Hey taras and list

>>> > >>>> - Is there a plugin that analyzes HTML code (like input length 
>>> > >>>> fields) and then generates injection strings out of it?
>>> > >>>>    Example: There is a <input name="name" type="text" 
>>> > >>>> maxlength="30">> tag and w3af tries to inject strings with lengths 
>>> > >>>> 29, 30 and 31
>>> > >>
>>> > >>For now, the max length parameter is totally ignored.
>>> > >>
>>> >
>>> > I'm planning to write a Fuzzer plugin, which has a configurable option 
>>> > how many tests should be
>>> > done (exhaustiveness) on a scale from 0 to 100, chooses and mutates 
>>> > injection data in various ways
>>> > by combining, repeating, deleting, reordering and encoding of different 
>>> > data. It should be able to
>>> > analyze HTML tags as well. I'll start soon and it's part of my job.
>>>
>>> No, this shouldn't be done as a plugin. This should be done in the
>>> core! I think that you should search for the place where the different
>>> fuzzable requests are created now (see tmb, all, tb in misc settings)
>>> and then work from there. I think that the tmb/t/b/all implementation
>>> is great, but it should be moved to somewhere else; I think that the
>>> best place would be the createMutants.
>>>
>>> @Taras: What do you think?
>>
>>First of all I think that I don't really understand what more complex
>>HTML analysis we need in W3AF and needing to take attention in such
>>things (which are controlled on client side) like HTML tag attribute
>>maxlength. Floyd could you please describe a bit more it?

I think it is important that a web application framework extracts as many 
information from the webpage under test
as possible. If we know things as maxlength (and there are much more 
interesting "tags"), we know what
better what the programmer was thinking when she wrote the HTML code.

For example when a field has length 12 I would try to inject strings with 
length 12, 13 and e.g. 15 and
compare the responses.

>>
>>> Would this be possible? I think that the
>>> parsers should generate one fuzzable request, and the createMutants
>>> function should be the one that would create the different mutants
>>> based on the configuration.
>>
>>It's very interesting question! And there is no such thing as
>>impossible :)
>>But what is wrong (in design context) in current state? That form has
>>variants? Or that these variants are generated in
>>createFuzzableRequests()?

Sorry I haven't read enough core code to answer that.

I try to develop something and report back then

cheers
floyd



      
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to