Interesting, you guys let me know how that investigation goes and if I
need to fix something on the w3af project.
On Tue, Jun 25, 2013 at 10:28 AM, Laurent Guyon
<laurent.gu...@algosecure.fr> wrote:
> Hi,
>
> Same problem here : W3af is called inside a Python daemon (so in a
> non-interactive way too).
>
> W3af runs fine, but never creates the XML output file.
> I get too the "Inappropriate ioctl for device" error btw.
> Using the git version.
>
> Missing environment variables ? Problem with the XML library used ? or the
> way the XML output file is created ?
>
> Investigating...
>
>
>
> 2013/6/25 saleem <asaleemud...@cdac.in>
>>
>> i have given all permissions to that folder , still i am not able to
>> generate the file .
>>
>> On Tuesday 25 June 2013 05:30 PM, Andres Riancho wrote:
>> > Nothing special. The directory /var/www/scanreports/ needs to be
>> > writable by the www-data user.
>> >
>> > On Tue, Jun 25, 2013 at 8:56 AM, saleem <asaleemud...@cdac.in> wrote:
>> >> as i have written earlier , same code i am using but this time i am
>> >> trying
>> >> to generate the XML output file .
>> >>
>> >> this is my w3af script :
>> >>
>> >> http-settings
>> >> set timeout 60
>> >> back
>> >> plugins
>> >> crawl web_spider
>> >> crawl config web_spider
>> >> set only_forward False
>> >> set follow_regex .*
>> >> set ignore_regex (?i)(logout|disconnect|signout|exit)+
>> >> back
>> >> audit blind_sqli
>> >> back
>> >> output xml_file
>> >> output config xml_file
>> >> set output_file
>> >> /var/www/scanreports/w3af_10.242.92.6_25062013_165727.xml
>> >> back
>> >> back
>> >> target
>> >> set target <url>
>> >> back
>> >> start
>> >> exit
>> >>
>> >>
>> >> and this is my php script :
>> >> <?
>> >>
>> >> $w3af_script="22222.w3af";
>> >>
>> >> echo "Start of code ::*****";
>> >>
>> >> if(is_readable($w3af_script))
>> >> {
>> >>
>> >> echo "\n"."ready to execute the script in the terminal";
>> >>
>> >> `python w3af_console -s $w3af_script`;
>> >>
>> >> }
>> >>
>> >>
>> >> if(is_readable("w3af_10.242.92.6_25062013_162721.xml"))
>> >>
>> >> {
>> >> echo "-----OOOOOOOOOOOoutput file got generated ";
>> >>
>> >> }
>> >> else
>> >> echo "-----FFFFailed to generate the outpt file ";
>> >>
>> >>
>> >> ?>
>> >>
>> >>
>> >> so when i run this as root user it is generating the xml file and if
>> >> same i
>> >> run as www-data user i am unable to get the output xml file .
>> >>
>> >> please guide me in setting right permissions so that i can get XML as
>> >> output
>> >> file .
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Tuesday 25 June 2013 05:07 PM, Andres Riancho wrote:
>> >>> On Tue, Jun 25, 2013 at 7:06 AM, saleem <asaleemud...@cdac.in> wrote:
>> >>>> Thank u andrews for guiding me .
>> >>>>
>> >>>> i am facing a small problem ,i.e i am unable to generate the XML file
>> >>>> from
>> >>>> the browser is there any dependency for that ?
>> >>>>
>> >>>> if i run the same from terminal i am able to generate the XML file ,
>> >>>> i
>> >>>> am
>> >>>> using mozilla browser .
>> >>> The browser has nothing to do with all this. In any case it's PHP and
>> >>> the way you call w3af from it.
>> >>>
>> >>>> On Monday 24 June 2013 06:04 PM, Andres Riancho wrote:
>> >>>>> Saleem,
>> >>>>>
>> >>>>> On Mon, Jun 24, 2013 at 9:14 AM, saleem <asaleemud...@cdac.in>
>> >>>>> wrote:
>> >>>>>> Thanku so much for that andrews .
>> >>>>>>
>> >>>>>> now i am able to generate file , but i have having small problem,
>> >>>>>>
>> >>>>>> i am getting this error at the end of the txt file which got
>> >>>>>> generated
>> >>>>>> .
>> >>>>>>
>> >>>>>> [Mon Jun 24 17:19:43 2013 - console] termios error: (25,
>> >>>>>> 'Inappropriate
>> >>>>>> ioctl for device')
>> >>>>> Seen this before, but never needed to fix it. I mean... w3af
>> >>>>> continues
>> >>>>> to work, and you only get it when w3af is run "without a terminal".
>> >>>>>
>> >>>>> How did you fix your original error?
>> >>>>>
>> >>>>>> any solution for this kind of error !!
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> On Monday 24 June 2013 04:58 PM, Andres Riancho wrote:
>> >>>>>>> On Mon, Jun 24, 2013 at 8:08 AM, saleem <asaleemud...@cdac.in>
>> >>>>>>> wrote:
>> >>>>>>>> thanks for the response andrews.
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> Why do you suspect of permissions issue?
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> I suspect permission issue because when i run the code as root
>> >>>>>>>> user
>> >>>>>>>> in
>> >>>>>>>> the
>> >>>>>>>> terminal it is generating the output file.
>> >>>>>>>>
>> >>>>>>>> if i run the same code in the browser it is not generating the
>> >>>>>>>> output
>> >>>>>>>> files
>> >>>>>>>> .
>> >>>>>>> Can be because of other things, like the www-data user not having
>> >>>>>>> an
>> >>>>>>> environment variable set, or something like that.
>> >>>>>>>
>> >>>>>>> Try this:
>> >>>>>>>
>> >>>>>>> sudo -s -H
>> >>>>>>> <enter your root password>
>> >>>>>>> su www-data
>> >>>>>>> cd to-python-install
>> >>>>>>> python w3af_console ...
>> >>>>>>>
>> >>>>>>>> Are you trying "su www-data" and then running the exact same
>> >>>>>>>> command?
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> i have given www-data:www-data permission to my code as well .
>> >>>>>>>> still it is not working.
>> >>>>>>>>
>> >>>>>>>> i will try to explain once again :
>> >>>>>>>>
>> >>>>>>>> i have a w3af script for w3af crawl -
>> >>>>>>>> http-settings
>> >>>>>>>> set timeout 60
>> >>>>>>>> back
>> >>>>>>>> plugins
>> >>>>>>>> crawl web_spider
>> >>>>>>>> crawl config web_spider
>> >>>>>>>> set only_forward False
>> >>>>>>>> set follow_regex .*http:/localhost.*
>> >>>>>>>> set ignore_regex (?i)(logout|disconnect|signout|exit)+
>> >>>>>>>> back
>> >>>>>>>> output text_file
>> >>>>>>>> output config text_file
>> >>>>>>>> set output_file
>> >>>>>>>> /var/www/wsafe1/scanreports/crawl_localhost_222222222.txt
>> >>>>>>>> set verbose False
>> >>>>>>>> back
>> >>>>>>>> back
>> >>>>>>>> target
>> >>>>>>>> set target http://localhost:80
>> >>>>>>>> back
>> >>>>>>>> start
>> >>>>>>>> exit
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> i have called this script in my php code i.e :
>> >>>>>>>>
>> >>>>>>>> <?
>> >>>>>>>>
>> >>>>>>>> $w3af_script="/var/www/wsafe1/crawl_localhost_222222222.w3af";
>> >>>>>>>> echo "Start of code ::*****";
>> >>>>>>>>
>> >>>>>>>> if(is_readable($w3af_script))
>> >>>>>>>> {
>> >>>>>>>>
>> >>>>>>>> echo "\n"."ready to execute the script in the
>> >>>>>>>> terminal";
>> >>>>>>>>
>> >>>>>>>> `python /var/www/wsafe1/tools/w3af/w3af_console -s
>> >>>>>>>> $w3af_script`;
>> >>>>>>>>
>> >>>>>>>> }
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> if(is_readable("/var/www/wsafe1/scanreports/crawl_localhost_222222222.txt"))
>> >>>>>>>> {
>> >>>>>>>> echo "-----OOOOOOOOOOOoutput file got generated ";
>> >>>>>>>>
>> >>>>>>>> }
>> >>>>>>>> else
>> >>>>>>>> echo "-----FFFFailed to generate the outpt file ";
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> ?>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> now problem is , i am not getting the file generated if i run the
>> >>>>>>>> code
>> >>>>>>>> from
>> >>>>>>>> the browser or by normal user.
>> >>>>>>>>
>> >>>>>>>> root user is able to generate the files using the same code .
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> please help me out !!!!!
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> On Monday 24 June 2013 04:14 PM, Andres Riancho wrote:
>> >>>>>>>>> Saleem,
>> >>>>>>>>>
>> >>>>>>>>> On Mon, Jun 24, 2013 at 1:11 AM, saleem <asaleemud...@cdac.in>
>> >>>>>>>>> wrote:
>> >>>>>>>>>> ok thanku for responding andres .
>> >>>>>>>>>>
>> >>>>>>>>>> fine i will tell u in detail what i have done .
>> >>>>>>>>>>
>> >>>>>>>>>> Earlier i had older version of w3af(r4473) in which my script
>> >>>>>>>>>> was
>> >>>>>>>>>> working
>> >>>>>>>>>> fine
>> >>>>>>>>>> currently i am using
>> >>>>>>>>>> w3af - Web Application Attack and Audit Framework
>> >>>>>>>>>> Version: 1.5
>> >>>>>>>>>> Revision: 790bb82add
>> >>>>>>>>> First of all, it was a great idea to update.
>> >>>>>>>>>
>> >>>>>>>>>> w3af script i have written (attachment) :
>> >>>>>>>>>> screenshot 1
>> >>>>>>>>>> PHP script i have written was (attachment):
>> >>>>>>>>>> screenshot 2
>> >>>>>>>>> I wouldn't run w3af in the request/response process. I'm unsure
>> >>>>>>>>> about
>> >>>>>>>>> how to do it for PHP, but in python there is Celery which allows
>> >>>>>>>>> you
>> >>>>>>>>> to queue work, process results, etc.
>> >>>>>>>>>
>> >>>>>>>>>> now i have given permission to that php script as well as w3af
>> >>>>>>>>>> ,
>> >>>>>>>>>> using
>> >>>>>>>>>> chmod command i have given 777 permissions.
>> >>>>>>>>> Why do you suspect of permissions issue?
>> >>>>>>>>>
>> >>>>>>>>>> problem is when i am executing it in terminal i am getting the
>> >>>>>>>>>> output
>> >>>>>>>>>> ,
>> >>>>>>>>>> if
>> >>>>>>>>>> the same i am executing in the browser i am not getting the
>> >>>>>>>>>> output
>> >>>>>>>>>> i.e
>> >>>>>>>>>> output files are not getting generated .
>> >>>>>>>>> Are you trying "su www-data" and then running the exact same
>> >>>>>>>>> command?
>> >>>>>>>>>
>> >>>>>>>>>> please help me out and sorry for my english.
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> On Monday 24 June 2013 12:35 AM, Andres Riancho wrote:
>> >>>>>>>>>>> Saleem,
>> >>>>>>>>>>>
>> >>>>>>>>>>> On Fri, Jun 21, 2013 at 12:31 PM, saleem
>> >>>>>>>>>>> <asaleemud...@cdac.in>
>> >>>>>>>>>>> wrote:
>> >>>>>>>>>>>> Hi all ,
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> I have written a script which uses w3af script in the
>> >>>>>>>>>>>> background,
>> >>>>>>>>>>>> and
>> >>>>>>>>>>>> trying
>> >>>>>>>>>>>> to execute that script through browser , but i am not getting
>> >>>>>>>>>>>> any
>> >>>>>>>>>>>> output
>> >>>>>>>>>>>> if
>> >>>>>>>>>>>> i do the same in the terminal i am getting the output .
