ryandewhu...@gmail.com> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Yes, I dont see why not. Should be easy enough tro implement. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> You mentioned during our email conversation that wordpress >>>>>>>>>>>>>>>> echos its >>>>>>>>>>>>>>>> version number in the page head. I managed to find an example >>>>>>>>>>>>>>>> of it. >>>>>>>>>>>>>>>> Your right I do have a security plugin installed which must >>>>>>>>>>>>>>>> have >>>>>>>>>>>>>>>> removed it from my blog. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Here is an example: >>>>>>>>>>>>>>>> <meta name="generator" content="WordPress 2.7.1" /> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>>>>> > Ryan, >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >>>>>>>>>>>>>>>> > <andres.rian...@gmail.com> wrote: >>>>>>>>>>>>>>>> >> Ryan, >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >>>>>>>>>>>>>>>> >> <ryandewhu...@gmail.com> >>>>>>>>>>>>>>>> >> wrote: >>>>>>>>>>>>>>>> >>> Hello, >>>>>>>>>>>>>>>> >>> Im new to mailing lists so im not sure if this will be >>>>>>>>>>>>>>>> >>> sent there. >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> It depends on the mailing list. This one is configured to >>>>>>>>>>>>>>>> >> accept >>>>>>>>>>>>>>>> >> attachments, >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >>> I'll have a look into intergrating the script into w3af >>>>>>>>>>>>>>>> >>> over the next >>>>>>>>>>>>>>>> >>> couple of days and hopefully have a working version by the >>>>>>>>>>>>>>>> >>> weekend. >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> Excellent, if you need ANY help, just let us know. >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >>> The script is quite simple once you have the gathered the >>>>>>>>>>>>>>>> >>> nesesary >>>>>>>>>>>>>>>> >>> data. I went through versions 2.2 to 2.7.1 and manually >>>>>>>>>>>>>>>> >>> found client >>>>>>>>>>>>>>>> >>> side differences in most of them, I also used the official >>>>>>>>>>>>>>>> >>> changelogs >>>>>>>>>>>>>>>> >>> to help identify them. >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> Ohhh, you are the guy that wrote that blog post with the >>>>>>>>>>>>>>>> >> "diffs" of >>>>>>>>>>>>>>>> >> different wordpress release packages? >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >>> The client side differences are in files such as CSS, >>>>>>>>>>>>>>>> >>> javascript and >>>>>>>>>>>>>>>> >>> HTML. Some versions did not have any differences apart >>>>>>>>>>>>>>>> >>> from having >>>>>>>>>>>>>>>> >>> extra files, which can easliy be identified with HTTP >>>>>>>>>>>>>>>> >>> response codes. >>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>> >>> It works as such... >>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>> >>> Starting from version 2.7.1 (latest), the script tries to >>>>>>>>>>>>>>>> >>> find >>>>>>>>>>>>>>>> >>> something that 2.7 doesnt have, if it finds that something >>>>>>>>>>>>>>>> >>> then the >>>>>>>>>>>>>>>> >>> script stops and echos the version number. >>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>> >>> If the script doesnt find the difference it moves onto >>>>>>>>>>>>>>>> >>> identifying the >>>>>>>>>>>>>>>> >>> next version, i.e. does 2.7 have something the earlier >>>>>>>>>>>>>>>> >>> version doesnt >>>>>>>>>>>>>>>> >>> have. and so on and so forth. >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> Ok, makes sense. >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> Some comments regarding your code: >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> - w3af uses PEP-8, with among other things says 4-spaces for >>>>>>>>>>>>>>>> >> indentations. Your code has 1-space (?) indentations. >>>>>>>>>>>>>>>> >> Please correct >>>>>>>>>>>>>>>> >> that. >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> - The code is pretty simple, but i think it could be done >>>>>>>>>>>>>>>> >> in a better >>>>>>>>>>>>>>>> >> way. Having that many functions (wp22 to wp271) doesn't >>>>>>>>>>>>>>>> >> seem to be a >>>>>>>>>>>>>>>> >> good