Re: [W3af-develop] Single or shared discovery plugin's fuzzable requests storage

Wed, 11 Apr 2012 00:54:53 -0700 

Andres,


     If the framework IS working like this, I think that the shared
fuzzable request list wouldn't do much good. If it is not working like
this (and I would love to get an output log to show it), it seems that
we have a lot of work ahead of us.


And w3afCore need to filter requests from discovery plugins on every loop in
_discover_and_bruteforce(), am I right?


It should filter things as they come out of the plugin and before
adding them to the fuzzable request list,

Agree, but as I see in w3afCore.py there is no filtering in it.

I just have added it [0]. It shows good results on the test suite (see 
attachment).


Without filtering:
  Found 2 URLs and 87 different points of injection.
  ...
  Scan finished in 3 minutes 30 seconds.

With filtering:
  Found 2 URLs and 3 different points of injection.
  ...
  Scan finished in 11 seconds.



Please let me know if the discovery process is NOT working as we
expect and if we have to filter stuff somewhere

See above.

[0] https://sourceforge.net/apps/trac/w3af/changeset/4861
--
Taras
http://oxdef.info



Attachment:
spider_www.tar.gz

Description: application/gzip


[profile]
description = Pentest
name = Pentest

[target]
target = http://localhost/spider/

[output.console]
verbose = False

[output.textFile]
verbose = False
fileName = output.txt
httpFileName = output-http.txt

[misc-settings]
fuzzCookie = False
fuzzFileContent = false
fuzzFileName = False
fuzzFCExt = txt
fuzzableHeaders = 
autoDependencies = True
maxDiscoveryTime = 1
maxThreads = 0
interface = lo
localAddress = 127.0.0.1
demo = False
nonTargets = 
exportFuzzableRequests = 
fuzzFormComboValues = t
msf_location = /opt/metasploit3/bin/
fuzzURLParts = True

[http-settings]
timeout = 3
headersFile = 
basicAuthUser = 
basicAuthPass = 
basicAuthDomain = 
ntlmAuthUser = 
ntlmAuthPass = 
ntlmAuthURL = 
cookieJarFile = 
ignoreSessCookies = False
proxyPort = 8080
proxyAddress = 
userAgent = Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
maxFileSize = 400000
maxRetrys = 1
always404 = 
never404 = 
404string = 
urlParameter = 

[audit.xss]
[audit.osCommanding]
[audit.sqli]
[audit.globalRedirect]
[audit.responseSplitting]

[discovery.webSpider]
onlyForward = True
followRegex = .*
ignoreRegex = 

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop






















					Reply via email to