[W3af-develop] New error handling - Sneak peek

[Andres Riancho]

List,

    Just wanted to show you the progress I'm making with the new error
handling method in w3af :) Please see the following console UI dump
and note that before w3af simply crashed on the first "An exception
was found while..." , now we /gracefully handle those exceptions/ and
continue. Let me know what you think! Code can be downloaded from the
error_handling branch.

andres@foobar:~/workspace/error_handling$ ./w3af_console -s
scripts/script-web_spider.w3af
w3af is officially supported under Python 2.6
w3af>>> plugins
w3af/plugins>>> output console,textFile
w3af/plugins>>> output config textFile
w3af/plugins/output/config:textFile>>> set fileName output-w3af.txt
w3af/plugins/output/config:textFile>>> set verbose True
w3af/plugins/output/config:textFile>>> back
w3af/plugins>>> output config console
w3af/plugins/output/config:console>>> set verbose False
w3af/plugins/output/config:console>>> back
w3af/plugins>>> discovery webSpider
w3af/plugins>>> discovery config webSpider
w3af/plugins/discovery/config:webSpider>>> set onlyForward True
w3af/plugins/discovery/config:webSpider>>> back
w3af/plugins>>> back
w3af>>> target
w3af/config:target>>> set target
http://moth/w3af/discovery/web_spider/follow_links/1.html
w3af/config:target>>> back
w3af>>> start
Auto-enabling plugin: grep.httpAuthDetect
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/2.html
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/a b.html
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/a.gif
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/d f/index.html
An exception was found while running discovery.webSpider on
"http://domain/w3af/discovery/web_spider/follow_links/a b.html |
Method: GET". The exception was: "Test" at webSpider.py:420. The scan
will continue but some vulnerabilities might not be identified.
An exception was found while running discovery.webSpider on
"http://domain/w3af/discovery/web_spider/follow_links/a.gif | Method:
GET". The exception was: "Test" at webSpider.py:420. The scan will
continue but some vulnerabilities might not be identified.
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/3.html
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/4.html
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/d f/
New URL found by webSpider plugin:
http://moth/w3af/discovery/web_spider/follow_links/1.html
An exception was found while running discovery.webSpider on
"http://domain/path/foo | Method: GET". The exception was: "Test" at
webSpider.py:420. The scan will continue but some vulnerabilities
might not be identified.
The following is a list of broken links that were found by the webSpider plugin:
- http://moth/w3af/discovery/web_spider/follow_links/11.html [
referenced from:
http://moth/w3af/discovery/web_spider/follow_links/3.html ]
- http://moth/w3af/discovery/web_spider/follow_links/7.html [
referenced from:
http://moth/w3af/discovery/web_spider/follow_links/4.html ]
- http://moth/w3af/discovery/web_spider/follow_links/9.html [
referenced from:
http://moth/w3af/discovery/web_spider/follow_links/4.html ]
Found 9 URLs and 9 different points of injection.
The list of URLs is:
- http://moth/w3af/discovery/web_spider/follow_links/
- http://moth/w3af/discovery/web_spider/follow_links/a b.html
- http://moth/w3af/discovery/web_spider/follow_links/d f/index.html
- http://moth/w3af/discovery/web_spider/follow_links/1.html
- http://moth/w3af/discovery/web_spider/follow_links/2.html
- http://moth/w3af/discovery/web_spider/follow_links/a.gif
- http://moth/w3af/discovery/web_spider/follow_links/4.html
- http://moth/w3af/discovery/web_spider/follow_links/3.html
- http://moth/w3af/discovery/web_spider/follow_links/d f/
The list of fuzzable requests is:
- http://moth/w3af/discovery/web_spider/follow_links/ | Method: GET
- http://moth/w3af/discovery/web_spider/follow_links/1.html | Method: GET
- http://moth/w3af/discovery/web_spider/follow_links/2.html | Method: GET
- http://moth/w3af/discovery/web_spider/follow_links/3.html | Method: GET
- http://moth/w3af/discovery/web_spider/follow_links/4.html | Method: GET
- http://moth/w3af/discovery/web_spider/follow_links/a b.html | Method: GET
- http://moth/w3af/discovery/web_spider/follow_links/a.gif | Method: GET
- http://moth/w3af/discovery/web_spider/follow_links/d f/ | Method: GET
- http://moth/w3af/discovery/web_spider/follow_links/d f/index.html |
Method: GET
Scan finished in 0 seconds.
w3af>>> bug-report
w3af/bug-report>>> summary
During the current scan (with id: 3b83b2d3fb) w3af caught 3 exceptions
in it's plugins. The scan was able to continue by ignoring those
failures but the scan result is most likely incomplete.

These are the phases and plugins that raised exceptions:
- discovery.webSpider
- discovery.webSpider
- discovery.webSpider

We recommend you report these vulnerabilities to the developers in
order to help increase the project's stability.
w3af/bug-report>>> list
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ID         | Phase                                            |
Plugin                                           | Exception
                             |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0          | discovery                                        |
webSpider                                        | Test
                             |
| 1          | discovery                                        |
webSpider                                        | Test
                             |
| 2          | discovery                                        |
webSpider                                        | Test
                             |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
w3af/bug-report>>> details 0
An exception was found while running discovery.webSpider on
"http://domain/w3af/discovery/web_spider/follow_links/a b.html |
Method: GET". The exception was: "Test" at webSpider.py:420.The full
traceback is:
  File 
"/home/user/workspace/error_handling/core/controllers/coreHelpers/strategy.py",
line 420, in _discover_worker
    plugin_result = plugin.discover_wrapper(fr)
  File 
"/home/user/workspace/error_handling/core/controllers/basePlugin/baseDiscoveryPlugin.py",
line 48, in discover_wrapper
    return self.discover( fuzzable_request_copy )
  File "/home/user/workspace/error_handling/plugins/discovery/webSpider.py",
line 84, in discover
    raise Exception('Test')

w3af/bug-report>>> report
    [1/3] Bug with id 0 reported at
http://sourceforge.net/apps/trac/w3af/ticket/172301
    [2/3] Bug with id 1 reported at
http://sourceforge.net/apps/trac/w3af/ticket/172302
    [3/3] Bug with id 2 reported at
http://sourceforge.net/apps/trac/w3af/ticket/172303
w3af/bug-report>>>


Regards,
-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop