Hi,
Same problem here : W3af is called inside a Python daemon (so in a
non-interactive way too).
W3af runs fine, but never creates the XML output file.
I get too the "Inappropriate ioctl for device" error btw.
Using the git version.
Missing environment variables ? Problem with the XML library used ? or the
way the XML output file is created ?
Investigating...
2013/6/25 saleem <asaleemud...@cdac.in>
> i have given all permissions to that folder , still i am not able to
> generate the file .
>
> On Tuesday 25 June 2013 05:30 PM, Andres Riancho wrote:
> > Nothing special. The directory /var/www/scanreports/ needs to be
> > writable by the www-data user.
> >
> > On Tue, Jun 25, 2013 at 8:56 AM, saleem <asaleemud...@cdac.in> wrote:
> >> as i have written earlier , same code i am using but this time i am
> trying
> >> to generate the XML output file .
> >>
> >> this is my w3af script :
> >>
> >> http-settings
> >> set timeout 60
> >> back
> >> plugins
> >> crawl web_spider
> >> crawl config web_spider
> >> set only_forward False
> >> set follow_regex .*
> >> set ignore_regex (?i)(logout|disconnect|signout|exit)+
> >> back
> >> audit blind_sqli
> >> back
> >> output xml_file
> >> output config xml_file
> >> set output_file
> /var/www/scanreports/w3af_10.242.92.6_25062013_165727.xml
> >> back
> >> back
> >> target
> >> set target <url>
> >> back
> >> start
> >> exit
> >>
> >>
> >> and this is my php script :
> >> <?
> >>
> >> $w3af_script="22222.w3af";
> >>
> >> echo "Start of code ::*****";
> >>
> >> if(is_readable($w3af_script))
> >> {
> >>
> >> echo "\n"."ready to execute the script in the terminal";
> >>
> >> `python w3af_console -s $w3af_script`;
> >>
> >> }
> >>
> >>
> >> if(is_readable("w3af_10.242.92.6_25062013_162721.xml"))
> >>
> >> {
> >> echo "-----OOOOOOOOOOOoutput file got generated ";
> >>
> >> }
> >> else
> >> echo "-----FFFFailed to generate the outpt file ";
> >>
> >>
> >> ?>
> >>
> >>
> >> so when i run this as root user it is generating the xml file and if
> same i
> >> run as www-data user i am unable to get the output xml file .
> >>
> >> please guide me in setting right permissions so that i can get XML as
> output
> >> file .
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Tuesday 25 June 2013 05:07 PM, Andres Riancho wrote:
> >>> On Tue, Jun 25, 2013 at 7:06 AM, saleem <asaleemud...@cdac.in> wrote:
> >>>> Thank u andrews for guiding me .
> >>>>
> >>>> i am facing a small problem ,i.e i am unable to generate the XML file
> >>>> from
> >>>> the browser is there any dependency for that ?
> >>>>
> >>>> if i run the same from terminal i am able to generate the XML file ,
> i
> >>>> am
> >>>> using mozilla browser .
> >>> The browser has nothing to do with all this. In any case it's PHP and
> >>> the way you call w3af from it.
> >>>
> >>>> On Monday 24 June 2013 06:04 PM, Andres Riancho wrote:
> >>>>> Saleem,
> >>>>>
> >>>>> On Mon, Jun 24, 2013 at 9:14 AM, saleem <asaleemud...@cdac.in>
> wrote:
> >>>>>> Thanku so much for that andrews .
> >>>>>>
> >>>>>> now i am able to generate file , but i have having small problem,
> >>>>>>
> >>>>>> i am getting this error at the end of the txt file which got
> generated
> >>>>>> .
> >>>>>>
> >>>>>> [Mon Jun 24 17:19:43 2013 - console] termios error: (25,
> 'Inappropriate
> >>>>>> ioctl for device')
> >>>>> Seen this before, but never needed to fix it. I mean... w3af
> continues
> >>>>> to work, and you only get it when w3af is run "without a terminal".
> >>>>>
> >>>>> How did you fix your original error?
> >>>>>
> >>>>>> any solution for this kind of error !!
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On Monday 24 June 2013 04:58 PM, Andres Riancho wrote:
> >>>>>>> On Mon, Jun 24, 2013 at 8:08 AM, saleem <asaleemud...@cdac.in>
> wrote:
> >>>>>>>> thanks for the response andrews.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Why do you suspect of permissions issue?
