On Sat, May 11, 2013 at 4:59 AM, Achim Hoffmann <webse...@sic-sec.org> wrote: > Hi Andrés, > > Am 10.05.2013 23:34, schrieb Andres Riancho: >> for mutant in mutants: >> mutant.set_mod_value(value1) >> response1 = send_mutant(mutant) >> >> mutant.set_mod_value(value2) >> response3 = send_mutant(mutant) >> >> mutant.set_mod_value(value3) >> response3 = send_mutant(mutant) >> ``` >> >> Which in human would say... create empty mutants for each parameter, >> then, for each mutant set the values, send the requests and save the >> responses. > > if that's the way to do it in w3af, it's ok. I don't see a problem then. > I'm a bad -very bad- python programmer, hence will leave that to experts ;-)
D M will be doing that, your list will help him understand what to do, > Anyway, you still have in mind that it's about the Host HTTP header? Now that you mention it, it is possible that this won't work with the Host header. > Can w3af easily manipulate that header, even in the way you described above, > and are there no libs/APIs/whatever used, which set their own header? > I just remind that, 'cause I know from other languages/frameworks that it is > very difficult to write code against the standard. We'll find a different way to do it, not with create_mutants, but we'll find a way. Regards, > > List is comming soon ... > Achim -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
