Re: [W3af-develop] riaEnumerator

Andres Riancho Wed, 24 Jun 2009 11:08:21 -0700

Jon,

On Sat, Jun 20, 2009 at 4:34 PM, Andres Riancho<andres.rian...@gmail.com> wrote:
> Jon,
>
> On Fri, Jun 19, 2009 at 11:34 AM, jrose<jr...@owasp.org> wrote:
>> Hey,
>>
>> I extended the CrossDomain.py discovery plugin to also identify google gears
>> manifest files and Silverlight files.  Check it out and let me know what you
>> think.
>
> Excellent work! I just commited this to the trunk, and removed the
> crossDomain plugin =)
>
> In the review process, I changed some minimal things, nothing really
> important but it could be interesting for you to perform a diff
> between your riaEnumerator and the final version I commited.
>
> Here is a link to the information related to the commit, please test
> the plugin to see if it's working as expected.
>
> http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=2917
>
> Thank you so much for your contribution, I hope you mention it at YSTS
> :) See you there tomorrow!


After your talk at YSTS I started to look at some of the RIA things
you mentioned, and I found out that the Google gears manifest file
contains some information that we aren't using in the plugin.

For what I can see here [0], the manifest file contains lines like this ones:

{ "url": "index.html" },

And we aren't parsing them to return that information to the core.
What if in this file we have one entry that says
"super-secret-access.html" ? I would like the framework to be able to
parse that, and crawl it using the rest of the plugins.

What do you think?

[0] http://code.google.com/apis/gears/tutorial.html

> Cheers,
>
>> Thanks,
>> Jon
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Crystal Reports - New Free Runtime and 30 Day Trial
>> Check out the new simplified licensing option that enables unlimited
>> royalty-free distribution of the report engine for externally facing
>> server and web deployment.
>> http://p.sf.net/sfu/businessobjects
>> _______________________________________________
>> W3af-develop mailing list
>> W3af-develop@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Re: [W3af-develop] riaEnumerator

Reply via email to