Sorry for the delay....I will be reviewing the materials today and will be
in touch shortly regarding potential solutions in "human terms" for the
http host header attacks.
On Sat, May 11, 2013 at 11:35 AM, Andres Riancho
<andres.rian...@gmail.com>wrote:
> On Sat, May 11, 2013 at 4:59 AM, Achim Hoffmann <webse...@sic-sec.org>
> wrote:
> > Hi Andrés,
> >
> > Am 10.05.2013 23:34, schrieb Andres Riancho:
> >> for mutant in mutants:
> >> mutant.set_mod_value(value1)
> >> response1 = send_mutant(mutant)
> >>
> >> mutant.set_mod_value(value2)
> >> response3 = send_mutant(mutant)
> >>
> >> mutant.set_mod_value(value3)
> >> response3 = send_mutant(mutant)
> >> ```
> >>
> >> Which in human would say... create empty mutants for each parameter,
> >> then, for each mutant set the values, send the requests and save the
> >> responses.
> >
> > if that's the way to do it in w3af, it's ok. I don't see a problem then.
> > I'm a bad -very bad- python programmer, hence will leave that to experts
> ;-)
>
> D M will be doing that, your list will help him understand what to do,
>
> > Anyway, you still have in mind that it's about the Host HTTP header?
>
> Now that you mention it, it is possible that this won't work with the
> Host header.
>
> > Can w3af easily manipulate that header, even in the way you described
> above,
> > and are there no libs/APIs/whatever used, which set their own header?
> > I just remind that, 'cause I know from other languages/frameworks that
> it is
> > very difficult to write code against the standard.
>
> We'll find a different way to do it, not with create_mutants, but
> we'll find a way.
>
> Regards,
>
> >
> > List is comming soon ...
> > Achim
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
