On Tue, Jun 25, 2013 at 7:06 AM, saleem <asaleemud...@cdac.in> wrote: > Thank u andrews for guiding me . > > i am facing a small problem ,i.e i am unable to generate the XML file from > the browser is there any dependency for that ? > > if i run the same from terminal i am able to generate the XML file , i am > using mozilla browser .
The browser has nothing to do with all this. In any case it's PHP and the way you call w3af from it. > > On Monday 24 June 2013 06:04 PM, Andres Riancho wrote: >> >> Saleem, >> >> On Mon, Jun 24, 2013 at 9:14 AM, saleem <asaleemud...@cdac.in> wrote: >>> >>> Thanku so much for that andrews . >>> >>> now i am able to generate file , but i have having small problem, >>> >>> i am getting this error at the end of the txt file which got generated . >>> >>> [Mon Jun 24 17:19:43 2013 - console] termios error: (25, 'Inappropriate >>> ioctl for device') >> >> Seen this before, but never needed to fix it. I mean... w3af continues >> to work, and you only get it when w3af is run "without a terminal". >> >> How did you fix your original error? >> >>> any solution for this kind of error !! >>> >>> >>> >>> On Monday 24 June 2013 04:58 PM, Andres Riancho wrote: >>>> >>>> On Mon, Jun 24, 2013 at 8:08 AM, saleem <asaleemud...@cdac.in> wrote: >>>>> >>>>> thanks for the response andrews. >>>>> >>>>> >>>>> Why do you suspect of permissions issue? >>>>> >>>>> >>>>> I suspect permission issue because when i run the code as root user in >>>>> the >>>>> terminal it is generating the output file. >>>>> >>>>> if i run the same code in the browser it is not generating the output >>>>> files >>>>> . >>>> >>>> Can be because of other things, like the www-data user not having an >>>> environment variable set, or something like that. >>>> >>>> Try this: >>>> >>>> sudo -s -H >>>> <enter your root password> >>>> su www-data >>>> cd to-python-install >>>> python w3af_console ... >>>> >>>>> Are you trying "su www-data" and then running the exact same command? >>>>> >>>>> >>>>> i have given www-data:www-data permission to my code as well . >>>>> still it is not working. >>>>> >>>>> i will try to explain once again : >>>>> >>>>> i have a w3af script for w3af crawl - >>>>> http-settings >>>>> set timeout 60 >>>>> back >>>>> plugins >>>>> crawl web_spider >>>>> crawl config web_spider >>>>> set only_forward False >>>>> set follow_regex .*http:/localhost.* >>>>> set ignore_regex (?i)(logout|disconnect|signout|exit)+ >>>>> back >>>>> output text_file >>>>> output config text_file >>>>> set output_file >>>>> /var/www/wsafe1/scanreports/crawl_localhost_222222222.txt >>>>> set verbose False >>>>> back >>>>> back >>>>> target >>>>> set target http://localhost:80 >>>>> back >>>>> start >>>>> exit >>>>> >>>>> >>>>> i have called this script in my php code i.e : >>>>> >>>>> <? >>>>> >>>>> $w3af_script="/var/www/wsafe1/crawl_localhost_222222222.w3af"; >>>>> echo "Start of code ::*****"; >>>>> >>>>> if(is_readable($w3af_script)) >>>>> { >>>>> >>>>> echo "\n"."ready to execute the script in the terminal"; >>>>> >>>>> `python /var/www/wsafe1/tools/w3af/w3af_console -s >>>>> $w3af_script`; >>>>> >>>>> } >>>>> >>>>> >>>>> >>>>> >>>>> if(is_readable("/var/www/wsafe1/scanreports/crawl_localhost_222222222.txt")) >>>>> { >>>>> echo "-----OOOOOOOOOOOoutput file got generated "; >>>>> >>>>> } >>>>> else >>>>> echo "-----FFFFailed to generate the outpt file "; >>>>> >>>>> >>>>> ?> >>>>> >>>>> >>>>> >>>>> now problem is , i am not getting the file generated if i run the code >>>>> from >>>>> the browser or by normal user. >>>>> >>>>> root user is able to generate the files using the same code . >>>>> >>>>> >>>>> please help me out !!!!! >>>>> >>>>> >>>>> >>>>> >>>>> On Monday 24 June 2013 04:14 PM, Andres Riancho wrote: >>>>>> >>>>>> Saleem, >>>>>> >>>>>> On Mon, Jun 24, 2013 at 1:11 AM, saleem <asaleemud...@cdac.in> wrote: >>>>>>> >>>>>>> ok thanku for responding andres . >>>>>>> >>>>>>> fine i will tell u in detail what i have done . >>>>>>> >>>>>>> Earlier i had older version of w3af(r4473) in which my script was >>>>>>> working >>>>>>> fine >>>>>>> currently i am using >>>>>>> w3af - Web Application Attack and Audit Framework >>>>>>> Version: 1.5 >>>>>>> Revision: 790bb82add >>>>>> >>>>>> First of all, it was a great idea to update. >>>>>> >>>>>>> w3af script i have written (attachment) : >>>>>>> screenshot 1 >>>>>>> PHP script i have written was (attachment): >>>>>>> screenshot 2 >>>>>> >>>>>> I wouldn't run w3af in the request/response process. I'm unsure about >>>>>> how to do it for PHP, but in python there is Celery which allows you >>>>>> to queue work, process results, etc. >>>>>> >>>>>>> now i have given permission to that php script as well as w3af , >>>>>>> using >>>>>>> chmod command i have given 777 permissions. >>>>>> >>>>>> Why do you suspect of permissions issue? >>>>>> >>>>>>> problem is when i am executing it in terminal i am getting the output >>>>>>> , >>>>>>> if >>>>>>> the same i am executing in the browser i am not getting the output >>>>>>> i.e >>>>>>> output files are not getting generated . >>>>>> >>>>>> Are you trying "su www-data" and then running the exact same command? >>>>>> >>>>>>> please help me out and sorry for my english. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Monday 24 June 2013 12:35 AM, Andres Riancho wrote: >>>>>>>> >>>>>>>> Saleem, >>>>>>>> >>>>>>>> On Fri, Jun 21, 2013 at 12:31 PM, saleem <asaleemud...