I enabled the HTML and Text output, but there isn't a direct correlation in either that actually maps the full request/response content to the finding. We use W3AF as a 'first line of defense' so to speak. We use it to scan the site first, then we manually validate all findings before embarking on manual testing. This allows us to identify low-hanging fruit with minimal effort.
In order for us to fully utilize this benefit though, we need to be able to quickly reproduce the finding in a browser. This requires having the full request/response objects and the finding data in one spot for copy paste purposes. Then we can use WebScarab to capture a legit request and funnel the copied data from W3AF into it. Right now, we are using the Request ID from the HTML report and manually going to find the Request/Response data in the text file output. Thoughts? -Brad Cauzey 2008/10/28 Viktor Gazdag <[EMAIL PROTECTED]>: > 2008/10/28 Brad Causey <[EMAIL PROTECTED]> >> >> I have done a good bit of research, but I can't find a way to save a >> GUI session to file? >> > > I think the urls are saved by default. I mean you start to type and it will > apear. Another solution is to try to save it like a profile. The results of > the scan can be saved at the bottom of the main screen. For example:console, > txt, html etc. > What would you like to save? >> >> >> -Brad Cauzey >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
