hi,
last one was yesterday =)
i'll get onto the problem, and try to make this http module. if I get stuck,
i'll ask..
and probably seek you out on irc =)
On Mon, Oct 4, 2010 at 5:47 PM, Andres Riancho <andres.rian...@gmail.com>wrote:
> Pootzko,
>
> On Sun, Sep 12, 2010 at 11:15 PM, Andres Riancho
> <andres.rian...@gmail.com> wrote:
> > Pootzko,
> >
> > Welcome! Please read inline,
> >
> > On Wed, Sep 8, 2010 at 8:40 AM, pootzko <poot...@gmail.com> wrote:
> >> hey guys,
> >>
> >> sorry for not replying sooner, gmail put this into spam... and I check
> it
> >> every 1-2 weeks to make sure nothing important went into spam. I would
> be
> >> happy to try and make this module, but right now I'm in the middle of
> >> college exams so until I finish them off I don't want to even start
> doing
> >> anything because it will become so interesting to do that I'll eventualy
> >> stop studying for exams :D
> >
> > Stay in school :P
> >
> >> so if nobody does this int 3-4 weeks max, I'll do it then. if it's done
> by
> >> then, I'll just have to find some other taks =)
> >
> > I'll send you a reminder about this task in 3 weeks.
>
> How were your exams? Do you have time to help with this task? How
> can we help you become a successful w3af contributor?
>
> Thanks!
>
> >> thank you, and talk to you soon
> >>
> >> On Fri, Sep 3, 2010 at 8:59 AM, Aung Khant <aungkh...@yehg.net> wrote:
> >>>
> >>> Glad to hear that, pootzko.
> >>>
> >>>
> >>> 1. First learn existing modules and how they write.
> >>> 2. Tweak it to your wish, Play with it so that you can better
> understand
> >>> about how they work
> >>> 3. After getting familiar with it, create a very simple module, test
> it,
> >>> play with it
> >>>
> >>> Ok, for quick assignment, I wish you to write a simple module that does
> >>> the HTTP Parameter Polution ( It seems that it was not
> written/committed to
> >>> svn before - Check about this :
> >>>
> http://www.mail-archive.com/w3af-develop@lists.sourceforge.net/msg00911.html
> >>> , Andres Riancho thought it is not usable for most cases). Whether it's
> >>> worth or not, try it.
> >>>
> >>>
> >>> The Pseucode is as follows:
> >>>
> >>>
> >>> Take a URL with parameters (eg. http://site.com/test.php?a=1&b=2&c=3)
> >>>
> >>> For each parameter
> >>>
> >>> 1. Take note of original request response
> >>> (http://site.com/test.php?a=1&b=2&c=3)
> >>>
> >>> 2. Take note of request responses for these HPP urls:
> >>> http://site.com/test.php?a=1&b=2&a=yyyy&c=3
> >>> http://site.com/test.php?a=1&b=2&c=3&a=zzz
> >>>
> >>> 3. Detect using the following criteria:
> >>>
> >>> a) Compare the length of these responses
> >>> Differences in length may indicate HPP vulnerable.
> >>>
> >>> b) Are these Polluted parameters concatenated together
> in
> >>> Response Body?
> >>> [ Risk: Possible bypass of web application
> firewalls]
> >>> [ like:
> >>> a=id+UNION+SELECT&b=2&a=%201,2,3,@@version--&c=3 ]
> >>>
> >>>
> >>>
> >>>
> >>> End For
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Fri, Sep 3, 2010 at 4:48 AM, Taras <ox...@oxdef.info> wrote:
> >>>>
> >>>> -------- Forwarded Message --------
> >>>> From: pootzko <poot...@gmail.com>
> >>>> Reply-to: poot...@gmail.com
> >>>> To: Taras <ox...@oxdef.info>
> >>>> Subject: Re: [W3af-develop] Searching for new contributors?
> >>>> Date: Sun, 25 Jul 2010 14:37:50 +0200
> >>>>
> >>>> Hi everyone!
> >>>>
> >>>> I just wanted to write an email here on the list about wanting to
> >>>> contribute to w3af =)
> >>>> Started playing with it 2 weeks ago, and also started learning python
> >>>> not so long ago so I was thinking to ask you guys to give me some
> simple
> >>>> task for start (saw your "Why are you doing this: "I want to learn
> >>>> Python"" in w3af FAQ hehe). Later I could move on to some more complex
> >>>> stuff as I find my way around python and w3af more.
> >>>>
> >>>> Currently I'm a computer science student (from this autumn I'll be at
> my
> >>>> fifth, final year) and I come mostly from c/c++ and php background.
> I've
> >>>> of course used some other languages during my studies and playing
> around
> >>>> but not so extensively. I'm just saying this to say that I don't
> >>>> consider myself some kind of a developer (yet) but I'm eager to learn.
> >>>> One other reason I decided to ask to contribute to this project is
> >>>> because I would like to profile myself in computer security... So I
> >>>> consider this a good starting point. =)
> >>>>
> >>>> What do you propose?
> >>>>
> >>>> thanks =)
> >>>>
> >>>> On Sat, Jul 24, 2010 at 4:43 PM, Taras <ox...@oxdef.info> wrote:
> >>>> Hi, all!
> >>>>
> >>>>
> >>>> What do you think about searching for new contributors for
> w3af?
> >>>> It looks like we need more people :)
> >>>>
> >>>> What I suggest:
> >>>> - write letters to popular mail lists
> >>>> - write messages to popular forums and boards
> >>>>
> >>>>
> >>>> --
> >>>> Taras
> >>>> http://oxdef.info
> >>>> ----
> >>>> "Software is like sex: it's better when it's free." - Linus
> >>>> Torvalds
> >>>>
> >>>>
> >>>>
>
> ------------------------------------------------------------------------------
> >>>> This SF.net email is sponsored by Sprint
> >>>> What will you do first with EVO, the first 4G phone?
> >>>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> >>>> _______________________________________________
> >>>> W3af-develop mailing list
> >>>> W3af-develop@lists.sourceforge.net
> >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Kit Tihomir
> >>>> http://www.cmikavac.net/
> >>>>
> >>>> --
> >>>> Taras
> >>>> http://oxdef.info
> >>>> ----
> >>>> "Software is like sex: it's better when it's free." - Linus Torvalds
> >>>>
> >>>>
> >>>>
> >>>>
> ------------------------------------------------------------------------------
> >>>> This SF.net Dev2Dev email is sponsored by:
> >>>>
> >>>> Show off your parallel programming skills.
> >>>> Enter the Intel(R) Threading Challenge 2010.
> >>>> http://p.sf.net/sfu/intel-thread-sfd
> >>>> _______________________________________________
> >>>> W3af-develop mailing list
> >>>> W3af-develop@lists.sourceforge.net
> >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >>>
> >>
> >>
> >>
> >> --
> >> Kit Tihomir
> >> http://www.cmikavac.net/
> >>
> >>
> ------------------------------------------------------------------------------
> >> This SF.net Dev2Dev email is sponsored by:
> >>
> >> Show off your parallel programming skills.
> >> Enter the Intel(R) Threading Challenge 2010.
> >> http://p.sf.net/sfu/intel-thread-sfd
> >> _______________________________________________
> >> W3af-develop mailing list
> >> W3af-develop@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >>
> >>
> >
> >
> >
> > --
> > Andrés Riancho
> > Founder, Bonsai - Information Security
> > http://www.bonsai-sec.com/
> > http://w3af.sf.net/
> >
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
--
Kit Tihomir
http://www.cmikavac.net/
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
