Brad, On Tue, Nov 11, 2008 at 12:50 PM, Brad Causey <[EMAIL PROTECTED]> wrote: > Andres, > >> >> > The main goal is to be able to gather the same usefulness from saved >> > information as from viewing it in the UI. At this point, after you close >> > w3af, you lose much the detail and linking between raw data and >> > vulnerability identification. Here is the thread we discussed >> > previously: >> > >> > http://sourceforge.net/mailarchive/forum.php?thread_name=89f89940810281156yb6ee5afw472c4b67bd4a6490%40mail.gmail.com&forum_name=w3af-users >> > >> > Does this help? Sorry I am having difficulty being clear in what I am >> > asking >> > for. >> > >> >> No, you are being very clear. I'll prioritize your feature request, >> but don't hold your breath because there are a lot of more "low level" >> things that I think are also important right now. >> >> Cheers, >> -- >> Andres Riancho > > > I completely understand. Maybe I can build an offline correlation engine. > Either way, thanks for taking the feedback into consideration! > >
Something that I forgot to mention, and is one of the most important features (it's simple, but VERY powerfull) that I'm going to code whenever I've got some minutes is a "report false positive" / "report false negative" button in the GUI, just below the vulnerability description, that will allow users to fill a form with a detailed description about WHY the request/response pair is a false positive / false negative. This simple form will give the project MUCH more feedback from the users, and if implemented right... it will ease up the transition from user to small time contributor. Of course... I'll need an "HTML obfuscator" or something like that, so users will actually send the html responses without having the idea that I'm identifying which pages they are scanning. This is the hardest part! Cheers, -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
