Taras,
After many months of ignoring this plugin, I finally unittested it
[0] and completed the coding [1][2]. Given that it was your original
work, I figured out you wanted to review the final version, since it
has some changes (removed one of the checks for example).
The code has many comments with potential improvements which are
going to be done (at some point) via this github issue [3].
If you've got some minutes, test it and let me know if the
algorithm yields many false positives/negatives.
[0]
https://github.com/andresriancho/w3af/blob/threading2/plugins/tests/audit/test_csrf.py
[1] https://github.com/andresriancho/w3af/blob/threading2/plugins/audit/csrf.py
[2] https://github.com/andresriancho/w3af/issues/43
[3] https://github.com/andresriancho/w3af/issues/120
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
