Andres, it is interesting thing that after I uncomment this code I got:
Before filtering... 146 After filtering... 37 More then 50% of requests were filtered! And scan was faster!:) About proper place for filtering. Imho, there are 2 place (with option like 'filterFuzzableRequests') for it: 1. in core in mentioned place as calling w3afCore._filterFRequests() 2. in base discovery plugin as method like 'baseDiscoveryPlugin.addToResult' + calling from w3afCore someDiscoveryPlugin.getResult().The point is filtering should not be only in webSpider but in all discovery plugins depended of filterFuzzableRequests option and they should return to the core already filtered result. 15.02.2012 17:20, Andres Riancho пишет: > Taras, > > On Wed, Feb 15, 2012 at 10:05 AM, Taras<ox...@oxdef.info> wrote: >> Hi, all! >> >> There is code in w3afCore._realStart() [0] to filter such requests as: >> - http://host.tld/?id=3739286 >> - http://host.tld/?id=3739285 >> >> The question is why this code is commented out in the trunk? > > According to [0] it looks like it is an incomplete work on my > side. The webSpider plugin is doing some work on identifying variants > (which works well by the way) but that is not being done in the core. > I think it's not something we need to worry too much about at this > point, but that could change if you've found bugs and issues with it > :) Also, we should think twice before changing anything in the core, > it might break many things! > > [0] https://sourceforge.net/apps/trac/w3af/changeset/3388 > >> [0] >> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/core/controllers/w3afCore.py?view=markup >> >> -- >> Taras >> http://oxdef.info >> >> ------------------------------------------------------------------------------ >> Virtualization& Cloud Management Using Capacity Planning >> Cloud computing makes use of virtualization - but cloud computing >> also focuses on allowing computing to be delivered as a service. >> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop > > > -- Taras http://oxdef.info ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
