Floyd, On Wed, Dec 23, 2009 at 11:03 AM, Floyd Fuh <floyd_...@yahoo.de> wrote: > Hey Andres and list > >>> Floyd, >>> >>> On Mon, Dec 21, 2009 at 11:58 AM, Floyd Fuh <floyd_...@yahoo.de> wrote: >>> > Andres, >>> > >>> > Your suggestion will work alright as long as there is no >>> > word with two different meanings. Means if >>> > there is no word which means something in one language >>> > and something completely different in another language. >>> > And I think that won't happen very often. >>> >>> Yep, you're right, this wont happen very often. >>> >>> > I have a suggestion for the new smartFill method. It will use >>> > the longest one and if they are both the same length, it will use >>> > the one that is first inside the string. So if we have "password" as >>> > field >>> > name >>> > we prefer the db name "pass" instead of "word". >>> >>> Excellent suggestion. >>> >>> > variable_name = variable_name.lower() >>> > >>> > handlers = [ (long_alpha, (createRandAlpha, 7)), >>> > (short_alpha, (createRandAlpha, 3)), >>> > (long_number, (createRandNum, 5)), >>> > (short_number, (createRandNum, 2)), >>> > (date, (createRandNum, 1)), >>> > (password, (lambda x: 'w3af-FrAmEW0rK.', >>> > None)), >>> > (mail, (lambda x: 'w...@email.com', None)), >>> > (state, (lambda x: 'AK', None)) ] >>> > >>> > value = None >>> > used_name_from_db = None >>> > >>> > for name_function, (custom_generator, length) in handlers: >>> > >>> > for name_in_db in name_function(): >>> > if variable_name.count( name_in_db ) or name_in_db.count( >>> > variable_name ): #new db name in variable >>> > if value == None or len(name_in_db) > >>> > len(used_name_from_db): #new db name longer >>> > #use it >>> > used_name_from_db = name_in_db >>> > value = custom_generator( length ) >>> > elif len(name_in_db) == len(used_name_from_db): #new db >>> > same >>> > length as old db name >>> > #When we have abcdefg we prefer bcd instead of def >>> > used_index = >>> > max(variable_name.find(used_name_from_db), >>> > used_name_from_db.find(variable_name)) # One of both is -1 >>> > new_index = max(variable_name.find(name_in_db), >>> > name_in_db.find(variable_name)) # One of both is -1 >>> > if new_index < used_index: >>> > used_name_from_db = name_in_db >>> > value = custom_generator( length ) >>> > >>> > if value == None: >>> > # Well... nothing was found (this is bad!) >>> > # Its better to send numbers when nothing matches. >>> > value = createRandNum( 4 ) >>> > else: >>> > dbg = 'SmartFilling parameter ' + variable_name + ' of form >>> > because >>> > matching with ' >>> > dbg += used_name_from_db +' value: ' + value >>> > om.out.debug( dbg ) >>> > >>> > return value >>> >>> And I like the implementation also, so I commited it to the SVN. Thanks! >>> > > Great :) > >>> If you have other ideas to improve the algorithm, please let me know. >>> Something I've been thinking about, is that maybe instead of using the >>> result of "createRandAlpha(7)", we should use the result of >>> "createRandAlpha(7).lower()", I think that maybe there could be some >>> applications that accept "anclshf" but not accept "ndGksnZ" (see the G >>> and the Z); but all applications that accept "ndGksnZ" will also >>> accept "anclshf". With these simple modifications, maybe we can get >>> through some more filters, and find vulnerabilities that other fuzzers >>> don't find. >>> > > Hmm, I'm not sure. Normally they only check for alphabetic or numeric values > and are not case sensitive. I think both will work most of the time. > >>> Something else that could be interesting, is to change the >>> createRandAlpha function in order to seed it with some value, in order >>> to make it return always the same results. The problem I see is that >>> the implementation of such a feature could be really hard, given that >>> w3af uses threads and maybe one thread runs in position 1 on run #1, >>> but runs in position 3 on run #2. >>> > > That would be great. Maybe the threads have unique identifier? Then we could > maybe do something like this: > > def initialize(seedValue): > randomGenerator1 = random() > randomGenerator1.seed(seedValue) > randomGenerator2 = random() > randomGenerator2.seed(seedValue+20) > > #and then > if thread.id == 1: > randomGenerator1.choice(x) > elif thread.id == 2: > randomGenerator2.choice(x) > > Of course we will have to do that in a seperate object, so we would only do > wrapperObject.seed(seedValue) > wrapperObject.setThread(thread) > > #and then > wrapperObject.choice(x)
Yeah, this could work on some cases, the problem is that maybe task #1 is assigned to thread #1 when you run the program for the first time, but task #1 could be assigned to thread #4 when you run the program a second time. I think its not possible to easily perform something thats repeatable. Cheers, >>> > >>> > cheers >>> > floyd >>> > >>> > PS: Andres, I'm still answering your other mail :) >>> >>> hehe, ok. >>> > > Did you get my answer? :) Yes, but I've been **really** busy :( > Merry christmas everybody Thanks! marry xmas for you too, > floyd > > > __________________________________________________ > Do You Yahoo!? > Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz > gegen Massenmails. > http://mail.yahoo.com -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