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> I suspect permission issue because when i run the code as root
> user
> >>>>>>>> in
> >>>>>>>> the
> >>>>>>>> terminal it is generating the output file.
> >>>>>>>>
> >>>>>>>> if i run the same code in the browser it is not generating the
> output
> >>>>>>>> files
> >>>>>>>> .
> >>>>>>> Can be because of other things, like the www-data user not having
> an
> >>>>>>> environment variable set, or something like that.
> >>>>>>>
> >>>>>>> Try this:
> >>>>>>>
> >>>>>>> sudo -s -H
> >>>>>>> <enter your root password>
> >>>>>>> su www-data
> >>>>>>> cd to-python-install
> >>>>>>> python w3af_console ...
> >>>>>>>
> >>>>>>>> Are you trying "su www-data" and then running the exact same
> command?
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> i have given www-data:www-data permission to my code as well .
> >>>>>>>> still it is not working.
> >>>>>>>>
> >>>>>>>> i will try to explain once again :
> >>>>>>>>
> >>>>>>>> i have a w3af script for w3af crawl -
> >>>>>>>> http-settings
> >>>>>>>> set timeout 60
> >>>>>>>> back
> >>>>>>>> plugins
> >>>>>>>> crawl web_spider
> >>>>>>>> crawl config web_spider
> >>>>>>>> set only_forward False
> >>>>>>>> set follow_regex .*http:/localhost.*
> >>>>>>>> set ignore_regex (?i)(logout|disconnect|signout|exit)+
> >>>>>>>> back
> >>>>>>>> output text_file
> >>>>>>>> output config text_file
> >>>>>>>> set output_file
> >>>>>>>> /var/www/wsafe1/scanreports/crawl_localhost_222222222.txt
> >>>>>>>> set verbose False
> >>>>>>>> back
> >>>>>>>> back
> >>>>>>>> target
> >>>>>>>> set target http://localhost:80
> >>>>>>>> back
> >>>>>>>> start
> >>>>>>>> exit
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> i have called this script in my php code i.e :
> >>>>>>>>
> >>>>>>>> <?
> >>>>>>>>
> >>>>>>>> $w3af_script="/var/www/wsafe1/crawl_localhost_222222222.w3af";
> >>>>>>>> echo "Start of code ::*****";
> >>>>>>>>
> >>>>>>>> if(is_readable($w3af_script))
> >>>>>>>> {
> >>>>>>>>
> >>>>>>>> echo "\n"."ready to execute the script in the
> terminal";
> >>>>>>>>
> >>>>>>>> `python /var/www/wsafe1/tools/w3af/w3af_console -s
> >>>>>>>> $w3af_script`;
> >>>>>>>>
> >>>>>>>> }
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> if(is_readable("/var/www/wsafe1/scanreports/crawl_localhost_222222222.txt"))
> >>>>>>>> {
> >>>>>>>> echo "-----OOOOOOOOOOOoutput file got generated ";
> >>>>>>>>
> >>>>>>>> }
> >>>>>>>> else
> >>>>>>>> echo "-----FFFFailed to generate the outpt file ";
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> ?>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> now problem is , i am not getting the file generated if i run the
> >>>>>>>> code
> >>>>>>>> from
> >>>>>>>> the browser or by normal user.
> >>>>>>>>
> >>>>>>>> root user is able to generate the files using the same code .
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> please help me out !!!!!
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On Monday 24 June 2013 04:14 PM, Andres Riancho wrote:
> >>>>>>>>> Saleem,
> >>>>>>>>>
> >>>>>>>>> On Mon, Jun 24, 2013 at 1:11 AM, saleem <asaleemud...@cdac.in>
> >>>>>>>>> wrote:
> >>>>>>>>>> ok thanku for responding andres .
> >>>>>>>>>>
> >>>>>>>>>> fine i will tell u in detail what i have done .
> >>>>>>>>>>
> >>>>>>>>>> Earlier i had older version of w3af(r4473) in which my script
> was
> >>>>>>>>>> working
> >>>>>>>>>> fine
> >>>>>>>>>> currently i am using
> >>>>>>>>>> w3af - Web Application Attack and Audit Framework
> >>>>>>>>>> Version: 1.5
> >>>>>>>>>> Revision: 790bb82add
> >>>>>>>>> First of all, it was a great idea to update.