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> please help me out !!!
>> >>>>>>>>>>> It's almost impossible to answer this question without more
>> >>>>>>>>>>> detail.
>> >>>>>>>>>>> Also, why do you think this is a w3af problem and not just you
>> >>>>>>>>>>> setting
>> >>>>>>>>>>> incorrect permissions to the filesystem files? More than glad
>> >>>>>>>>>>> to
>> >>>>>>>>>>> help
>> >>>>>>>>>>> if you send details,
>> >>>>>>>>>>>
>> >>>>>>>>>>> Regards,
>> >>>>>>>>>>>
>> >>>>>>>>>>>> Thanks & Regards ,
>> >>>>>>>>>>>> saleem
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> This e-mail is for the sole use of the intended recipient(s)
>> >>>>>>>>>>>> and
>> >>>>>>>>>>>> may
>> >>>>>>>>>>>> contain confidential and privileged information. If you are
>> >>>>>>>>>>>> not
>> >>>>>>>>>>>> the
>> >>>>>>>>>>>> intended recipient, please contact the sender by reply e-mail
>> >>>>>>>>>>>> and
>> >>>>>>>>>>>> destroy
>> >>>>>>>>>>>> all copies and the original message. Any unauthorized review,
>> >>>>>>>>>>>> use,
>> >>>>>>>>>>>> disclosure, dissemination, forwarding, printing or copying of
>> >>>>>>>>>>>> this
>> >>>>>>>>>>>> email
>> >>>>>>>>>>>> is strictly prohibited and appropriate legal action will be
>> >>>>>>>>>>>> taken.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> ------------------------------------------------------------------------------
>> >>>>>>>>>>>> This SF.net email is sponsored by Windows:
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Build for Windows Store.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> http://p.sf.net/sfu/windows-dev2dev
>> >>>>>>>>>>>> _______________________________________________
>> >>>>>>>>>>>> W3af-develop mailing list
>> >>>>>>>>>>>> W3af-develop@lists.sourceforge.net
>> >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>> --
>> >>>>>>>>>>> Andrés Riancho
>> >>>>>>>>>>> Project Leader at w3af - http://w3af.org/
>> >>>>>>>>>>> Web Application Attack and Audit Framework
>> >>>>>>>>>>> Twitter: @w3af
>> >>>>>>>>>>> GPG: 0x93C344F3
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>>>>>>>
>> >>>>>>>>>> This e-mail is for the sole use of the intended recipient(s)
>> >>>>>>>>>> and
>> >>>>>>>>>> may
>> >>>>>>>>>> contain confidential and privileged information. If you are not
>> >>>>>>>>>> the
>> >>>>>>>>>> intended recipient, please contact the sender by reply e-mail
>> >>>>>>>>>> and
>> >>>>>>>>>> destroy
>> >>>>>>>>>> all copies and the original message. Any unauthorized review,
>> >>>>>>>>>> use,
>> >>>>>>>>>> disclosure, dissemination, forwarding, printing or copying of
>> >>>>>>>>>> this
>> >>>>>>>>>> email
>> >>>>>>>>>> is strictly prohibited and appropriate legal action will be
>> >>>>>>>>>> taken.
