Pootzko,
Welcome! Please read inline,
On Wed, Sep 8, 2010 at 8:40 AM, pootzko <[email protected]> wrote:
> hey guys,
>
> sorry for not replying sooner, gmail put this into spam... and I check it
> every 1-2 weeks to make sure nothing important went into spam. I would be
> happy to try and make this module, but right now I'm in the middle of
> college exams so until I finish them off I don't want to even start doing
> anything because it will become so interesting to do that I'll eventualy
> stop studying for exams :D
Stay in school :P
> so if nobody does this int 3-4 weeks max, I'll do it then. if it's done by
> then, I'll just have to find some other taks =)
I'll send you a reminder about this task in 3 weeks.
> thank you, and talk to you soon
>
> On Fri, Sep 3, 2010 at 8:59 AM, Aung Khant <[email protected]> wrote:
>>
>> Glad to hear that, pootzko.
>>
>>
>> 1. First learn existing modules and how they write.
>> 2. Tweak it to your wish, Play with it so that you can better understand
>> about how they work
>> 3. After getting familiar with it, create a very simple module, test it,
>> play with it
>>
>> Ok, for quick assignment, I wish you to write a simple module that does
>> the HTTP Parameter Polution ( It seems that it was not written/committed to
>> svn before - Check about this :
>> http://www.mail-archive.com/[email protected]/msg00911.html
>> , Andres Riancho thought it is not usable for most cases). Whether it's
>> worth or not, try it.
>>
>>
>> The Pseucode is as follows:
>>
>>
>> Take a URL with parameters (eg. http://site.com/test.php?a=1&b=2&c=3)
>>
>> For each parameter
>>
>> 1. Take note of original request response
>> (http://site.com/test.php?a=1&b=2&c=3)
>>
>> 2. Take note of request responses for these HPP urls:
>> http://site.com/test.php?a=1&b=2&a=yyyy&c=3
>> http://site.com/test.php?a=1&b=2&c=3&a=zzz
>>
>> 3. Detect using the following criteria:
>>
>> a) Compare the length of these responses
>> Differences in length may indicate HPP vulnerable.
>>
>> b) Are these Polluted parameters concatenated together in
>> Response Body?
>> [ Risk: Possible bypass of web application firewalls]
>> [ like:
>> a=id+UNION+SELECT&b=2&a=%201,2,3,@@version--&c=3 ]
>>
>>
>>
>>
>> End For
>>
>>
>>
>>
>>
>>
>> On Fri, Sep 3, 2010 at 4:48 AM, Taras <[email protected]> wrote:
>>>
>>> -------- Forwarded Message --------
>>> From: pootzko <[email protected]>
>>> Reply-to: [email protected]
>>> To: Taras <[email protected]>
>>> Subject: Re: [W3af-develop] Searching for new contributors?
>>> Date: Sun, 25 Jul 2010 14:37:50 +0200
>>>
>>> Hi everyone!
>>>
>>> I just wanted to write an email here on the list about wanting to
>>> contribute to w3af =)
>>> Started playing with it 2 weeks ago, and also started learning python
>>> not so long ago so I was thinking to ask you guys to give me some simple
>>> task for start (saw your "Why are you doing this: "I want to learn
>>> Python"" in w3af FAQ hehe). Later I could move on to some more complex
>>> stuff as I find my way around python and w3af more.
>>>
>>> Currently I'm a computer science student (from this autumn I'll be at my
>>> fifth, final year) and I come mostly from c/c++ and php background. I've
>>> of course used some other languages during my studies and playing around
>>> but not so extensively. I'm just saying this to say that I don't
>>> consider myself some kind of a developer (yet) but I'm eager to learn.
>>> One other reason I decided to ask to contribute to this project is
>>> because I would like to profile myself in computer security... So I
>>> consider this a good starting point. =)
>>>
>>> What do you propose?
>>>
>>> thanks =)
>>>
>>> On Sat, Jul 24, 2010 at 4:43 PM, Taras <[email protected]> wrote:
>>> Hi, all!
>>>
>>>
>>> What do you think about searching for new contributors for w3af?
>>> It looks like we need more people :)
>>>
>>> What I suggest:
>>> - write letters to popular mail lists
>>> - write messages to popular forums and boards
>>>
>>>
>>> --
>>> Taras
>>> http://oxdef.info
>>> ----
>>> "Software is like sex: it's better when it's free." - Linus
>>> Torvalds
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by Sprint
>>> What will you do first with EVO, the first 4G phone?
>>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
>>> _______________________________________________
>>> W3af-develop mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>
>>>
>>>
>>> --
>>> Kit Tihomir
>>> http://www.cmikavac.net/
>>>
>>> --
>>> Taras
>>> http://oxdef.info
>>> ----
>>> "Software is like sex: it's better when it's free." - Linus Torvalds
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net Dev2Dev email is sponsored by:
>>>
>>> Show off your parallel programming skills.
>>> Enter the Intel(R) Threading Challenge 2010.
>>> http://p.sf.net/sfu/intel-thread-sfd
>>> _______________________________________________
>>> W3af-develop mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>
>
>
> --
> Kit Tihomir
> http://www.cmikavac.net/
>
> ------------------------------------------------------------------------------
> This SF.net Dev2Dev email is sponsored by:
>
> Show off your parallel programming skills.
> Enter the Intel(R) Threading Challenge 2010.
> http://p.sf.net/sfu/intel-thread-sfd
> _______________________________________________
> W3af-develop mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
