Eduardo,
How're you? I hope you're doing well,
You asked me privately if I had any tasks for you, so here I'm
sending you a couple from which you can choose:
-
https://sourceforge.net/tracker/?func=detail&aid=2675349&group_id=170274&atid=853652
This bug is pretty lame, the problem is that the list that's being
passed to the method is too long, and because of the recursive nature
of the method it crashes. The solution is to rewrite the method in a
non-recursive way.
-
https://sourceforge.net/tracker/?func=detail&aid=2481031&group_id=170274&atid=853655
This is one of the coolest features that I could think of ;)
Basically you need to add a button to the gtkUi section where the
request is being displayed, that will export the request to a python
script. When the user clicks on the button, a pop-up with a file
chooser should appear; the user chooses the output file and then the
magic starts. If the user is viewing a request like this one:
GET /index.php HTTP/1.0
User-Agent: f00-ness
And the request was made to "host.tld". The output file should look like:
import urllib2
req = urllib2.Request('http://host.tld/index.php')
headers = { 'User-Agent' : 'f00-ness' }
response = urllib2.urlopen(req, {}, headers)
the_page = response.read()
print 'The HTTP result body is:'
print the_page
This feature should support GET, POST, and any other method. It should
use urllib2, not the xUrllib of w3af. The idea is that in the future,
we can use this python scripts for things like:
- Manually testing on another box
- Send to a client that hired us, and tell him: "run this script, it
will reproduce the SQL injection".
For both tasks, please use the latest SVN version (trunk) as a base,
What do you think? Do you like the tasks?
Cheers,
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
