2008/10/28 Brad Causey <[EMAIL PROTECTED]>
> I enabled the HTML and Text output, but there isn't a direct
> correlation in either that actually maps the full request/response
> content to the finding.
> We use W3AF as a 'first line of defense' so to speak. We use it to
> scan the site first, then we manually validate all findings before
> embarking on manual testing. This allows us to identify low-hanging
> fruit with minimal effort.
>
> In order for us to fully utilize this benefit though, we need to be
> able to quickly reproduce the finding in a browser. This requires
> having the full request/response objects and the finding data in one
> spot for copy paste purposes. Then we can use WebScarab to capture a
> legit request and funnel the copied data from W3AF into it.
>
>
> Right now, we are using the Request ID from the HTML report and
> manually going to find the Request/Response data in the text file
> output.
>
> Thoughts?
>
>
In the Results->KB Browser, at the Request window you can see what data was
sent. Yo can copy paste this to the browser. w3af has also a manual request,
like a pure web browser.
>
>
> -Brad Cauzey
>
>
>
>
> 2008/10/28 Viktor Gazdag <[EMAIL PROTECTED]>:
> > 2008/10/28 Brad Causey <[EMAIL PROTECTED]>
> >>
> >> I have done a good bit of research, but I can't find a way to save a
> >> GUI session to file?
> >>
> >
> > I think the urls are saved by default. I mean you start to type and it
> will
> > apear. Another solution is to try to save it like a profile. The results
> of
> > the scan can be saved at the bottom of the main screen. For
> example:console,
> > txt, html etc.
> > What would you like to save?
> >>
> >>
> >> -Brad Cauzey
> >>
> >>
> -------------------------------------------------------------------------
> >> This SF.Net email is sponsored by the Moblin Your Move Developer's
> >> challenge
> >> Build the coolest Linux based applications with Moblin SDK & win great
> >> prizes
> >> Grand prize is a trip for two to an Open Source event anywhere in the
> >> world
> >> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> _______________________________________________
> >> W3af-users mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
> >
> > -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> > Build the coolest Linux based applications with Moblin SDK & win great
> > prizes
> > Grand prize is a trip for two to an Open Source event anywhere in the
> world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > _______________________________________________
> > W3af-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
> >
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
