Jon, On Fri, Jul 10, 2009 at 10:05 AM, jrose<jr...@owasp.org> wrote: > Whoops, your right. Heres the update of the latest version.
Please note that the file in the SVN is named ria_enumerator, you should use that file! > Thanks, > Jon > > > > > On Jul 10, 2009, at 8:44 AM, Andres Riancho wrote: > >> Jon, >> >> On Wed, Jul 8, 2009 at 12:34 PM, jrose<jr...@owasp.org> wrote: >>> >>> Done. >> >> You added the new features to an OLD version of the plugin! You should >> work with the latest version from the trunk: >> >> >> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/ria_enumerator.py?view=log >> >>> >>> >>> >>> On Jun 24, 2009, at 2:07 PM, Andres Riancho wrote: >>> >>>> Jon, >>>> >>>> On Sat, Jun 20, 2009 at 4:34 PM, Andres >>>> Riancho<andres.rian...@gmail.com> >>>> wrote: >>>>> >>>>> Jon, >>>>> >>>>> On Fri, Jun 19, 2009 at 11:34 AM, jrose<jr...@owasp.org> wrote: >>>>>> >>>>>> Hey, >>>>>> >>>>>> I extended the CrossDomain.py discovery plugin to also identify google >>>>>> gears >>>>>> manifest files and Silverlight files. Check it out and let me know >>>>>> what >>>>>> you >>>>>> think. >>>>> >>>>> Excellent work! I just commited this to the trunk, and removed the >>>>> crossDomain plugin =) >>>>> >>>>> In the review process, I changed some minimal things, nothing really >>>>> important but it could be interesting for you to perform a diff >>>>> between your riaEnumerator and the final version I commited. >>>>> >>>>> Here is a link to the information related to the commit, please test >>>>> the plugin to see if it's working as expected. >>>>> >>>>> http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=2917 >>>>> >>>>> Thank you so much for your contribution, I hope you mention it at YSTS >>>>> :) See you there tomorrow! >>>> >>>> After your talk at YSTS I started to look at some of the RIA things >>>> you mentioned, and I found out that the Google gears manifest file >>>> contains some information that we aren't using in the plugin. >>>> >>>> For what I can see here [0], the manifest file contains lines like this >>>> ones: >>>> >>>> { "url": "index.html" }, >>>> >>>> And we aren't parsing them to return that information to the core. >>>> What if in this file we have one entry that says >>>> "super-secret-access.html" ? I would like the framework to be able to >>>> parse that, and crawl it using the rest of the plugins. >>>> >>>> What do you think? >>>> >>>> [0] http://code.google.com/apis/gears/tutorial.html >>>> >>>>> Cheers, >>>>> >>>>>> Thanks, >>>>>> Jon >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Crystal Reports - New Free Runtime and 30 Day Trial >>>>>> Check out the new simplified licensing option that enables unlimited >>>>>> royalty-free distribution of the report engine for externally facing >>>>>> server and web deployment. >>>>>> http://p.sf.net/sfu/businessobjects >>>>>> _______________________________________________ >>>>>> W3af-develop mailing list >>>>>> W3af-develop@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Andrés Riancho >>>>> Founder, Bonsai - Information Security >>>>> http://www.bonsai-sec.com/ >>>>> http://w3af.sf.net/ >>>>> >>>> >>>> >>>> >>>> -- >>>> Andrés Riancho >>>> Founder, Bonsai - Information Security >>>> http://www.bonsai-sec.com/ >>>> http://w3af.sf.net/ >>> >>> >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ > > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
