[W3af-develop] Packaging w3af

jweberhofer Sun, 28 Apr 2013 05:00:45 -0700

Dear all!

After some pause, I'm working on RPM packages of the current master 
branch, which looks very promising. Still I have two issues:


1) On startup, I always see the warning "WARNING: Failed to execute 
tcpdump. Check it is installed and in the PATH"; that doesn't stop the 
execution, but it should be possibly rewritten to something like that: 
"INFO: tcpdump is not installed or you don't have enough permission to 
run. Try to run as root in case you need tcpdump's features".

2) The second problem causes a regular user to not be able to run w3af 
in case he does not own the installation directory. The only appearing 
message is: "Error while reading plugin options: "Invalid file option 
value "output-w3af.csv", the user doesn't have enough permissions to 
write to the specified directory."

Strace shows the following lines:

-------------
open("/usr/share/w3af/plugins/output/itertools.pyc", O_RDONLY) = -1 
ENOENT (No such file or directory)
close(3)                                = 0
getcwd("/usr/share/w3af", 1024)         = 16
stat("/usr/share/w3af", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
access("/usr/share/w3af", W_OK)         = -1 EACCES (Permission denied)
futex(0x7f11480012e0, FUTEX_WAKE_PRIVATE, 1) = 1
-------------

In case the user is the owner of /usr/share/s3af, the strace continues 
with:
-------------
open("/usr/share/w3af/plugins/bruteforce/itertools.pyc", O_RDONLY) = -1 
ENOENT (No such file or directo
ry)
close(3)                                = 0
getcwd("/usr/share/w3af", 1024)         = 16
stat("/usr/share/w3af/core/controllers/bruteforce", 
{st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
access("/usr/share/w3af/core/controllers/bruteforce", R_OK) = 0
-------------

I hope, that can help you improve w3af, so that it can pacakged for 
installation on opensuse and fedora...

Best regards,
Johannes


------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

[W3af-develop] Packaging w3af

Reply via email to