> >>>>>>>>>
> >>>>>>>>>> w3af script i have written (attachment) :
> >>>>>>>>>> screenshot 1
> >>>>>>>>>> PHP script i have written was (attachment):
> >>>>>>>>>> screenshot 2
> >>>>>>>>> I wouldn't run w3af in the request/response process. I'm unsure
> >>>>>>>>> about
> >>>>>>>>> how to do it for PHP, but in python there is Celery which allows
> you
> >>>>>>>>> to queue work, process results, etc.
> >>>>>>>>>
> >>>>>>>>>> now i have given permission to that php script as well as w3af
> ,
> >>>>>>>>>> using
> >>>>>>>>>> chmod command i have given 777 permissions.
> >>>>>>>>> Why do you suspect of permissions issue?
> >>>>>>>>>
> >>>>>>>>>> problem is when i am executing it in terminal i am getting the
> >>>>>>>>>> output
> >>>>>>>>>> ,
> >>>>>>>>>> if
> >>>>>>>>>> the same i am executing in the browser i am not getting the
> output
> >>>>>>>>>> i.e
> >>>>>>>>>> output files are not getting generated .
> >>>>>>>>> Are you trying "su www-data" and then running the exact same
> >>>>>>>>> command?
> >>>>>>>>>
> >>>>>>>>>> please help me out and sorry for my english.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On Monday 24 June 2013 12:35 AM, Andres Riancho wrote:
> >>>>>>>>>>> Saleem,
> >>>>>>>>>>>
> >>>>>>>>>>> On Fri, Jun 21, 2013 at 12:31 PM, saleem <asaleemud...@cdac.in
> >
> >>>>>>>>>>> wrote:
> >>>>>>>>>>>> Hi all ,
> >>>>>>>>>>>>
> >>>>>>>>>>>> I have written a script which uses w3af script in the
> background,
> >>>>>>>>>>>> and
> >>>>>>>>>>>> trying
> >>>>>>>>>>>> to execute that script through browser , but i am not getting
> any
> >>>>>>>>>>>> output
> >>>>>>>>>>>> if
> >>>>>>>>>>>> i do the same in the terminal i am getting the output .
> >>>>>>>>>>>>
> >>>>>>>>>>>> please help me out !!!
> >>>>>>>>>>> It's almost impossible to answer this question without more
> >>>>>>>>>>> detail.
> >>>>>>>>>>> Also, why do you think this is a w3af problem and not just you
> >>>>>>>>>>> setting
> >>>>>>>>>>> incorrect permissions to the filesystem files? More than glad
> to
> >>>>>>>>>>> help
> >>>>>>>>>>> if you send details,
> >>>>>>>>>>>
> >>>>>>>>>>> Regards,
> >>>>>>>>>>>
> >>>>>>>>>>>> Thanks & Regards ,
> >>>>>>>>>>>> saleem
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>>>>>>>>>
> >>>>>>>>>>>> This e-mail is for the sole use of the intended recipient(s)
> and
> >>>>>>>>>>>> may
> >>>>>>>>>>>> contain confidential and privileged information. If you are
> not
> >>>>>>>>>>>> the
> >>>>>>>>>>>> intended recipient, please contact the sender by reply e-mail
> and
> >>>>>>>>>>>> destroy
> >>>>>>>>>>>> all copies and the original message. Any unauthorized review,
> >>>>>>>>>>>> use,
> >>>>>>>>>>>> disclosure, dissemination, forwarding, printing or copying of
> >>>>>>>>>>>> this
> >>>>>>>>>>>> email
> >>>>>>>>>>>> is strictly prohibited and appropriate legal action will be
> >>>>>>>>>>>> taken.
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> ------------------------------------------------------------------------------
> >>>>>>>>>>>> This SF.net email is sponsored by Windows:
> >>>>>>>>>>>>
> >>>>>>>>>>>> Build for Windows Store.
