Dobin, On Wed, Oct 20, 2010 at 1:17 PM, Taras <ox...@oxdef.info> wrote: > +w3af-develop@ > > Hi, Dobin! > >> >>> reqResViewer.patch: The actual split view implementation >> > About slit view. Could you please make some screenshots with your view? >> > I plan to add split (req/res) view as option. >> >>> craftedRequest.patch: remove unecessary additional button bar >> > Screenshots? I has made some improvements in my branch. >> >> http://img812.imageshack.us/f/reqk.png/ > It's ok, we already have some code for this (furthermore we have already > discussed it in the list) > and I plan a option for this purpose. > >> >>> Fourth, i did some more digging into the w3af codebase, and what i've >> >>> seen wasnt pretty. >> > Could you please give some arguments? >> >> Sure. All the UI code is in one directory. Multiple classes with >> meaningless names are in one file. > I don't think that all our classes have meaningless names.
+1 , they are meaningless until you read the documentation :) > By the way we begin to use code conventions and so on [0] > But I agree that we need to do a lot of work to make w3af better in core too. > So as open source project we are searching for new contributors ;) +1 ! >> UI not based on MVC principle. > We have some separation in our code. GTK UI for V, core classes for C and > e.g. history class for M. > >> Imho there should be a directory for each "window", with helper classes >> in its own file in the same directory. > Could you please describe more your idea? Do you propose to rewrite the whole UI ? >> queryParams = getQueryString(self._obj.getURI()) >> where it should be, if one is using OO programming: >> queryParams = self.httpObject.request.getGetParams() > Agree. Completely agree on this one. It should be done like that. >> For adding another tab with POST params, i needed to move around a lot >> of code because the authors didnt use encapsulation. > I don't totally agree with it. But we can make some common class for "table > things" > like headers, cookies, post params. Do you talk about such stuff? > >> And thats just what i have seen the few hours i played with that thing, >> and i dont even know python :) > Python is nice readable language so to understand code you don't really need > to know Python. > >> I didnt had a look at the proxy feature of w3af, because i use webscarab >> for this sort of things. But first thing i see while trying it out are >> bugs, caused by my patches. It seems like proxywin.py is calling some UI >> code in reqResViewer.py, like "nb.next_page()", which of course does not >> exist anymore. /* no comment */ > I can't find such code in this file in trunk and my branches, > could you please give more information and we will fix it? > >> Anyway, feedback for the w3af proxy ui. It's clean and tidy, i like it :) >> The gtksourceview2 thingy is a good feature, i like it too. BUT, it's >> still not a good solution. When attacking a web application, i dont want >> to scroll each request i've made through the whole header, changing >> chars in the middle of it. Imho, an attacker want to change: >> - header >> - get params >> - post params >> - cookies > Dobin, as I already has wrote in previous letter we want to make it for the > first more stable and fast. > When I talk about stable and fast I mean we at least need to normally "scan" > such web app like Gmail. > It is real problem. When we will have stable core we of course will can add > more features. > I will be glad if you taste in some periods proxy in my brunch and w3af in > common. > > Anyway thanks for response! :) > > [0] https://sourceforge.net/apps/trac/w3af/wiki/code-convention > > -- > Taras > http://oxdef.info > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
