secsec, On Tue, Nov 17, 2009 at 1:07 AM, secsec sensen <[email protected]> wrote: > Hey there > > Q1: > Before spiderMan sends the results of the user crawl, I was wondering > if I can choose which POSTs and GETs get passed to audit plugins ?
No, you can not. But basically... if you don't want a URL to be scanned, don't browse it using spiderMan. If you want to exclude specific URLs for some reason, you may find the nonTargets setting interesting (see target advanced settings). > Q2: > The findings that show in the html report from XSS are not verbose > enough: with the abbreviated POSTs postdata, the finding adds the > text: This vulnerability was found in the request with id xxxx. > Is there a way to get the post data with the header as well as the > response data ? is it stored somewhere? You could enable the textFile plugin, which will store each request and response in a file. On the other hand... I understand your problem and think that this should be fixed. Do you want to give it a try, and change the output.htmlFile plugin in order to show the complete request in the HTML? Cheers, > Thanks Much ! > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