> >>>>>>>>>>>>
> >>>>>>>>>>>> http://p.sf.net/sfu/windows-dev2dev
> >>>>>>>>>>>> _______________________________________________
> >>>>>>>>>>>> W3af-develop mailing list
> >>>>>>>>>>>> W3af-develop@lists.sourceforge.net
> >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> --
> >>>>>>>>>>> Andrés Riancho
> >>>>>>>>>>> Project Leader at w3af - http://w3af.org/
> >>>>>>>>>>> Web Application Attack and Audit Framework
> >>>>>>>>>>> Twitter: @w3af
> >>>>>>>>>>> GPG: 0x93C344F3
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>>>>>>>
> >>>>>>>>>> This e-mail is for the sole use of the intended recipient(s) and
> >>>>>>>>>> may
> >>>>>>>>>> contain confidential and privileged information. If you are not
> the
> >>>>>>>>>> intended recipient, please contact the sender by reply e-mail
> and
> >>>>>>>>>> destroy
> >>>>>>>>>> all copies and the original message. Any unauthorized review,
> use,
> >>>>>>>>>> disclosure, dissemination, forwarding, printing or copying of
> this
> >>>>>>>>>> email
> >>>>>>>>>> is strictly prohibited and appropriate legal action will be
> taken.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Andrés Riancho
> >>>>>>>>> Project Leader at w3af - http://w3af.org/
> >>>>>>>>> Web Application Attack and Audit Framework
> >>>>>>>>> Twitter: @w3af
> >>>>>>>>> GPG: 0x93C344F3
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>>>>>
> >>>>>>>> This e-mail is for the sole use of the intended recipient(s) and
> may
> >>>>>>>> contain confidential and privileged information. If you are not
> the
> >>>>>>>> intended recipient, please contact the sender by reply e-mail and
> >>>>>>>> destroy
> >>>>>>>> all copies and the original message. Any unauthorized review, use,
> >>>>>>>> disclosure, dissemination, forwarding, printing or copying of this
> >>>>>>>> email
> >>>>>>>> is strictly prohibited and appropriate legal action will be taken.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>>>>>
> >>>>>>> --
> >>>>>>> Andrés Riancho
> >>>>>>> Project Leader at w3af - http://w3af.org/
> >>>>>>> Web Application Attack and Audit Framework
> >>>>>>> Twitter: @w3af
> >>>>>>> GPG: 0x93C344F3
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>>>
> >>>>>> This e-mail is for the sole use of the intended recipient(s) and may
> >>>>>> contain confidential and privileged information. If you are not the
> >>>>>> intended recipient, please contact the sender by reply e-mail and
> >>>>>> destroy
> >>>>>> all copies and the original message. Any unauthorized review, use,
> >>>>>> disclosure, dissemination, forwarding, printing or copying of this
> >>>>>> email
> >>>>>> is strictly prohibited and appropriate legal action will be taken.
> >>>>>>
> >>>>>>
> >>>>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>>>
> >>>>> --
> >>>>> Andrés Riancho
> >>>>> Project Leader at w3af - http://w3af.org/
> >>>>> Web Application Attack and Audit Framework
> >>>>> Twitter: @w3af
> >>>>> GPG: 0x93C344F3
> >>>>>
> >>>>>
> >>>>
> >>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>
> >>>> This e-mail is for the sole use of the intended recipient(s) and may
> >>>> contain confidential and privileged information. If you are not the
> >>>> intended recipient, please contact the sender by reply e-mail and
> destroy
> >>>> all copies and the original message. Any unauthorized review, use,
> >>>> disclosure, dissemination, forwarding, printing or copying of this
> email
> >>>> is strictly prohibited and appropriate legal action will be taken.
> >>>>
> >>>>
> -------------------------------------------------------------------------------------------------------------------------------
> >>>>
> >>>
> >>> --
> >>> Andrés Riancho
> >>> Project Leader at w3af - http://w3af.org/
> >>> Web Application Attack and Audit Framework
> >>> Twitter: @w3af
> >>> GPG: 0x93C344F3
> >>>
> >>>
> >>
> >>
> -------------------------------------------------------------------------------------------------------------------------------
> >>
> >> This e-mail is for the sole use of the intended recipient(s) and may
> >> contain confidential and privileged information. If you are not the
> >> intended recipient, please contact the sender by reply e-mail and
> destroy
> >> all copies and the original message. Any unauthorized review, use,
> >> disclosure, dissemination, forwarding, printing or copying of this email
> >> is strictly prohibited and appropriate legal action will be taken.
> >>
> -------------------------------------------------------------------------------------------------------------------------------
> >>
> >
> >
>
>
>
> -------------------------------------------------------------------------------------------------------------------------------
>
> This e-mail is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender by reply e-mail and destroy
> all copies and the original message. Any unauthorized review, use,
> disclosure, dissemination, forwarding, printing or copying of this email
> is strictly prohibited and appropriate legal action will be taken.
>
> -------------------------------------------------------------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> W3af-users mailing list
> w3af-us...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
