Jon,
On Fri, Jul 24, 2009 at 3:06 PM, jrose<[email protected]> wrote:
> Hey,
>
> I've extended the importResult plugin to parse burp logs for input since I
> often use burp when reviewing applications.
I also use burp frequently and I never saw how to save/export the
proxy logs. After some searching in the burpsuite help I found the the
save state appears in the professional version only. Is that right?
> I've also added the ability to
> supply a cookie value for the requests.
That's good, and the cookie value from burp's requests headers should
be replaced by the one provided by the users.
> Right now the code is real simple,
> but take a look and let me know what you think.
The code is good, I like it. Here are my comments:
- In the future we'll move this logic to the core, just in case
any other plugin needs it.
- The headers from the log file aren't being parsed, this would
break some requests. For example, requests with multipart post won't
work.
- Code is clean and simple
- To test it, I would need a log file generated by burp. I don't
own a professional license for it.
- Is the host option *really* needed? Can't you get that
information from the log?
Thanks for your contribution, and for noticing that the text input
file for importResults with the ',' is broken whenever a URL with
commas is imported. I just fixed that issue here [0].
[0] http://w3af.svn.sourceforge.net/w3af/?rev=2978&view=rev
Cheers,
> - Jon
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-develop mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
