Nothing special. The directory /var/www/scanreports/ needs to be
writable by the www-data user.
On Tue, Jun 25, 2013 at 8:56 AM, saleem <asaleemud...@cdac.in> wrote:
> as i have written earlier , same code i am using but this time i am trying
> to generate the XML output file .
>
> this is my w3af script :
>
> http-settings
> set timeout 60
> back
> plugins
> crawl web_spider
> crawl config web_spider
> set only_forward False
> set follow_regex .*
> set ignore_regex (?i)(logout|disconnect|signout|exit)+
> back
> audit blind_sqli
> back
> output xml_file
> output config xml_file
> set output_file /var/www/scanreports/w3af_10.242.92.6_25062013_165727.xml
> back
> back
> target
> set target <url>
> back
> start
> exit
>
>
> and this is my php script :
> <?
>
> $w3af_script="22222.w3af";
>
> echo "Start of code ::*****";
>
> if(is_readable($w3af_script))
> {
>
> echo "\n"."ready to execute the script in the terminal";
>
> `python w3af_console -s $w3af_script`;
>
> }
>
>
> if(is_readable("w3af_10.242.92.6_25062013_162721.xml"))
>
> {
> echo "-----OOOOOOOOOOOoutput file got generated ";
>
> }
> else
> echo "-----FFFFailed to generate the outpt file ";
>
>
> ?>
>
>
> so when i run this as root user it is generating the xml file and if same i
> run as www-data user i am unable to get the output xml file .
>
> please guide me in setting right permissions so that i can get XML as output
> file .
>
>
>
>
>
>
>
> On Tuesday 25 June 2013 05:07 PM, Andres Riancho wrote:
>>
>> On Tue, Jun 25, 2013 at 7:06 AM, saleem <asaleemud...@cdac.in> wrote:
>>>
>>> Thank u andrews for guiding me .
>>>
>>> i am facing a small problem ,i.e i am unable to generate the XML file
>>> from
>>> the browser is there any dependency for that ?
>>>
>>> if i run the same from terminal i am able to generate the XML file , i
>>> am
>>> using mozilla browser .
>>
>> The browser has nothing to do with all this. In any case it's PHP and
>> the way you call w3af from it.
>>
>>> On Monday 24 June 2013 06:04 PM, Andres Riancho wrote:
>>>>
>>>> Saleem,
>>>>
>>>> On Mon, Jun 24, 2013 at 9:14 AM, saleem <asaleemud...@cdac.in> wrote:
>>>>>
>>>>> Thanku so much for that andrews .
>>>>>
>>>>> now i am able to generate file , but i have having small problem,
>>>>>
>>>>> i am getting this error at the end of the txt file which got generated
>>>>> .
>>>>>
>>>>> [Mon Jun 24 17:19:43 2013 - console] termios error: (25, 'Inappropriate
>>>>> ioctl for device')
>>>>
>>>> Seen this before, but never needed to fix it. I mean... w3af continues
>>>> to work, and you only get it when w3af is run "without a terminal".
>>>>
>>>> How did you fix your original error?
>>>>
>>>>> any solution for this kind of error !!
>>>>>
>>>>>
>>>>>
>>>>> On Monday 24 June 2013 04:58 PM, Andres Riancho wrote:
>>>>>>
>>>>>> On Mon, Jun 24, 2013 at 8:08 AM, saleem <asaleemud...@cdac.in> wrote:
>>>>>>>
>>>>>>> thanks for the response andrews.
>>>>>>>
>>>>>>>
>>>>>>> Why do you suspect of permissions issue?
>>>>>>>
>>>>>>>
>>>>>>> I suspect permission issue because when i run the code as root user
>>>>>>> in
>>>>>>> the
>>>>>>> terminal it is generating the output file.
>>>>>>>
>>>>>>> if i run the same code in the browser it is not generating the output
>>>>>>> files
>>>>>>> .
>>>>>>
>>>>>> Can be because of other things, like the www-data user not having an
>>>>>> environment variable set, or something like that.
>>>>>>
>>>>>> Try this:
>>>>>>
>>>>>> sudo -s -H
>>>>>> <enter your root password>
>>>>>> su www-data
>>>>>> cd to-python-install
>>>>>> python w3af_console ...
>>>>>>
>>>>>>> Are you trying "su www-data" and then running the exact same command?
>>>>>>>
>>>>>>>
>>>>>>> i have given www-data:www-data permission to my code as well .
>>>>>>> still it is not working.
