Floyd,
I'm reviewing old emails and this one popped up, I'll be hiring
the full time developer for w3af within this month, and one of his
tasks will be to understand and fix this very important issue.
Regards,
On Tue, Dec 29, 2009 at 3:46 PM, Floyd Fuh <floyd_...@yahoo.de> wrote:
> Hey Andres
>
> Exactly. The framework locks, no requests will be sent anymore and the GUI
> is still usable.
>
> I tried to find the bug with winpdb (on a Ubuntu machine). I wasn't able to
> find it,
> but at the end, a thread was busy waiting in the
> /usr/lib/python2.6/threading.py on
> line 248 (there is a "while True:" loop) and wasn't able to get out of
> there.
>
> I hope that helps, because my python skills are too poor to monitor multiple
> threads
> and then draw a correct conclusion :(
>
> cheers
> floyd
>
> PS: Here the verbose console output:
>
> some...@computer:~/Desktop/Dropbox/w3af$ ./w3af_gui
> Starting w3af, running on:
> Python version:
> 2.6.4 (r264:75706, Dec 7 2009, 18:43:55)
> [GCC 4.4.1]
> GTK version: 2.18.3
> PyGTK version: 2.16.0
>
> w3af - Web Application Attack and Audit Framework
> Version: 1.1 (from SVN server)
> Revision: 3259
> Author: Andres Riancho and the w3af team.
> Exiting setOutputPlugins()
> Auto-enabling plugin: grep.httpAuthDetect
> Called w3afCore.start()
> Called buildOpeners
> keepalive: The connection manager has 0 active connections.
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 1
> DNS response from DNS server for domain: www.example.com
> GET http://www.example.com returned HTTP code "200" - id: 1
> Assigning function object with id: "56409776" to a thread in the thread
> pool.
> Called _discoverWorker()
> Starting plugin: webSpider
> webSpider plugin is testing: http://www.example.com
> keepalive: The connection manager has 1 active connections.
> Starting grepWorker for response: < httpResponse | 200 |
> http://www.example.com | id:1 >
> GET http://www.example.com returned HTTP code "200" - id: 2
> Assigning function object with id: "64743056" to a thread in the thread
> pool.
> Assigning function object with id: "64814128" to a thread in the thread
> pool.
> Assigning function object with id: "64814208" to a thread in the thread
> pool.
> Assigning function object with id: "64814928" to a thread in the thread
> pool.
> Assigning function object with id: "64814368" to a thread in the thread
> pool.
> Assigning function object with id: "64814688" to a thread in the thread
> pool.
> Assigning function object with id: "64814528" to a thread in the thread
> pool.
> Assigning function object with id: "64815008" to a thread in the thread
> pool.
> Assigning function object with id: "64814288" to a thread in the thread
> pool.
> Assigning function object with id: "64814848" to a thread in the thread
> pool.
> Assigning function object with id: "64814608" to a thread in the thread
> pool.
> Assigning function object with id: "64856144" to a thread in the thread
> pool.
> Assigning function object with id: "64856224" to a thread in the thread
> pool.
> Assigning function object with id: "64856304" to a thread in the thread
> pool.
> Assigning function object with id: "64856384" to a thread in the thread
> pool.
> Assigning function object with id: "64856464" to a thread in the thread
> pool.
> Assigning function object with id: "64856544" to a thread in the thread
> pool.
> Assigning function object with id: "64858624" to a thread in the thread
> pool.
> Assigning function object with id: "64859904" to a thread in the thread
> pool.
> Assigning function object with id: "64859984" to a thread in the thread
> pool.
> Assigning function object with id: "64860064" to a thread in the thread
> pool.
> Assigning function object with id: "69324880" to a thread in the thread
> pool.
> Assigning function object with id: "69324960" to a thread in the thread
> pool.
> Assigning function object with id: "69325040" to a thread in the thread
> pool.
> Assigning function object with id: "69325120" to a thread in the thread
> pool.
> Assigning function object with id: "69325200" to a thread in the thread
> pool.
> Assigning function object with id: "69325280" to a thread in the thread
> pool.
> Assigning function object with id: "69325360" to a thread in the thread
> pool.
