Hello,
I am using w3af GUI on windows..and from some days i am trying to scan some
web application using w3af, but whenever i am trying to scam with OWASP Top
10 plugin or any with all plugin i will get following message in Log tab:
[09/15/09 09:26:09] Auto-enabling plugin: discovery.allowedMethods
[09/15/09 09:26:09] Auto-enabling plugin: discovery.serverHeader
[09/15/09 09:26:09] Auto-enabling plugin: discovery.frontpage_version
[09/15/09 09:26:11]
[09/15/09 09:26:11] **IMPORTANT** The following error was detected by w3af
and couldn't be resolved: The xUrllib found too much consecutive errors. The
remote webserver doesn't seem to be reachable anymore; please verify
manually.
[09/15/09 09:26:11]
[09/15/09 09:26:11] Could not determine the language of the site.
Tha same message i got when i started scanning for following website..as
Sébastien had referred the site to start with w3af.
Would please help me in finding why this is happening??
Thank you.
2009/9/15 Sébastien Duquette <[email protected]>
> Well a good start might be to run it against an on-purpose vulnerable
> web site like the one by Acunetix (http://testphp.acunetix.com/). Just
> choose the OWASP Top 10 profile, type the website in the address bar
> and press Start. There are also web applications that are made for
> people to practice finding flaws like mutillidae or
> lampsecurity.lampsec-sqlinject
> (http://lampsecurity.org/capture-the-flag-6). You need to install
> those applications though, so you must know how to run an
> Apache/MySQL/PHP server. A trick that might help you install them
> faster is to use a package like Wampserver for Windows.
>
> On a side note, if you don't know much about web applications
> vulnerabilities, it would be a good thing to read a bit about them. A
> good place to start is with the OWASP Top 10 : it's the list of the 10
> most common web flaws. You can find it here :
> http://www.owasp.org/index.php/Top_10_2007. If you have a some money
> aside, consider buying the book "The Web Application Hacker's
> Handbook", it's really good for beginning and also as a reference.
>
> Hope that helps,
>
> Sébastien
>
> On Mon, Sep 14, 2009 at 5:18 PM, steve jacobs <[email protected]>
> wrote:
> > Thanks for the guide, got the tool up and running, great.
> >
> > Now... Where would be a good place to start to look for basic security
> flaws
> > in our web pages, are there any "beginners" features on the tool I can
> run
> > just to get a feel for the framework?
> >
> > Regards,
> > Steve J.
> >
> >> Date: Mon, 14 Sep 2009 16:38:15 -0400
> >> Subject: Re: [W3af-users] Getting Started
> >> From: [email protected]
> >> To: [email protected]
> >> CC: [email protected]
> >>
> >> It's actually pretty simple. You need to install Python 2.5 for
> >> windows from here :
> >>
> >> http://www.python.org/ftp/python/2.5.4/python-2.5.4.msi
> >>
> >> Then get w3af for Windows from here :
> >>
> >>
> >>
> http://sourceforge.net/projects/w3af/files/w3af/w3af%201.0-rc2%20%5Bshorty%5D/w3af_1.0-rc2_setup.exe/download
> >>
> >> You will have an icon on your desktop. It's that simple! I don't know
> >> if you need to be admin though.
> >>
> >>
> >> On Mon, Sep 14, 2009 at 4:16 PM, steve jacobs <
> [email protected]>
> >> wrote:
> >> > W3af folk,
> >> >
> >> > For someone very new to this type of tool, wanting to research it
> >> > further,
> >> > how can I fire up the GUI in Windows XP? Please keep the instructions
> as
> >> > simple as poss. I trust I need to enter some command line instruction
> or
> >> > similar? Do I require local admin rights on my machine to use the tool
> >> > to
> >> > its full functionality?
> >> >
> >> > Best Regards,
> >> >
> >> > Steve J.
> >> >
> >> > ________________________________
> >> > Add other email accounts to Hotmail in 3 easy steps. Find out how.
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Come build with us! The BlackBerry® Developer Conference in SF, CA
> >> > is the only developer event you need to attend this year. Jumpstart
> your
> >> > developing skills, take BlackBerry mobile applications to market and
> >> > stay
> >> > ahead of the curve. Join us from November 9-12, 2009. Register
> >> > now!
> >> > http://p.sf.net/sfu/devconf
> >> > _______________________________________________
> >> > W3af-users mailing list
> >> > [email protected]
> >> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >> >
> >> >
> >
> > ________________________________
> > New! Receive and respond to mail from other email accounts from within
> > Hotmail Find out how.
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry® Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9-12, 2009. Register now!
> http://p.sf.net/sfu/devconf
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Regards,
Pranjal Bathia
Intern at Innovation Labs,
Tata Consultancy Services
Hyderabad
India
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
