Jon, On Wed, Jul 8, 2009 at 12:34 PM, jrose<jr...@owasp.org> wrote: > Done.
You added the new features to an OLD version of the plugin! You should work with the latest version from the trunk: http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/ria_enumerator.py?view=log > > > > On Jun 24, 2009, at 2:07 PM, Andres Riancho wrote: > >> Jon, >> >> On Sat, Jun 20, 2009 at 4:34 PM, Andres Riancho<andres.rian...@gmail.com> >> wrote: >>> >>> Jon, >>> >>> On Fri, Jun 19, 2009 at 11:34 AM, jrose<jr...@owasp.org> wrote: >>>> >>>> Hey, >>>> >>>> I extended the CrossDomain.py discovery plugin to also identify google >>>> gears >>>> manifest files and Silverlight files. Check it out and let me know what >>>> you >>>> think. >>> >>> Excellent work! I just commited this to the trunk, and removed the >>> crossDomain plugin =) >>> >>> In the review process, I changed some minimal things, nothing really >>> important but it could be interesting for you to perform a diff >>> between your riaEnumerator and the final version I commited. >>> >>> Here is a link to the information related to the commit, please test >>> the plugin to see if it's working as expected. >>> >>> http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=2917 >>> >>> Thank you so much for your contribution, I hope you mention it at YSTS >>> :) See you there tomorrow! >> >> After your talk at YSTS I started to look at some of the RIA things >> you mentioned, and I found out that the Google gears manifest file >> contains some information that we aren't using in the plugin. >> >> For what I can see here [0], the manifest file contains lines like this >> ones: >> >> { "url": "index.html" }, >> >> And we aren't parsing them to return that information to the core. >> What if in this file we have one entry that says >> "super-secret-access.html" ? I would like the framework to be able to >> parse that, and crawl it using the rest of the plugins. >> >> What do you think? >> >> [0] http://code.google.com/apis/gears/tutorial.html >> >>> Cheers, >>> >>>> Thanks, >>>> Jon >>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Crystal Reports - New Free Runtime and 30 Day Trial >>>> Check out the new simplified licensing option that enables unlimited >>>> royalty-free distribution of the report engine for externally facing >>>> server and web deployment. >>>> http://p.sf.net/sfu/businessobjects >>>> _______________________________________________ >>>> W3af-develop mailing list >>>> W3af-develop@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>> >>>> >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ > > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
