List,
Today I changed the 404 detection method from the old and overly
complicated method to a simple and easy to read/hack one. All of my
previous versions of is_404 were very complex and tried to struggle
with all possible cases. The truth is that in most "strange" cases I
was failing miserably, so now I changed my 404 detection once again,
but keeping it as simple as possible.
Also, and because I was trying to cover ALL CASES, I was
performing a lot of requests in order to cover them, which in most
situations was unnecessary and a big overhead. So now I go for a much
simple approach:
1- Cover the simplest case of all using only 1 HTTP request
2- Give the users the power to configure the 404 detection by
setting a string that identifies the 404 response (in case we are
missing it for some reason in case #1)
With this change, some framework options like "autodetect404",
"byDirectory404" and "byDirectoryAndExtension404" were removed and
some others like "exceptions404" were renamed. This will break your
current profiles (sorry about that!) but I hope that this change will
for once fix the 404 detection problem, and give us all a better
framework with less false positives :)
Comments are welcome, so please "svn up" and let me know what you think,
Cheers,
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
