Great :) So lets start right away. Please read the article, and try to identify the different vulnerabilities which are present there. Once you've got that, think about which ones could be automated with w3af and send an email to this thread.
At this point w3af's features and code doesn't matter, you just want to identify the vulnerabilities, and the steps required to identify them in an automated way. Then, we'll try to match that with the w3af framework and we'll worry about coding. With a clear idea of the steps involved, it should be easy to get the code in a couple of hours. No rush to answer any of these emails, take your time. I understand you're doing this on your spare time. I'll try to mentor you the best way possible, it's my first time doing something like this (at least calling it mentor) so let me know if there's something wrong. On Fri, May 10, 2013 at 10:14 AM, D M <vints...@gmail.com> wrote: > Well I'd love to take this on with some help from you, Andres! > > Many thanks > > -Daniel > — > Sent from Mailbox for iPhone > > > On Fri, May 10, 2013 at 9:11 AM, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> Lists, >> >> After reading "Practical HTTP Host header attacks" [0] I thought >> it would be fun to have a plugin that could detect (some) of the >> attacks explained there. >> >> Since I'm focusing on other things over the next weeks, but still >> can spend some hours on w3af, I thought that I could mentor someone to >> write this plugin. So, if you never wrote a plugin, never read w3af's >> source code, etc. and have time to spend doing geeky stuff, answer >> this email and I'll mentor you during the whole process of writing the >> plugin :) >> >> [0] >> http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html >> [1] https://github.com/andresriancho/w3af/issues/314 >> >> Regards, >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and >> their applications. This 200-page book is written by three acclaimed >> leaders in the field. The early access version is available now. >> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
