[W3af-develop] w3af q

Electric Mind Tue, 03 Mar 2015 01:01:19 -0800

Hello everyone!

Here is my code sample:


#!/usr/bin/env python

from w3af.core.controllers.w3afCore import w3afCore
from w3af.plugins.tests.helper import create_target_option_list
from w3af.core.data.parsers.url import URL
from w3af.core.data.options.option_list import OptionList
from w3af.core.data.options.opt_factory import opt_factory
from  w3af.core.data.kb import knowledge_base

w3afcore = w3afCore()
target_opts = create_target_option_list(URL("http://localhost 
<http://localhost/>"))
w3afcore.target.set_options(target_opts)

w3afcore.plugins.set_plugins(['click_jacking'] , 'grep')

w3afcore.plugins.init_plugins()
w3afcore.start()


I’d like to understand where is method “OPTIONS * HTTP/1.0” get executed. I 
couldn’t find it in fingerprint_404 class...

Below you could see my apache logs:

127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428 "-" 
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.org 
<http://w3af.org/>)”

==> error.log <==
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/lvX119D7.cgi
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/BdfTExEg.do

==> other_vhosts_access.log <==
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /lvX119D7.cgi HTTP/1.1" 
404 447 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /BdfTExEg.do HTTP/1.1" 
404 446 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"

==> error.log <==

[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/zneaLKli.asp
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/nj2Wub66.foobar
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/mp5JzKQz.htm
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/Ll5OAx0X.py
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/VCVM34f7.gif
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/348kxmyI.htmls
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/lY3gD4if.jsp
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/FJZ3bNfK.rb

==> other_vhosts_access.log <==
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /zneaLKli.asp HTTP/1.1" 
404 446 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /nj2Wub66.foobar 
HTTP/1.1" 404 450 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; 
Trident/4.0; w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /mp5JzKQz.htm HTTP/1.1" 
404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /Ll5OAx0X.py HTTP/1.1" 
404 447 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /VCVM34f7.gif HTTP/1.1" 
404 449 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /348kxmyI.htmls 
HTTP/1.1" 404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; 
Trident/4.0; w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /lY3gD4if.jsp HTTP/1.1" 
404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /FJZ3bNfK.rb HTTP/1.1" 
404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"

==> error.log <==
[Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist: 
/var/www/JxX8yBjT.xhtml

==> other_vhosts_access.log <==
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /JxX8yBjT.xhtml 
HTTP/1.1" 404 449 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; 
Trident/4.0; w3af.org <http://w3af.org/>)"

==> error.log <==
[Mon Mar 02 03:46:45 2015] [error] [client ::1] script '/var/www/joHWRGWy.php' 
not found or unable to stat
[Mon Mar 02 03:46:45 2015] [error] [client ::1] File does not exist: 
/var/www/GFDhaqJu.aspx

==> other_vhosts_access.log <==
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:45 -0500] "GET /joHWRGWy.php HTTP/1.1" 
404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:45 -0500] "GET /GFDhaqJu.aspx HTTP/1.1" 
404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"

==> error.log <==
[Mon Mar 02 03:46:46 2015] [error] [client ::1] File does not exist: 
/var/www/1Qy6y9dj.pl

==> other_vhosts_access.log <==
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:46 -0500] "GET /1Qy6y9dj.pl HTTP/1.1" 
404 447 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; 
w3af.org <http://w3af.org/>)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:47 -0500] "OPTIONS * HTTP/1.0" 200 126 
"-" "Apache/2.2.22 (Debian) (internal dummy connection)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:48 -0500] "OPTIONS * HTTP/1.0" 200 126 
"-" "Apache/2.2.22 (Debian) (internal dummy connection)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:49 -0500] "OPTIONS * HTTP/1.0" 200 126 
"-" "Apache/2.2.22 (Debian) (internal dummy connection)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:50 -0500] "OPTIONS * HTTP/1.0" 200 126 
"-" "Apache/2.2.22 (Debian) (internal dummy connection)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:51 -0500] "OPTIONS * HTTP/1.0" 200 126 
"-" "Apache/2.2.22 (Debian) (internal dummy connection)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:52 -0500] "OPTIONS * HTTP/1.0" 200 126 
"-" "Apache/2.2.22 (Debian) (internal dummy connection)"
127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:53 -0500] "OPTIONS * HTTP/1.0" 200 126 
"-" "Apache/2.2.22 (Debian) (internal dummy connection)”


Thanks!


Best Regards.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

[W3af-develop] w3af q

Reply via email to