On Wed, Nov 4, 2009 at 8:29 PM, Raul Siles <raul.si...@gmail.com> wrote: > Taras, > I was testing the latest SVN revision from the official branch :( Sorry. > > Obviously, using your SVN branch rev. 3164, is much better. Sorry Andres ;) > All my other additional comments are covered by it. Excellent work!
I just tested the proxy and it looks pretty good. Good work Taras! > One final suggestion for the excellence of your branch :) When you > click on "Next Request", the focus stays on the Response tab, and you > need to manually go to the Request tab to continue manipulating > requests. It would be great if the focus changes automatically to the > Request tab (similarly as when you click on Drop Request) Right, it might be better to combine the Send Request and Next Request on the same button. This way you don't have to move the mouse. Maybe it would be interesting to add an option to actually see the response or skip directly to the next request. > > Cheers, > -- > Raul Siles > www.raulsiles.com > > > > On Wed, Nov 4, 2009 at 11:43 PM, Taras <ta...@securityaudit.ru> wrote: >> Raul, >> what version of W3AF do you test? >> >> New version of MITM Proxy you can find in my branch: svn checkout >> https://w3af.svn.sourceforge.net/svnroot/w3af/branches/taras w3af_taras >> >> >> >> On Wed, 2009-11-04 at 23:33 +0100, Raul Siles wrote: >>> Hi Taras, >>> Sometimes you may decide not to trap the responses manually, for >>> example, because you are simply collecting them for further inspection >>> or analysis, and don't want to interact with each of them. A good >>> example is when you are going to perform a hash or byte-by-byte >>> comparison of different responses; you don't need to inspect them >>> visually during the interception process. However, in that scenario >>> you might still want to modify the requests. I definitely find useful >>> to have independent buttons/checks for both types of interactions >>> (request & response). Most web interception proxies offer this option. >>> >>> Sorry but I do not get your clean suggestion. When you go into the >>> History tab, "id = 1" is the Search "term" and the only listed >>> request/response is number 1 or none (I don't remember it right now). >>> It would be very useful to have as the default option for the proxy >>> the whole list of requests/responses, without any filter. Of course, >>> you can always set the Search "term" to "id >= 1" and see all them (I >>> referred to the default option in my previous suggestion). >>> >>> One additional minor suggestion. Having the Send and Next buttons on >>> each side of the proxy Window limit its usability, as you need to move >>> back and forth between the two buttons. It is good to exercise your >>> mouse or trackpad ;) >>> >>> Cheers, >>> -- >>> Raul Siles >>> www.raulsiles.com >>> >>> >>> >>> On Wed, Nov 4, 2009 at 11:00 PM, Taras <ta...@securityaudit.ru> wrote: >>> > Hi, Raul! >>> > >>> >> - Why there is no "Trap Responses" button? It might be useful to >>> >> decide if we want to trap responses or not, in the same way we do with >>> >> the requests. >>> > >>> > In what situations it may be useful? >>> > >>> > >>> >> - I would provide an option in the "History" tab to be able to easily >>> >> show all the requests/responses (by default), in addition to the >>> >> search capabilities. >>> > >>> > You can push "Clean" button, isn't it? :) >>> > >>> > >>> > -- >>> > Taras - OSCP, OSWP >>> > ---- >>> > "Software is like sex: it's better when it's free." - Linus Torvalds >>> > >>> >> >> >> -- >> Taras - OSCP, OSWP >> ---- >> "Software is like sex: it's better when it's free." - Linus Torvalds >> > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
