Pootzko,
On Sun, Sep 12, 2010 at 11:15 PM, Andres Riancho
<andres.rian...@gmail.com> wrote:
> Pootzko,
>
> Welcome! Please read inline,
>
> On Wed, Sep 8, 2010 at 8:40 AM, pootzko <poot...@gmail.com> wrote:
>> hey guys,
>>
>> sorry for not replying sooner, gmail put this into spam... and I check it
>> every 1-2 weeks to make sure nothing important went into spam. I would be
>> happy to try and make this module, but right now I'm in the middle of
>> college exams so until I finish them off I don't want to even start doing
>> anything because it will become so interesting to do that I'll eventualy
>> stop studying for exams :D
>
> Stay in school :P
>
>> so if nobody does this int 3-4 weeks max, I'll do it then. if it's done by
>> then, I'll just have to find some other taks =)
>
> I'll send you a reminder about this task in 3 weeks.
How were your exams? Do you have time to help with this task? How
can we help you become a successful w3af contributor?
Thanks!
>> thank you, and talk to you soon
>>
>> On Fri, Sep 3, 2010 at 8:59 AM, Aung Khant <aungkh...@yehg.net> wrote:
>>>
>>> Glad to hear that, pootzko.
>>>
>>>
>>> 1. First learn existing modules and how they write.
>>> 2. Tweak it to your wish, Play with it so that you can better understand
>>> about how they work
>>> 3. After getting familiar with it, create a very simple module, test it,
>>> play with it
>>>
>>> Ok, for quick assignment, I wish you to write a simple module that does
>>> the HTTP Parameter Polution ( It seems that it was not written/committed to
>>> svn before - Check about this :
>>> http://www.mail-archive.com/w3af-develop@lists.sourceforge.net/msg00911.html
>>> , Andres Riancho thought it is not usable for most cases). Whether it's
>>> worth or not, try it.
>>>
>>>
>>> The Pseucode is as follows:
>>>
>>>
>>> Take a URL with parameters (eg. http://site.com/test.php?a=1&b=2&c=3)
>>>
>>> For each parameter
>>>
>>> 1. Take note of original request response
>>> (http://site.com/test.php?a=1&b=2&c=3)
>>>
>>> 2. Take note of request responses for these HPP urls:
>>> http://site.com/test.php?a=1&b=2&a=yyyy&c=3
>>> http://site.com/test.php?a=1&b=2&c=3&a=zzz
>>>
>>> 3. Detect using the following criteria:
>>>
>>> a) Compare the length of these responses
>>> Differences in length may indicate HPP vulnerable.
>>>
>>> b) Are these Polluted parameters concatenated together in
>>> Response Body?
>>> [ Risk: Possible bypass of web application firewalls]
>>> [ like:
>>> a=id+UNION+SELECT&b=2&a=%201,2,3,@@version--&c=3 ]
>>>
>>>
>>>
>>>
>>> End For
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Sep 3, 2010 at 4:48 AM, Taras <ox...@oxdef.info> wrote:
>>>>
>>>> -------- Forwarded Message --------
>>>> From: pootzko <poot...@gmail.com>
>>>> Reply-to: poot...@gmail.com
>>>> To: Taras <ox...@oxdef.info>
>>>> Subject: Re: [W3af-develop] Searching for new contributors?
>>>> Date: Sun, 25 Jul 2010 14:37:50 +0200
>>>>
>>>> Hi everyone!
>>>>
>>>> I just wanted to write an email here on the list about wanting to
>>>> contribute to w3af =)
>>>> Started playing with it 2 weeks ago, and also started learning python
>>>> not so long ago so I was thinking to ask you guys to give me some simple
>>>> task for start (saw your "Why are you doing this: "I want to learn
>>>> Python"" in w3af FAQ hehe). Later I could move on to some more complex
>>>> stuff as I find my way around python and w3af more.
>>>>
>>>> Currently I'm a computer science student (from this autumn I'll be at my
>>>> fifth, final year) and I come mostly from c/c++ and php background. I've
>>>> of course used some other languages during my studies and playing around
>>>> but not so extensively. I'm just saying this to say that I don't
>>>> consider myself some kind of a developer (yet) but I'm eager to learn.
>>>> One other reason I decided to ask to contribute to this project is
>>>> because I would like to profile myself in computer security... So I
>>>> consider this a good starting point. =)
>>>>
>>>> What do you propose?
>>>>
>>>> thanks =)
>>>>
>>>> On Sat, Jul 24, 2010 at 4:43 PM, Taras <ox...@oxdef.info> wrote:
>>>> Hi, all!
>>>>
>>>>
>>>> What do you think about searching for new contributors for w3af?
>>>> It looks like we need more people :)
>>>>
>>>> What I suggest:
>>>> - write letters to popular mail lists
>>>> - write messages to popular forums and boards
>>>>
>>>>
>>>> --
>>>> Taras
>>>> http://oxdef.info
>>>> ----
>>>> "Software is like sex: it's better when it's free." - Linus
>>>> Torvalds
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by Sprint
>>>> What will you do first with EVO, the first 4G phone?
>>>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
>>>> _______________________________________________
>>>> W3af-develop mailing list
>>>> w3af-deve...@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>
>>>>
>>>>
>>>> --
>>>> Kit Tihomir
>>>> http://www.cmikavac.net/
>>>>
>>>> --
>>>> Taras
>>>> http://oxdef.info
>>>> ----
>>>> "Software is like sex: it's better when it's free." - Linus Torvalds
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net Dev2Dev email is sponsored by:
>>>>
>>>> Show off your parallel programming skills.
>>>> Enter the Intel(R) Threading Challenge 2010.
>>>> http://p.sf.net/sfu/intel-thread-sfd
>>>> _______________________________________________
>>>> W3af-develop mailing list
>>>> W3af-develop@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>
>>
>>
>>
>> --
>> Kit Tihomir
>> http://www.cmikavac.net/
>>
>> ------------------------------------------------------------------------------
>> This SF.net Dev2Dev email is sponsored by:
>>
>> Show off your parallel programming skills.
>> Enter the Intel(R) Threading Challenge 2010.
>> http://p.sf.net/sfu/intel-thread-sfd
>> _______________________________________________
>> W3af-develop mailing list
>> W3af-develop@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
