Marthe, On Mon, Jul 20, 2009 at 11:22 AM, Marthe Engebretsen<[email protected]> wrote: > Andrés, > > Marthe, > > On Mon, Jul 20, 2009 at 10:20 AM, Marthe > Engebretsen<[email protected]> wrote: >> Dear list, >> >> I've been testing W3AF for some weeks now, as part of a large project >> concerning web application security and web application vulnerability >> scanning. W3AF is one of my absolute favorites of the tools tested, but >> recently I've got some problems when scanning my "known vulnerable test >> site" for SQL Injections. >> >> In order to check how the tool manage blind SQL injections my test site has >> been modified to not show database error messages (MySQL-database). When the >> blindSqli plugin is enabled it only returns:" Too many retries when trying >> to get: . URL.". I've tried to tune both blindSqli-plugin settings and >> http-settings, but I still get the same result. >> >> Any ideas on what the problem is, and how to get the plugin to work >> properly? > > Are you using some kind of IPS, that could be closing TCP connections > based on the packet payloads? > > No, there are no IPS. The test server is only protected by IP restrictions.
Then I have no clue of what could be happening, I would need more information, logs, etc. to be able to try to find what's happening. Have you tried to use wireshark to see what's going bad at a TCP/IP level? Usually these type of errors are because of connection errors at that level. Maybe packets are being dropped? Another idea: maybe you could run w3af with the output.textFile plugin with the verbose parameter set to true, and analyze that? Cheers, > Cheers, > Marthe Engebretsen > >> >> ------------------------------------------------------------------------------ >> Enter the BlackBerry Developer Challenge >> This is your chance to win up to $100,000 in prizes! For a limited time, >> vendors submitting new applications to BlackBerry App World(TM) will have >> the opportunity to enter the BlackBerry Developer Challenge. See full prize >> details at: http://p.sf.net/sfu/Challenge >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