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>>>>>>>
>> >>>>>>>>> --
>> >>>>>>>>> Andrés Riancho
>> >>>>>>>>> Project Leader at w3af - http://w3af.org/
>> >>>>>>>>> Web Application Attack and Audit Framework
>> >>>>>>>>> Twitter: @w3af
>> >>>>>>>>> GPG: 0x93C344F3
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>>>>>
>> >>>>>>>> This e-mail is for the sole use of the intended recipient(s) and
>> >>>>>>>> may
>> >>>>>>>> contain confidential and privileged information. If you are not
>> >>>>>>>> the
>> >>>>>>>> intended recipient, please contact the sender by reply e-mail and
>> >>>>>>>> destroy
>> >>>>>>>> all copies and the original message. Any unauthorized review,
>> >>>>>>>> use,
>> >>>>>>>> disclosure, dissemination, forwarding, printing or copying of
>> >>>>>>>> this
>> >>>>>>>> email
>> >>>>>>>> is strictly prohibited and appropriate legal action will be
>> >>>>>>>> taken.
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>>>>>
>> >>>>>>> --
>> >>>>>>> Andrés Riancho
>> >>>>>>> Project Leader at w3af - http://w3af.org/
>> >>>>>>> Web Application Attack and Audit Framework
>> >>>>>>> Twitter: @w3af
>> >>>>>>> GPG: 0x93C344F3
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>>>
>> >>>>>> This e-mail is for the sole use of the intended recipient(s) and
>> >>>>>> may
>> >>>>>> contain confidential and privileged information. If you are not the
>> >>>>>> intended recipient, please contact the sender by reply e-mail and
>> >>>>>> destroy
>> >>>>>> all copies and the original message. Any unauthorized review, use,
>> >>>>>> disclosure, dissemination, forwarding, printing or copying of this
>> >>>>>> email
>> >>>>>> is strictly prohibited and appropriate legal action will be taken.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>>>
>> >>>>> --
>> >>>>> Andrés Riancho
>> >>>>> Project Leader at w3af - http://w3af.org/
>> >>>>> Web Application Attack and Audit Framework
>> >>>>> Twitter: @w3af
>> >>>>> GPG: 0x93C344F3
>> >>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>
>> >>>> This e-mail is for the sole use of the intended recipient(s) and may
>> >>>> contain confidential and privileged information. If you are not the
>> >>>> intended recipient, please contact the sender by reply e-mail and
>> >>>> destroy
>> >>>> all copies and the original message. Any unauthorized review, use,
>> >>>> disclosure, dissemination, forwarding, printing or copying of this
>> >>>> email
>> >>>> is strictly prohibited and appropriate legal action will be taken.
>> >>>>
>> >>>>
>> >>>> -------------------------------------------------------------------------------------------------------------------------------
>> >>>>
>> >>>
>> >>> --
>> >>> Andrés Riancho
>> >>> Project Leader at w3af - http://w3af.org/
>> >>> Web Application Attack and Audit Framework
>> >>> Twitter: @w3af
>> >>> GPG: 0x93C344F3
>> >>>
>> >>>
>> >>
>> >>
>> >> -------------------------------------------------------------------------------------------------------------------------------
>> >>
>> >> This e-mail is for the sole use of the intended recipient(s) and may
>> >> contain confidential and privileged information. If you are not the
>> >> intended recipient, please contact the sender by reply e-mail and
>> >> destroy
>> >> all copies and the original message. Any unauthorized review, use,
>> >> disclosure, dissemination, forwarding, printing or copying of this
>> >> email
>> >> is strictly prohibited and appropriate legal action will be taken.
>> >>
>> >> -------------------------------------------------------------------------------------------------------------------------------
>> >>
>> >
>> >
>>
>>
>>
>> -------------------------------------------------------------------------------------------------------------------------------
>>
>> This e-mail is for the sole use of the intended recipient(s) and may
>> contain confidential and privileged information. If you are not the
>> intended recipient, please contact the sender by reply e-mail and destroy
>> all copies and the original message. Any unauthorized review, use,
>> disclosure, dissemination, forwarding, printing or copying of this email
>> is strictly prohibited and appropriate legal action will be taken.
>>
>> -------------------------------------------------------------------------------------------------------------------------------
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev
>> _______________________________________________
>> W3af-users mailing list
>> w3af-us...@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
