Yonny,
On Tue, Jan 25, 2011 at 2:22 PM, yonny mutai <[email protected]> wrote:
> Hi guys,
>
> Dont know if this is the right place ....
Sure, shoot! :)
> w3af bombed as shown below:
>
...
>
> The remote HTTP Server omitted the "server" header in its response. This
> information was found in the request with id 203.
> Hmap web server fingerprint is starting, this may take a while.
> The most accurate fingerprint for this HTTP server is:
> "['Microsoft-IIS/6.0', None]".
It seems that the hmap plugin is saving something strange to the KB
> Unhandled error, traceback: Traceback (most recent call last):
> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 419, in start
> self._realStart()
> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 491, in
> _realStart
> self._fuzzableRequestList = self._discover_and_bruteforce()
> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 364, in
> _discover_and_bruteforce
> discovered_fr_list = self._discover( tmp_list )
> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 712, in
> _discover
> result = self._discoverWorker( toWalk )
> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 781, in
> _discoverWorker
> pluginResult = plugin.discover_wrapper( fr )
> File
> "/pentest/web/w3af/core/controllers/basePlugin/baseDiscoveryPlugin.py", line
> 48, in discover_wrapper
> return self.discover( fuzzable_request_copy )
> File "/pentest/web/w3af/plugins/discovery/pykto.py", line 103, in discover
> self.__run( url )
> File "/pentest/web/w3af/plugins/discovery/pykto.py", line 143, in __run
> self._pykto( url , test_list )
> File "/pentest/web/w3af/plugins/discovery/pykto.py", line 251, in _pykto
> if self._generic_scan or self._server_match( server ):
> File "/pentest/web/w3af/plugins/discovery/pykto.py", line 322, in
> _server_match
> msg = 'pykto plugin is using "' + kb_server + '" as the remote server
> type.'
> TypeError: cannot concatenate 'str' and 'list' objects
And then pykto crashes when trying to use it as it expects a string.
> Exception in thread Thread-11:
> Traceback (most recent call last):
> File "/usr/lib/python2.6/threading.py", line 532, in __bootstrap_inner
> self.run()
> File "/usr/lib/python2.6/threading.py", line 484, in run
> self.__target(*self.__args, **self.__kwargs)
> File "/pentest/web/w3af/core/ui/consoleUi/rootMenu.py", line 119, in
> _real_start
> raise e
> TypeError: cannot concatenate 'str' and 'list' objects
>
It looks like this happens when the remote server doesn't set a
"Server:" header in its response.
Do you have a way in which I can reproduce this in order to
complete the fix? If so, I could do it today.
Regards,
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> W3af-develop mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
