The xss [0] plugin is a good example for what you're trying to
achieve. The interesting parts are:
fake_mutants = create_mutants(freq, ['',])
Where you create mutants (modified http requests) based on a fuzzable
request (which is the result of the crawling phase) with a "fake"
value of an empty string. And
trivial_mutant = mutant.copy()
trivial_mutant.set_mod_value(payload)
Where you take the mutant, copy it, and finally set a real payload in
it to replace the empty string. To take that to real life, it would
be:
1- Crawl detects http://foo.com/?id=1 , the fuzzable request
2- After create mutants you have something like detects http://foo.com/?id=
3- After setting the payload you have http://foo.com/?id=<script...
In your case you'll want to use this technique instead of the one
you'll see in sqli.py , because detecting integer overflows requires
you to send a series of payloads to the same input.
[0] https://github.com/andresriancho/w3af/blob/master/plugins/audit/xss.py
On Sat, Jul 13, 2013 at 5:09 AM, Dominique Righetto
<dominique.righe...@gmail.com> wrote:
> Hi Andres,
>
> I'm working on integer overflow detection plugin and I try to understand, in
> a audit plugin, how to access to injection points detected by in discovery
> part.
>
> Can you give me some pointer or plugin example ?
>
> Thanks in advance
>
> Dom
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
