On Sun, Apr 24, 2011 at 11:05 AM, Taras <ox...@oxdef.info> wrote: > Andres, ping :) > > What about AuthManager? I start to implement it in separate branch, am > I? Or we need to discuss it? =) I hope we will have these 4 parts at > the end of current year and I think we can do it! >
+1 Let's go for it! :-) > On Wed, 2011-03-23 at 00:18 +0300, Taras wrote: >> Hi, all! >> >> Recent days I thought about usage of w3af in enterprise level. >> >> What things do I need for the current moment and think that it can be >> good base for the future: >> 1. web based UI to schedule scans and profile management with >> multiuser support >> 2. support for custom URL formats of web applications (at least URL >> rewrite) >> 3. more convenient login sequences feature >> 4. convenient way to test AJAX heavy usage applications (e.g. >> GMail) >> >> My technical suggestions: >> 1. very simple web UI with LDAP support and notifications. We can >> use Django for it >> 2. we can implement support for URL patterns like >> '/app/controller/action/%d' so w3af will understand which part >> of URL can be fuzzed and understand that such URL in modern web >> world is not file system path. >> 3. we can add login files (auth requests + special URL/pattern to >> check session) and we can generate such sequences with our MITM >> proxy tool. IMHO, it is most clear task from my list. >> 4. we can integrate into web UI proxy management (tester use this >> proxy to navigate through testing app so w3af will collect all >> requests for this app) and make special output plugin which will >> store in file all requests. Then we can use this file with >> already existing importResults plugin plus auth seq to test even >> such web applications like GMail automatically. >> >> These are my common points to discuss :) >> >> P.S. I has made separate branch for experiments. >> >> >> On Tue, 2011-03-22 at 14:47 -0300, Andres Riancho wrote: >> > I think that before even starting a massive project like this one, we >> > should have a discussion in w3af-develop about technology, objectives, >> > etc. Would you mind starting the discussion? >> > >> > On Mon, Mar 21, 2011 at 1:45 PM, <ox...@users.sourceforge.net> wrote: >> > > Revision: 4087 >> > > http://w3af.svn.sourceforge.net/w3af/?rev=4087&view=rev >> > > Author: oxdef >> > > Date: 2011-03-21 16:45:13 +0000 (Mon, 21 Mar 2011) >> > > >> > > Log Message: >> > > ----------- >> > > Lets think about web UI for w3af >> > > >> > > Added Paths: >> > > ----------- >> > > branches/webui/ >> >> > > -- > Taras > http://oxdef.info > ---- > "Software is like sex: it's better when it's free." - Linus Torvalds > > > > ------------------------------------------------------------------------------ > Fulfilling the Lean Software Promise > Lean software platforms are now widely adopted and the benefits have been > demonstrated beyond question. Learn why your peers are replacing JEE > containers with lightweight application servers - and what you can gain > from the move. http://p.sf.net/sfu/vmware-sfemails > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > ------------------------------------------------------------------------------ Fulfilling the Lean Software Promise Lean software platforms are now widely adopted and the benefits have been demonstrated beyond question. Learn why your peers are replacing JEE containers with lightweight application servers - and what you can gain from the move. http://p.sf.net/sfu/vmware-sfemails _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