option. Do you think that the code could be changed a >>>>>>>>>>>>>>>> >> little bit, >>>>>>>>>>>>>>>> >> and create a database (which can be easily updated) and >>>>>>>>>>>>>>>> >> then use that >>>>>>>>>>>>>>>> >> database to store the information? Example of the databse >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> self._wp_fingerprint = >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', >>>>>>>>>>>>>>>> >> 'farbtastic')] >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> - Also, by default wordpress publishes the version number >>>>>>>>>>>>>>>> >> in every >>>>>>>>>>>>>>>> >> page head. Maybe it would be a good idea to parse that, and >>>>>>>>>>>>>>>> >> compare it >>>>>>>>>>>>>>>> >> with the result of the fingerprinting. What do you think? >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > A good idea would be to have a first step, before all the >>>>>>>>>>>>>>>> > version >>>>>>>>>>>>>>>> > specific checks, that verifies something that's true for all >>>>>>>>>>>>>>>> > wordpress >>>>>>>>>>>>>>>> > installations (some X file has to be present) before even >>>>>>>>>>>>>>>> > starting the >>>>>>>>>>>>>>>> > fingerprinting. Could this be done? >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> >> Cheers, >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >>> Ryan >>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>>>>> >>>> Ryan, >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst >>>>>>>>>>>>>>>> >>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>>>>>> >>>>> Hello, >>>>>>>>>>>>>>>> >>>>> I have developed a python script that can detect the >>>>>>>>>>>>>>>> >>>>> version of a >>>>>>>>>>>>>>>> >>>>> wordpress installation. I think it would fit well within >>>>>>>>>>>>>>>> >>>>> w3af, >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> Yes, it seems that it's something good to have in the >>>>>>>>>>>>>>>> >>>> framework. >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> I have like a ton of questions about how it works, could >>>>>>>>>>>>>>>> >>>> you please >>>>>>>>>>>>>>>> >>>> send the script (as it is) to this mailing list for us to >>>>>>>>>>>>>>>> >>>> read it? >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>>> the >>>>>>>>>>>>>>>> >>>>> only problem being is that I have been unable to find a >>>>>>>>>>>>>>>> >>>>> plugin >>>>>>>>>>>>>>>> >>>>> development manual to be able to implement my script. >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> There is no development manual :( >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> For the type of feature that you want to add, the correct >>>>>>>>>>>>>>>> >>>> thing is to >>>>>>>>>>>>>>>> >>>> use a discovery plugin. discovery plugins are simple, >>>>>>>>>>>>>>>> >>>> they follow >>>>>>>>>>>>>>>> >>>> these rules: >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> - the entry point is the discover method >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> - the discover method takes a fuzzable request object as >>>>>>>>>>>>>>>> >>>> a parameter, >>>>>>>>>>>>>>>> >>>> and returns a list of fuzzable requests >>>>>>>>>>>>>>>> >>>> (fuzzable requests are representations of GET/POST >>>>>>>>>>>>>>>> >>>> requests, which >>>>>>>>>>>>>>>> >>>> represent links, and forms) >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> - the discover method is called several times in the same >>>>>>>>>>>>>>>> >>>> scan, with >>>>>>>>>>>>>>>> >>>> the different links that (for example) the webSpider >>>>>>>>>>>>>>>> >>>> finds. >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> I think that the best thing you can do is to read one or >>>>>>>>>>>>>>>> >>>> two >>>>>>>>>>>>>>>> >>>> discovery >>>>>>>>>>>>>>>> >>>> plugins (my recommendations are discovery.crossDomain and >>>>>>>>>>>>>>>> >>>> discovery.userDir), and start building your own plugin >>>>>>>>>>>>>>>> >>>> based on one >>>>>>>>>>>>>>>> >>>> of >>>>>>>>>>>>>>>> >>>> those. >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>>> Is there a dev manual out