Ramiro, 2009/9/23 Ramiro Caire <[email protected]>: > Andres Riancho wrote: > > Ramiro, > > I'll answer in english, and I would appreciate if in the future > you write in this language. > > 2009/9/22 Ramiro Caire <[email protected]>: > > > Hola gente, > > no se que tan activa es la lista pero aprovecho el problema que tengo > para enviar mi primer mail a la misma. > > > We have at least 2 or 3 emails a week. > > > > Descubrí w3af gracias a la publicidad que hace Ulises Cuñé en su blog > jejeje, y la verdad tiene razon ,es una muy buena herramienta. > > > =) > > > > En particular, se me presento el siguiente problemita: > > estoy testeando un cliente que ha puesto una regla en su WAF con la cual > me filtra el acceso a cualquier herramienta (incluso W3AF) > en los ports 80 & 443 (tiran timeout o que no es "reachable"), pero SI > PERMITE ACCESO cuando se entra vía browser. > Esta regla evidentemente fija el User-Agent en la conversacion HTTP para > que sea solamente un browser quien acceda. > Pues bien, intente modificar este parámetro en W3AF (configuration > > HTTP Config > Misc) sin embargo no me lo acepta y en los logs sigue > apareciendo: > > The target URL: https://micliente.com is unreachable because of an > unhandled exception. > > y veo los headers que siguen seteando: > User-Agent: w3af.sf.net > > Puede ser un bug esto? o le estoy pifiando en algo en la configuracion? > > > I just tested this in the GUI and the console user interface, and it > is working as expected. What version of w3af are you using? I remember > having this problem in the past, but now it is fixed in the latest > version in the SVN. > > > Ok, thanks Andres for answering. > I'll write in english in the future, sorry. > > So, currently I'm using the SVN version in GUI mode, however I checked it in > console mode: > > ra...@kiara:~/Tools/w3af$ ./w3af_console > w3af>>> version > w3af - Web Application Attack and Audit Framework > Version: 1.1 (from SVN server) > Revision: 3033 > Author: Andres Riancho and the w3af team. > w3af>>> > > Any help will be appreciated.
If you enter this in a text file: """ http-settings set userAgent abcdef back plugins audit sqli back target set target http://localhost/ back start exit """ And then run ./w3af_console -s file.txt Do you get the expected result? Also, What steps EXACTLY are you taking to launch the scan from the GUI? > Regards > Ramiro > > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
