Ryan, On Mon, Nov 30, 2009 at 10:28 AM, Ryan Dewhurst <[email protected]> wrote: > Hello all, > Getting this error when enabling some of the plugins:
You get the error when enabling the plugin, or after the scan starts? > Unhandled error, traceback: Traceback (most recent call last): File > "/home/ryan/w3af/core/controllers/w3afCore.py", line 397, in start > self._realStart() File "/home/ryan/w3af/core/controllers/w3afCore.py", line > 457, in _realStart self._fuzzableRequestList = self._discoverAndBF() File > "/home/ryan/w3af/core/controllers/w3afCore.py", line 342, in _discoverAndBF > discoveredFrList = self._discover( tmpList ) File > "/home/ryan/w3af/core/controllers/w3afCore.py", line 611, in _discover > result = self._discoverWorker( toWalk ) File > "/home/ryan/w3af/core/controllers/w3afCore.py", line 657, in _discoverWorker > pluginResult = plugin.discover_wrapper( fr ) File > "/home/ryan/w3af/core/controllers/basePlugin/baseDiscoveryPlugin.py", line > 47, in discover_wrapper return self.discover( fuzzable_request_copy ) File > "/home/ryan/w3af/plugins/discovery/dir_bruter.py", line 87, in discover > self._bruteforce_directories( base_path ) File > "/home/ryan/w3af/plugins/discovery/dir_bruter.py", line 106, in > _bruteforce_directories if not is_404( http_response ): TypeError: > 'NoneType' object is not callable Strange.... > It seems that the errror is steming from the is_404() function located in > ./core/controllers/coreHelpers/fingerprint_404.py. At first I thought it may > be a dependency issue however fingerprint_404.py only really uses urllib, > thread and cgi which I think are standard Python libraries. > > Any ideas? is_404 is set to None at the beginning of "fingerprint_404.py", which could trigger the "'NoneType' object is not callable" error. The problem is that this should never happen... this is wierd... I just changed some pieces of the code in "fingerprint_404.py" to try to fix this vulnerability. Please let me know if you can still reproduce the issue. Thank you very much for your bug report, > Thanks. > > -- > Ryan Dewhurst > > http://www.ethicalhack3r.co.uk > http://www.dvwa.co.uk > http://www.twitter.com/ethicalhack3r > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
