Andres,
> Just applied some changes to the plugin while reviewing it (see
> SVN server)
Thanks!
> and also:
>
> * v.setName('Invalid SSL connection') , should be an info()
> * Not 100% about this one, but v.setName('Invalid SSL certificate')
> also seems to be an info()
I'm not sure that I correctly understand you again here.
> * Try to make the descriptions for the info/vuln objects more
> "complete" such as:
> - desc = 'The target host "%s" has SSL version 2 enabled which is
> known to be insecure.'
Ok.
>
> Also, if possible please create a unittest that lives in
> plugins/tests/audit/test_sslCertificate.py and runs against either
> moth or some other target.
Here can be problems because of nature of the plugin.
We need to run https web target with invlid certificates, specific
settings and so on.
>
> Regards,
>
> On Wed, Jun 6, 2012 at 8:58 AM, Taras<ox...@oxdef.info> wrote:
>> Andres,
>>
>> I just have committed beta version of sslCertificate [0]:
>> * ca.pem moved to plugins/audit/sslCertificate/
>> * added correct check for SSLv2
>> * dump cert
>>
>> What we have in final...we've lost:
>>
>> * some useful information inside dump_x509 (digests, serial number, keys)
>>
>> What we have got:
>>
>> * minus one dependency (I remember about proxy.py)
>> * subjectAltNames support for hostname check
>> * full certificate validation with CA file - w3af now behaviors like web
>> browser here (also removed our unnecessary code)
>> * correct SSLv2 check
>> * soon expire feature
>>
>> [0]
>> http://w3af.svn.sourceforge.net/viewvc/w3af/branches/ssl/plugins/audit/sslCertificate.py?revision=5048&view=markup
>>
>> --
>> Taras
>> http://oxdef.info
>
>
>
--
Taras
http://oxdef.info
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