> Assigning function object with id: "69325440" to a thread in the thread
> pool.
> Assigning function object with id: "69325520" to a thread in the thread
> pool.
> Assigning function object with id: "69325600" to a thread in the thread
> pool.
> Assigning function object with id: "69325680" to a thread in the thread
> pool.
> Assigning function object with id: "69325760" to a thread in the thread
> pool.
> Assigning function object with id: "69325840" to a thread in the thread
> pool.
> Assigning function object with id: "69325920" to a thread in the thread
> pool.
> Starting grepWorker for response: < httpResponse | 200 |
> http://www.example.com | id:2 >
> keepalive: The connection manager has 1 active connections.
> keepalive: The connection manager has 1 active connections.
> keepalive: The connection manager has 1 active connections.
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 2
> Cached DNS response for domain: www.example.com
> keepalive: The connection manager has 2 active connections.
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 3
> Finished grepWorker for response: < httpResponse | 200 |
> http://www.example.com | id:2 >
> keepalive: The connection manager has 3 active connections.
> keepalive: The connection manager has 3 active connections.
> keepalive: The connection manager has 3 active connections.
> keepalive: The connection manager has 3 active connections.
> keepalive: The connection manager has 3 active connections.
> keepalive: The connection manager has 3 active connections.
> keepalive: The connection manager has 3 active connections.
> keepalive: The connection manager has 3 active connections.
> Finished grepWorker for response: < httpResponse | 200 |
> http://www.example.com | id:1 >
> keepalive: The connection manager has 3 active connections.
> Cached DNS response for domain: www.example.com
> keepalive: The connection manager has 3 active connections.
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 4
> keepalive: The connection manager has 4 active connections.
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 5
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 6
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 7
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 8
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 9
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 10
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 11
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 12
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 13
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 14
> Cached DNS response for domain: www.example.com
> keepalive: added one connection, len(self._hostmap["www.example.com"]): 15
> Cached DNS response for domain: www.example.com
> GET http://www.example.com/img/logo-klein.jpg returned HTTP code "200" - id:
> 3
> Assigning function object with id: "69326480" to a thread in the thread
> pool.
> Assigning function object with id: "69354192" to a thread in the thread
> pool.
> Assigning function object with id: "69355552" to a thread in the thread
> pool.
> Assigning function object with id: "69355952" to a thread in the thread
> pool.
> Assigning function object with id: "69356352" to a thread in the thread
> pool.
> Assigning function object with id: "69356432" to a thread in the thread
> pool..
> Assigning function object with id: "69356912" to a thread in the thread
> pool.
> Assigning function object with id: "69356512" to a thread in the thread
> pool.
> Assigning function object with id: "69357232" to a thread in the thread
> pool.
> Assigning function object with id: "69357472" to a thread in the thread
> pool.
> Assigning function object with id: "69390496" to a thread in the thread
> pool.
> Assigning function object with id: "69390816" to a thread in the thread
> pool.
> Assigning function object with id: "69391056" to a thread in the thread
> pool.
> Assigning function object with id: "69357072" to a thread in the thread
> pool.
> Assigning function object with id: "69356992" to a thread in the thread
> pool.
> GET http://www.example.com/img/design/logo.jpg returned HTTP code "200" -
> id: 4
> Assigning function object with id: "69326000" to a thread in the thread
> pool.
> GET http://www.example.com/google-analytics.com/ga.js returned HTTP code
> "404" - id: 5
> Assigning function object with id: "69390656" to a thread in the thread
> pool.
> keepalive: The connection manager has 15 active connections.
> keepalive: The connection manager has 15 active connections.
> keepalive: The connection manager has 15 active connections.
> keepalive: The connection manager has 15 active connections.
> GET http://www.example.com/profil.php?anfragen=1 returned HTTP code "200" -
> id: 9
> Assigning function object with id: "64814768" to a thread in the thread
> pool.
> GET http://www.example.com/inserate.php returned HTTP code "200" - id: 10
> Assigning function object with id: "69328320" to a thread in the thread
> pool.
> GET http://www.example.com/myangebote.php returned HTTP code "200" - id: 11
> Assigning function object with id: "69354432" to a thread in the thread
> pool.
> keepalive: The connection manager has 15 active connections.