>>>>>>>
>>>>>>> i will try to explain once again :
>>>>>>>
>>>>>>> i have a w3af script for w3af crawl -
>>>>>>> http-settings
>>>>>>> set timeout 60
>>>>>>> back
>>>>>>> plugins
>>>>>>> crawl web_spider
>>>>>>> crawl config web_spider
>>>>>>> set only_forward False
>>>>>>> set follow_regex .*http:/localhost.*
>>>>>>> set ignore_regex (?i)(logout|disconnect|signout|exit)+
>>>>>>> back
>>>>>>> output text_file
>>>>>>> output config text_file
>>>>>>> set output_file
>>>>>>> /var/www/wsafe1/scanreports/crawl_localhost_222222222.txt
>>>>>>> set verbose False
>>>>>>> back
>>>>>>> back
>>>>>>> target
>>>>>>> set target http://localhost:80
>>>>>>> back
>>>>>>> start
>>>>>>> exit
>>>>>>>
>>>>>>>
>>>>>>> i have called this script in my php code i.e :
>>>>>>>
>>>>>>> <?
>>>>>>>
>>>>>>> $w3af_script="/var/www/wsafe1/crawl_localhost_222222222.w3af";
>>>>>>> echo "Start of code ::*****";
>>>>>>>
>>>>>>> if(is_readable($w3af_script))
>>>>>>> {
>>>>>>>
>>>>>>> echo "\n"."ready to execute the script in the terminal";
>>>>>>>
>>>>>>> `python /var/www/wsafe1/tools/w3af/w3af_console -s
>>>>>>> $w3af_script`;
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> if(is_readable("/var/www/wsafe1/scanreports/crawl_localhost_222222222.txt"))
>>>>>>> {
>>>>>>> echo "-----OOOOOOOOOOOoutput file got generated ";
>>>>>>>
>>>>>>> }
>>>>>>> else
>>>>>>> echo "-----FFFFailed to generate the outpt file ";
>>>>>>>
>>>>>>>
>>>>>>> ?>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> now problem is , i am not getting the file generated if i run the
>>>>>>> code
>>>>>>> from
>>>>>>> the browser or by normal user.
>>>>>>>
>>>>>>> root user is able to generate the files using the same code .
>>>>>>>
>>>>>>>
>>>>>>> please help me out !!!!!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Monday 24 June 2013 04:14 PM, Andres Riancho wrote:
>>>>>>>>
>>>>>>>> Saleem,
>>>>>>>>
>>>>>>>> On Mon, Jun 24, 2013 at 1:11 AM, saleem <asaleemud...@cdac.in>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> ok thanku for responding andres .
>>>>>>>>>
>>>>>>>>> fine i will tell u in detail what i have done .
>>>>>>>>>
>>>>>>>>> Earlier i had older version of w3af(r4473) in which my script was
>>>>>>>>> working
>>>>>>>>> fine
>>>>>>>>> currently i am using
>>>>>>>>> w3af - Web Application Attack and Audit Framework
>>>>>>>>> Version: 1.5
>>>>>>>>> Revision: 790bb82add
>>>>>>>>
>>>>>>>> First of all, it was a great idea to update.
>>>>>>>>
>>>>>>>>> w3af script i have written (attachment) :
>>>>>>>>> screenshot 1
>>>>>>>>> PHP script i have written was (attachment):
>>>>>>>>> screenshot 2
>>>>>>>>
>>>>>>>> I wouldn't run w3af in the request/response process. I'm unsure
>>>>>>>> about
>>>>>>>> how to do it for PHP, but in python there is Celery which allows you
>>>>>>>> to queue work, process results, etc.
>>>>>>>>
>>>>>>>>> now i have given permission to that php script as well as w3af ,
>>>>>>>>> using
>>>>>>>>> chmod command i have given 777 permissions.
>>>>>>>>
>>>>>>>> Why do you suspect of permissions issue?
>>>>>>>>
>>>>>>>>> problem is when i am executing it in terminal i am getting the
>>>>>>>>> output
>>>>>>>>> ,
>>>>>>>>> if
>>>>>>>>> the same i am executing in the browser i am not getting the output
>>>>>>>>> i.e
>>>>>>>>> output files are not getting generated .
>>>>>>>>
>>>>>>>> Are you trying "su www-data" and then running the exact same
>>>>>>>> command?
>>>>>>>>
>>>>>>>>> please help me out and sorry for my english.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Monday 24 June 2013 12:35 AM, Andres Riancho wrote:
>>>>>>>>>>
>>>>>>>>>> Saleem,
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 21, 2013 at 12:31 PM, saleem <asaleemud...@cdac.in>
>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi all ,
>>>>>>>>>>>
>>>>>>>>>>> I have written a script which uses w3af script in the background,
>>>>>>>>>>> and
>>>>>>>>>>> trying
>>>>>>>>>>> to execute that script through browser , but i am not getting any
>>>>>>>>>>> output
>>>>>>>>>>> if
>>>>>>>>>>> i do the same in the terminal i am getting the output .
>>>>>>>>>>>
>>>>>>>>>>> please help me out !!!
>>>>>>>>>>
>>>>>>>>>> It's almost impossible to answer this question without more
>>>>>>>>>> detail.
