Tiff,
On Thu, Jul 23, 2015 at 9:21 PM, 冠庭 羅 <btiffe...@yahoo.com.tw> wrote:
> Hi all,
>
> I tried to figure out how to use W3af 's Client API, using Postman to help
> me to run scan by POST method.
>
> I had already use Content-Type: application/json
> and in the raw json
>
> {
> "scan_profile" : {"scan_profile" :
> "/home/tiff/w3af/profiles/OWASP_TOP10.pw3af"},
> "target_urls" : {"target_urls" : "http://127.0.0.1:7272"}
> }
Why do you repeat the scan profile in scan profile? Your request
should look like this one:
http://docs.w3af.org/en/latest/api/scans.html#starting-a-scan
> ----------------------------------------------
> I got the error message :
>
> {
> "code": 500,
> "exception_type": "TypeError",
> "filename": "scans.py",
> "function_name": "create_temp_profile",
> "line_number": 51,
> "message": "expected a character buffer object",
> "please": "https://github.com/andresriancho/w3af/issues/new";
> }
> -----------
> -----------
> this is another json code
> {
> "scan_profile" : "/home/tiff/w3af/profiles/OWASP_TOP10.pw3af",
It should be the content of that file, not the filename
> "target_urls" : "http://127.0.0.1:7272";
The value should be a list
> }
> --------
> the result is
> {
> "message": "ConfigParser error in profile:
> \"/tmp/1ac23c74-1433-464d-a12a-b4200a9eddb3.pw3af\". Exception: \"File
> contains no section headers.\\\nfile:
> /tmp/1ac23c74-1433-464d-a12a-b4200a9eddb3.pw3af, line:
> 1\\\nu'/home/tiff/w3af/profiles/OWASP_TOP10.pw3af'\"",
> "code": 400
> }
>
> I just curious about that am I type the correct json? Is that possible
> for me to assign two json object by using Postman?
Never used postman, not sure what it can do
> (Now I can just using python to start scanning)
> ----
> And another Question is that I tried to use GET method from other devices to
> catch the result when I done the scans.
> But it didn't work... I use http://192.168.xxx.xxx:5000/scans/0/kb (it looks
> like i need to use the same machine to type
> http://127.0.0.1:5000/scans/0/kb).
> Is that possible for me to use other machine to get the result or not?
Sure, you just need to bind the REST API to that host/port. See the config file:
http://docs.w3af.org/en/latest/api/index.html#config-file-format
>
>
> Thanks.
>
> Have a nice day.
>
> Tiff
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
