Taras, On Sun, Jul 26, 2009 at 5:53 PM, Taras<ta...@securityaudit.ru> wrote: > Andres, > > Sorry for late response. I was in business trip.
No problem mate, > By the way I begin to write on russian and english about W3AF in my secure > blog [0] Nice! =) >> I've been playing with your branch for a couple of hours, and now >> we are ready to launch plugins from any HTTP request and find >> vulnerabilities! > Great =) > >> Some comments: >> - The vulns are only shown in the console (print vuln), but all >> the rest is working. > I will develop some GUI message alert and fix bugs on this week. > And everything will be beautiful =) > By the way what do you think about when we will merge trunk and my branch? > > My questions about your commit in ReqResViewer: > > + # Parse the request text > + head,postdata = self.request.getBothTexts() > + request = httpRequestParser(head, postdata) > - Why did you in this situation use method getBothTexts() > instead of getObject() which already returns request object? The problem with getObject is that the object is not updated if the user changes the text in the text view! > - Why did you declare ThreadedURLImpact class inside _auditRequest() method? Hmmm, I don't have a real reason to do it that way. >> Your code for reqResViewer looks nice, it seems that you have much >> more GTK skills that me =). > Thanks, I simply try to write good code which will be simple to maintain =) > > [0] > http://securityaudit.blogspot.com/2009/07/w3af-proxy-v2-current-status.html > > > -- > Taras > ---- > "Software is like sex: it's better when it's free." - Linus Torvalds > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