>>>>>>>>>> Also, why do you think this is a w3af problem and not just you
>>>>>>>>>> setting
>>>>>>>>>> incorrect permissions to the filesystem files? More than glad to
>>>>>>>>>> help
>>>>>>>>>> if you send details,
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>>
>>>>>>>>>>> Thanks & Regards ,
>>>>>>>>>>> saleem
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> This e-mail is for the sole use of the intended recipient(s) and
>>>>>>>>>>> may
>>>>>>>>>>> contain confidential and privileged information. If you are not
>>>>>>>>>>> the
>>>>>>>>>>> intended recipient, please contact the sender by reply e-mail and
>>>>>>>>>>> destroy
>>>>>>>>>>> all copies and the original message. Any unauthorized review,
>>>>>>>>>>> use,
>>>>>>>>>>> disclosure, dissemination, forwarding, printing or copying of
>>>>>>>>>>> this
>>>>>>>>>>> email
>>>>>>>>>>> is strictly prohibited and appropriate legal action will be
>>>>>>>>>>> taken.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>> This SF.net email is sponsored by Windows:
>>>>>>>>>>>
>>>>>>>>>>> Build for Windows Store.
>>>>>>>>>>>
>>>>>>>>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> W3af-develop mailing list
>>>>>>>>>>> W3af-develop@lists.sourceforge.net
>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Andrés Riancho
>>>>>>>>>> Project Leader at w3af - http://w3af.org/
>>>>>>>>>> Web Application Attack and Audit Framework
>>>>>>>>>> Twitter: @w3af
>>>>>>>>>> GPG: 0x93C344F3
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> This e-mail is for the sole use of the intended recipient(s) and
>>>>>>>>> may
>>>>>>>>> contain confidential and privileged information. If you are not the
>>>>>>>>> intended recipient, please contact the sender by reply e-mail and
>>>>>>>>> destroy
>>>>>>>>> all copies and the original message. Any unauthorized review, use,
>>>>>>>>> disclosure, dissemination, forwarding, printing or copying of this
>>>>>>>>> email
>>>>>>>>> is strictly prohibited and appropriate legal action will be taken.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>> --
>>>>>>>> Andrés Riancho
>>>>>>>> Project Leader at w3af - http://w3af.org/
>>>>>>>> Web Application Attack and Audit Framework
>>>>>>>> Twitter: @w3af
>>>>>>>> GPG: 0x93C344F3
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>
>>>>>>> This e-mail is for the sole use of the intended recipient(s) and may
>>>>>>> contain confidential and privileged information. If you are not the
>>>>>>> intended recipient, please contact the sender by reply e-mail and
>>>>>>> destroy
>>>>>>> all copies and the original message. Any unauthorized review, use,
>>>>>>> disclosure, dissemination, forwarding, printing or copying of this
>>>>>>> email
>>>>>>> is strictly prohibited and appropriate legal action will be taken.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>
>>>>>> --
>>>>>> Andrés Riancho
>>>>>> Project Leader at w3af - http://w3af.org/
>>>>>> Web Application Attack and Audit Framework
>>>>>> Twitter: @w3af
>>>>>> GPG: 0x93C344F3
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> This e-mail is for the sole use of the intended recipient(s) and may
>>>>> contain confidential and privileged information. If you are not the
>>>>> intended recipient, please contact the sender by reply e-mail and
>>>>> destroy
>>>>> all copies and the original message. Any unauthorized review, use,
>>>>> disclosure, dissemination, forwarding, printing or copying of this
>>>>> email
>>>>> is strictly prohibited and appropriate legal action will be taken.
>>>>>
>>>>>
>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>
>>>> --
>>>> Andrés Riancho
>>>> Project Leader at w3af - http://w3af.org/
>>>> Web Application Attack and Audit Framework
>>>> Twitter: @w3af
>>>> GPG: 0x93C344F3
>>>>
>>>>
>>>
>>>
>>> -------------------------------------------------------------------------------------------------------------------------------
>>>
>>> This e-mail is for the sole use of the intended recipient(s) and may
>>> contain confidential and privileged information. If you are not the
>>> intended recipient, please contact the sender by reply e-mail and destroy
>>> all copies and the original message. Any unauthorized review, use,
>>> disclosure, dissemination, forwarding, printing or copying of this email
>>> is strictly prohibited and appropriate legal action will be taken.
>>>
>>> -------------------------------------------------------------------------------------------------------------------------------
>>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>>
>>
>
>
> -------------------------------------------------------------------------------------------------------------------------------
>
> This e-mail is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender by reply e-mail and destroy
> all copies and the original message. Any unauthorized review, use,
> disclosure, dissemination, forwarding, printing or copying of this email
> is strictly prohibited and appropriate legal action will be taken.
> -------------------------------------------------------------------------------------------------------------------------------
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
