pham, On Sat, Jul 25, 2009 at 4:06 AM, pham toan<pham0van0t...@gmail.com> wrote: >>Go to discovery.webSpider, and learn how the htmlParser is used >>(search for dpCache) and then apply that to fingerPKS. When you have a >>working version of fingerPKS, you should send it to the list for me to >>review and finally commit to the SVN. > > Here is my code from your idea, using documentParsers to get Email from PKS > server's response : > > <code> > #fingerPKS.py > ------------snip--------------- > def discover(self, fuzzableRequest ): > ''' > @parameter fuzzableRequest: A fuzzableRequest instance that contains > (among other things) the URL to test. > ''' > if not self._run: > # This will remove the plugin from the discovery plugins to be > runned. > raise w3afRunOnce() > else: > # This plugin will only run one time. > self._run = False > > pks_se = pks( self._urlOpener) > > url = fuzzableRequest.getURL() > domain_root = urlParser.getRootDomain( url ) > > url = 'http://pgp.mit.edu:11371/pks/lookup?' > #search for email account relate domain_root > _query = urllib.urlencode({'op':'index','search':domain_root}) > #get response from PKI server > response = urllib2.urlopen(url+_query).read() > documentParser = dpCache.dpc.getDocumentParserFor( response ) > #here we get emails address with @domain_root > results = documentParser.getEmails(domain_root) > > > > for result in results: > i = info.info() > i.setURL( 'http://pgp.mit.edu:11371/' ) > mail = result.username +'@' + domain_root > i.setName( mail ) > i.setDesc( 'The mail account: "'+ mail + '" was found in the > MIT PKS server. ' ) > i['mail'] = mail > i['user'] = result.username > i['name'] = result.name > kb.kb.append( 'mails', 'mails', i ) > kb.kb.append( self, 'mails', i ) > om.out.information( i.getDesc() ) > > return [] > -------snip------------------ > </code> > > I can't check if it work because my eric ide doesn't woking properly. Please > check it and send me result, if it not work, i will try again. Thanks !
Your code has some problems, like for example using urllib2 instead of urlOpener, which is the way to do it in w3af. If you use urllib2 you don't use all the configuration that the user did in the framework, like proxy settings, etc. I just did the change myself, you can see it here [0]. I finally changed the pks search engine a little bit, and added a regular expression to verify that all results are *real* email addresses. [0] http://w3af.svn.sourceforge.net/w3af/?rev=2979&view=rev Cheers, > > ------------------------------------------------------------------------------ > > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
