>> One of the two sites ran to completion. The other site did better with >> ignore .pdf files however it quit sending request and continued to run at >> 50% cpu. I may try ignoring additional file types on that second site next...
> You might be lucky (but I doubt it) (but I also did not know that the PDF > parser was "broken"), but w3af only has the ability to parse pdf, html, > wml > and swf. The rest is parsed using regular expressions. Ignoring additional file types didn't help. I have not made it through the whole site yet, but so far I have found two files (one .php and one .htm) that the webspider plugin (w3af revision 3429) is having issues with when using the default misc-settings fuzzFormComboValues tmb (both are questionnaires/surveys). On a dual processor desktop pc running w3af I am seeing 50% cpu utilization, high memory (grows to over 2gb before dropping, followed by unhandled exception, and no requests in the exportFuzzableRequests file. If I switch to misc-settings fuzzFormComboValues t, the scan on each of the two files runs to completion. Would you like me to send you any of the output or open one or two bugs? Can you provide any additional information about fuzzFormComboValues besides following? Indicates what HTML form combo values, e.g. select options values, w3af plugins will use: all (All values), tb (only top and bottom values), tmb (top, middle and bottom values), t (top values), b (bottom values) On another survey.php page that did work I tried each fuzzFormComboValues options with the following results: all - 15,361 POST survey.php requests in the exportFuzzableRequests file tb - 4,097 POST survey.php requests tmb - 9,217 POST survey.php requests t - 2 POST survey.php requests b - 2 POST survey.php requests Since t or b seem to be a workaround for issue above and since it generates only 2 POST request I may just go with that for now to see if I can get through the whole site and be quicker too. On a separate topic, is there a way to force all requests to lower case so that when w3af/webspider comes across two requests where the only difference between the two (or more) requests is due to upper/lower case differences? If not, could you add that feature for those of us scanning windows servers? For example, only webspider/grep/exportFuzzableRequests the first one of the following four: /75r/senate/commit/archive/c590/c590.htm /75r/Senate/commit/archive/c590/c590.htm /75r/senate/Commit/archive/c590/c590.htm /75r/Senate/Commit/archive/c590/c590.htm Thanks, Daniel ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
