Solved!
I use http fuzzer and works... Thanks.
2010/2/12 <[email protected]>
> Hello!!
>
> I am setting w3af for formAuthBrute but not working. The form only has a
> password box and w3af detects it... but doesn't the brute force attack: The
> configuration of formAuthBrute is default and the output is this:
>
> The page language is: en
> Starting formAuthBrute plugin execution.
> http://192.168.100.10/index.php detected a form with a password field and
> no username field.
> http://192.168.100.10/index.php detected a form with a password field and
> no username field.
> Found 1 URLs and 2 different points of injection.
> The list of URLs is:
> - http://192.168.100.10/index.php
> The list of fuzzable requests is:
> - http://192.168.100.10/index.php | Method: GET
> - http://192.168.100.10/index.php | Method: GET | Parameters:
> (password="")
> Password profiling TOP 100:
> - [1] enable with 1 repetitions.
> - [2] JavaScript with 1 repetitions.
> - [3] turned with 1 repetitions.
> - [4] auth with 1 repetitions.
> - [5] Your with 1 repetitions.
> - [6] enter with 1 repetitions.
> - [7] your with 1 repetitions.
> Finished scanning process.
>
> Thanks for help!
> --
> - Null
>
--
- Null
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