there? >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> No >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>>> Does any one have some tips/advice on writting a plugin? >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> Yes, see above, >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>>> Does any one want me to send them the script for them to >>>>>>>>>>>>>>>> >>>>> develop the >>>>>>>>>>>>>>>> >>>>> plugin? >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> You should develop the plugin yourself, is fun and good >>>>>>>>>>>>>>>> >>>> for the >>>>>>>>>>>>>>>> >>>> project =) >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> Cheers, >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>>> Thank you, >>>>>>>>>>>>>>>> >>>>> Ryan >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> >>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>>>>>> >>>>> Register Now for Creativity and Technology (CaT), June >>>>>>>>>>>>>>>> >>>>> 3rd, NYC. CaT >>>>>>>>>>>>>>>> >>>>> is a gathering of tech-side developers & brand creativity >>>>>>>>>>>>>>>> >>>>> professionals. Meet >>>>>>>>>>>>>>>> >>>>> the minds behind Google Creative Lab, Visual Complexity, >>>>>>>>>>>>>>>> >>>>> Processing, >>>>>>>>>>>>>>>> >>>>> & >>>>>>>>>>>>>>>> >>>>> iPhoneDevCamp as they present alongside digital >>>>>>>>>>>>>>>> >>>>> heavyweights like >>>>>>>>>>>>>>>> >>>>> Barbarian >>>>>>>>>>>>>>>> >>>>> Group, R/GA, & Big Spaceship. >>>>>>>>>>>>>>>> >>>>> http://p.sf.net/sfu/creativitycat-com >>>>>>>>>>>>>>>> >>>>> _______________________________________________ >>>>>>>>>>>>>>>> >>>>> W3af-develop mailing list >>>>>>>>>>>>>>>> >>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>>>>>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> -- >>>>>>>>>>>>>>>> >>>> Andrés Riancho >>>>>>>>>>>>>>>> >>>> Founder, Bonsai - Information Security >>>>>>>>>>>>>>>> >>>> http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>> >>>> http://w3af.sf.net/ >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> >> -- >>>>>>>>>>>>>>>> >> Andrés Riancho >>>>>>>>>>>>>>>> >> Founder, Bonsai - Information Security >>>>>>>>>>>>>>>> >> http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>> >> http://w3af.sf.net/ >>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > -- >>>>>>>>>>>>>>>> > Andrés Riancho >>>>>>>>>>>>>>>> > Founder, Bonsai - Information Security >>>>>>>>>>>>>>>> > http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>> > http://w3af.sf.net/ >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>>>>>> Register Now for Creativity and Technology (CaT), June 3rd, >>>>>>>>>>>>>>>> NYC. CaT >>>>>>>>>>>>>>>> is a gathering of tech-side developers & brand creativity >>>>>>>>>>>>>>>> professionals. >>>>>>>>>>>>>>>> Meet >>>>>>>>>>>>>>>> the minds behind Google Creative Lab, Visual Complexity, >>>>>>>>>>>>>>>> Processing, & >>>>>>>>>>>>>>>> iPhoneDevCamp as they present alongside digital heavyweights >>>>>>>>>>>>>>>> like >>>>>>>>>>>>>>>> Barbarian >>>>>>>>>>>>>>>> Group, R/GA, & Big Spaceship. >>>>>>>>>>>>>>>> http://p.sf.net/sfu/creativitycat-com >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> W3af-develop mailing list >>>>>>>>>>>>>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Andrés Riancho >>>>>>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>>>>>> http://w3af.sf.net/ >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Andrés Riancho >>>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>>> http://w3af.sf.net/ >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Andrés Riancho >>>>>>>> Founder, Bonsai - Information Security >>>>>>>> http://www.bonsai-sec.com/ >>>>>>>> http://w3af.sf.net/ >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Andrés Riancho >>>>>> Founder, Bonsai - Information Security >>>>>> http://www.bonsai-sec.com/ >>>>>> http://w3af.sf.net/ >>>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Andrés Riancho >>>> Founder, Bonsai - Information Security >>>> http://www.bonsai-sec.com/ >>>> http://w3af.sf.net/ >>>> >>> >> > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
