On Sun, Nov 8, 2009 at 6:33 PM, Taras <[email protected]> wrote:
> Andres,
>
>> One of the biggest TODOs that the w3af project has in order to
>> compete with the commercial scanners is Javascript support.
>
> could you please write more about this support?
> What W3AF must can to do with JavaScript and what the purpose of such
> support?
Basically, what needs to be done is to write a web spider that
supports javascript. I would do it in a separate discovery plugin
which would use some python-javascript binding. Some pseudocode of
what I have in mind:
def discovery( self, fuzzable_request):
js_html = javascript_library.parse( response.getBody() )
js_html.dom.network = self.network_wrapper
for tag in js_html.get_all_tags():
tag.click()
tag.mouse_over()
...
tag.submit()
return self._fuzzable_requests
def network_wrapper( self, url, headers, post_data):
'''
This method is called when one of the events that is fired by the
"tag.click()"
sends a request to the network.
'''
self._fuzzable_requests.extend( createFuzzableRequest( url,
headers, post_data) )
In that pseudocode everything is just magic... but there are a lot of issues:
- "js_html.dom.network = self.network_wrapper" came out of my
imagination, I don't know if that is possible
- We would need to analyze if running javascript code from any
website is safe. We could simply warn the user... and let him decide.
- What happens with alert() and prompt() ? In my previous tries
with the web20Spider (some can be found in the SVN) one of the
problems I had was how to handle the alert() and prompt() , that would
block all the following tests.
- What happens with scripts that take too much time to run? How
can we handle this? Maybe we could use something like this [0] which
is pretty cool ;)
I think I'll give it a try when I come back from Turkey and Brazil.
What do you think? What other problems do you see? Do you think that
there is another way to click on javascript?
[0] http://nick.vargish.org/clues/python-tricks.html
Cheers,
>
> --
> Taras - OSCP, OSWP
> ----
> "Software is like sex: it's better when it's free." - Linus Torvalds
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
