Adam,

On Mon, Nov 2, 2009 at 6:43 PM, Adam Baldwin
<adam_bald...@ngenuity-is.com> wrote:
> I'm using w3af in a very non-interactive way and I'm looking to re-test
> for a particular finding without having to run the entire scan again
> (think re-testing for remediation). I'm looking to see if there would be
> interest in this type of feature and any input any of you may have.

I think it is one of the must-have features that w3af is missing. The
best way of implementing this would be:

- The w3af core should save all HTTP requests, HTTP responses and
findings in a sqlite3 database. This is already done for request and
responses by the gtkOutput plugin, but it should be integrated into
the core and findings should be added.

- When saving the finding, the following information should be saved:
    - Plugin that found it
    - Finding object, the "vuln" or "info" object
    - Related request/response

- The core should support "loading" of this database

- A "retest" method should be added to the core, which will take the
information from the finding, and re-run the tests only with the
specified plugin and to the specific URL.

I don't think that this is a lot of work... the framework is flexible
enough to allow all of this to be developed in one day of hard work.

If you decide to go for it, here are some comments that might help you:

- There is a "localCache.py" urllib2 handler, which saves every
request and response to a file. I've been meaning to replace that with
a sqlite3 database. Maybe this is the time.

- "localCache.py" and "gtkOutput" both save the same information... I
think that this is the time to remove gtkOutput, and replace sucky
file handling in localCache with sqlite3.

- You should show the users the findings, in a simple way like this:

    [0] XSS in parameter a of script foo.php
    [1] XSS in parameter b of script bar.php
    [2] SQL injection in parameter spam of script eggs.py

And then the users should perform something like:

    "retest 1"

Which internally will call w3afCore.retest( vuln_object_1,
plugin_that_found_it, fuzzable_request)

If you want to give it a try, please create a branch (you've got svn
access, right?) and we'll try to help you out.

Cheers,
> -Adam
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to