Hi James, That's me who has written this plugin, so I will respond =)
2009/3/16 James Cole <[email protected]>: > Hi > > I have been getting to grips with W3af for the last month and a great > opportunity came about when a client I am currently working for asked me to > test there web application. > > The client has their site on a shared (VPS) server and wanted to know if any > credit card number could be gleaned from the site. I setup W3af on a hard > drive install VMware image of Samurai (updated W3af via svn) and ran a high > risk scan. > > > > The first problem I ran into was after an hour (or there about) the gui > interface would blank out and the process was running at around 90%, I let > the scan finish which it did but could not recover the gui interface from > its blank screen. > > > > A quick side line here I saved my data to a txt output and an html output, > the html output did not record any data and was just blank, is this the norm > at the moment. > > > > The good news was that before the GUI failed I was able to recover 15 credit > card numbers. I ran the scan again but with only the credit card number > plugin and recovered 85 credit card numbers. > > > > Now my main question is how I manually verify the data I have collected is > indeed from my client’s server. There is not a great deal of information on > the plugin and I would like to understand the process a little better for my > report for my client. > The plugin detects those sequences of digits which pass the Luhn check, that's all. You can open the "Results" tab and see the responses which were reported as containing card numbers. Andres, it seems a good idea to implement the highlighting of the findings for the grep plugins, what do you think? Sasha. /////// > > > Thanks in advance for any help > > > > James > ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