@cdac.in> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi all , >>>>>>>>> >>>>>>>>> I have written a script which uses w3af script in the background, >>>>>>>>> and >>>>>>>>> trying >>>>>>>>> to execute that script through browser , but i am not getting any >>>>>>>>> output >>>>>>>>> if >>>>>>>>> i do the same in the terminal i am getting the output . >>>>>>>>> >>>>>>>>> please help me out !!! >>>>>>>> >>>>>>>> It's almost impossible to answer this question without more detail. >>>>>>>> Also, why do you think this is a w3af problem and not just you >>>>>>>> setting >>>>>>>> incorrect permissions to the filesystem files? More than glad to >>>>>>>> help >>>>>>>> if you send details, >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>>> Thanks & Regards , >>>>>>>>> saleem >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------------------------------------------------------- >>>>>>>>> >>>>>>>>> This e-mail is for the sole use of the intended recipient(s) and >>>>>>>>> may >>>>>>>>> contain confidential and privileged information. If you are not the >>>>>>>>> intended recipient, please contact the sender by reply e-mail and >>>>>>>>> destroy >>>>>>>>> all copies and the original message. Any unauthorized review, use, >>>>>>>>> disclosure, dissemination, forwarding, printing or copying of this >>>>>>>>> email >>>>>>>>> is strictly prohibited and appropriate legal action will be taken. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------------------------------------------------------- >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>> This SF.net email is sponsored by Windows: >>>>>>>>> >>>>>>>>> Build for Windows Store. >>>>>>>>> >>>>>>>>> http://p.sf.net/sfu/windows-dev2dev >>>>>>>>> _______________________________________________ >>>>>>>>> W3af-develop mailing list >>>>>>>>> W3af-develop@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Andrés Riancho >>>>>>>> Project Leader at w3af - http://w3af.org/ >>>>>>>> Web Application Attack and Audit Framework >>>>>>>> Twitter: @w3af >>>>>>>> GPG: 0x93C344F3 >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------------------------------------------------------- >>>>>>> >>>>>>> This e-mail is for the sole use of the intended recipient(s) and may >>>>>>> contain confidential and privileged information. If you are not the >>>>>>> intended recipient, please contact the sender by reply e-mail and >>>>>>> destroy >>>>>>> all copies and the original message. Any unauthorized review, use, >>>>>>> disclosure, dissemination, forwarding, printing or copying of this >>>>>>> email >>>>>>> is strictly prohibited and appropriate legal action will be taken. >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------------------------------------------------------- >>>>>>> >>>>>> -- >>>>>> Andrés Riancho >>>>>> Project Leader at w3af - http://w3af.org/ >>>>>> Web Application Attack and Audit Framework >>>>>> Twitter: @w3af >>>>>> GPG: 0x93C344F3 >>>>>> >>>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------------------------------------------------------- >>>>> >>>>> This e-mail is for the sole use of the intended recipient(s) and may >>>>> contain confidential and privileged information. If you are not the >>>>> intended recipient, please contact the sender by reply e-mail and >>>>> destroy >>>>> all copies and the original message. Any unauthorized review, use, >>>>> disclosure, dissemination, forwarding, printing or copying of this >>>>> email >>>>> is strictly prohibited and appropriate legal action will be taken. >>>>> >>>>> >>>>> ------------------------------------------------------------------------------------------------------------------------------- >>>>> >>>> >>>> -- >>>> Andrés Riancho >>>> Project Leader at w3af - http://w3af.org/ >>>> Web Application Attack and Audit Framework >>>> Twitter: @w3af >>>> GPG: 0x93C344F3 >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------------------------------------------------------- >>> >>> This e-mail is for the sole use of the intended recipient(s) and may >>> contain confidential and privileged information. If you are not the >>> intended recipient, please contact the sender by reply e-mail and destroy >>> all copies and the original message. Any unauthorized review, use, >>> disclosure, dissemination, forwarding, printing or copying of this email >>> is strictly prohibited and appropriate legal action will be taken. >>> >>> ------------------------------------------------------------------------------------------------------------------------------- >>> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> > > > ------------------------------------------------------------------------------------------------------------------------------- > > This e-mail is for the sole use of the intended recipient(s) and may > contain confidential and privileged information. If you are not the > intended recipient, please contact the sender by reply e-mail and destroy > all copies and the original message. Any unauthorized review, use, > disclosure, dissemination, forwarding, printing or copying of this email > is strictly prohibited and appropriate legal action will be taken. > ------------------------------------------------------------------------------------------------------------------------------- > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