> GET http://www.example.com/anfrageeinstellen.php returned HTTP code "200" -
> id: 13
> Assigning function object with id: "69327280" to a thread in the thread
> pool.
> GET http://www.example.com/logic.php?page=login returned HTTP code "200" -
> id: 14
> Assigning function object with id: "64814368" to a thread in the thread
> pool.
> GET http://www.example.com/anfragesuche.php?searched=true returned HTTP code
> "200" - id: 15
> Assigning function object with id: "69353792" to a thread in the thread
> pool.
> GET http://www.example.com/img/design/anmeldebutton.jpg returned HTTP code
> "200" - id: 16
> Assigning function object with id: "69328080" to a thread in the thread
> pool.
> GET http://www.example.com/css/ie.css returned HTTP code "200" - id: 17
> Assigning function object with id: "69328800" to a thread in the thread
> pool.
> GET http://www.example.com/anleitung.php returned HTTP code "200" - id: 18
> Assigning function object with id: "69327840" to a thread in the thread
> pool.
> GET http://www.example.com/sponsoren.php returned HTTP code "200" - id: 19
> Assigning function object with id: "69327600" to a thread in the thread
> pool.
> GET http://www.example.com/impressum.php returned HTTP code "200" - id: 20
> Assigning function object with id: "69353712" to a thread in the thread
> pool.
> GET http://www.example.com/kontakt.php returned HTTP code "200" - id: 21
> Assigning function object with id: "69326240" to a thread in the thread
> pool.
> GET http://www.example.com/index.php returned HTTP code "200" - id: 22
> Assigning function object with id: "69328560" to a thread in the thread
> pool.
>
>
>
>
> ________________________________
> Von: Andres Riancho <andres.rian...@gmail.com>
> An: Floyd Fuh <floyd_...@yahoo.de>
> CC: w3af-develop@lists.sourceforge.net
> Gesendet: Montag, den 28. Dezember 2009, 23:26:46 Uhr
> Betreff: Re: [W3af-develop] Profile maxThreads
>
> Floyd,
>
> On Mon, Dec 28, 2009 at 11:34 AM, Floyd Fuh <floyd_...@yahoo.de> wrote:
>> Hi everybody
>>
>> I spent the hole day to find out, why the webSpider stopped working (for
>> me).
>> The webSpider just stuck after a few seconds. I have an Ubuntu Karmic
>> machine and I
>> always had to "Force Quit" it.
>>
>> What didn't work:
>> 1. Delete w3af completely and ".w3af" folder in home directory
>> 2. svn checkout newest version
>> 3. start w3af_gui
>> 4. In empty_profile enable webSpider
>> 5. Type in an URL
>> 6. Start
>> 7. --> webSpider stuck and I had to "Force Quit" it
>>
>> What did work:
>> 1. Delete w3af completely and ".w3af" folder in home directory
>> 2. svn checkout (for example) revision 3200 (svn co -r 3200)
>> 3. start w3af_gui
>> 4. In empty_profile enable webSpider
>> 5. Type in an URL
>> 6. Start (everything works correctly)
>> 7. Close w3af_gui
>> 8. svn update (to newest revision)
>> 9. start w3af_gui
>> 10. In empty_profile enable webSpider
>> 11. Type in an URL
>> 12. Start
>>
>> In all profiles inside the ".w3af" folder in the home directory
>> "maxThreads = 0" was changed to "maxThreads = 15".
>> However, that won't work at least for my Ubuntu machine.
>>
>> I had to change all profiles to "maxThreads = 0"
>>
>> Any ideas why "maxThreads = 15" doesn't work?
>
> Damn... I don't know why this could be a problem. I just read the
> webSpider plugin source code again, and failed to find anything. The
> issue that you experience is that the framework simply locks, right?
> No HTTP requests are sent, and the GUI is still usable?
>
> Cheers,
>
>> best wishes
>> floyd
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
>> gegen Massenmails.
>> http://mail.yahoo.com
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev
>> _______________________________________________
>> W3af-develop mailing list
>> W3af-develop@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
> __________________________________________________
> Do You Yahoo!?
> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
> gegen Massenmails.
> http://mail.yahoo.com
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
