Daniel,
On Fri, May 7, 2010 at 1:04 PM, Daniel Gaddis
<[email protected]> wrote:
> webspider is the only discovery plugin I am using.
>
> You are right it does appear to ignore it if it is just a normal link. It
> looks like the issue is when I want to ignore what is in the action=xxxxx.xxx
> for a page.
hmmm... interesting... at first after reading your comment I
thought that this might have been because the webSpider is not
analyzing the query string, but it seems (after reading the code) that
it is.
> I have a home page with two forms (both generate emails that I would like to
> skip).
>
> One has action="req_signup01.php"
> The other has action="distemailhandler.php"
>
> The webspider ignoreRegex has .*req_signup01[.]php |.*distemailhandler[.]php
>
> However, both are checked and end up in the fuzzable list.
I think that the issue is your regular expression. Here you see your
regex trying to match against one of the actions:
!!! re.match(".*req_signup01[.]php
|.*distemailhandler[.]php","req_signup01.php")
!!!
There is no match. I re-wrote your regex this way:
!!!
re.match("(.*req_signup01\\.php|.*distemailhandler\\.php)","req_signup01.php")
<_sre.SRE_Match object at 0x7f5e8c36b918>
!!!
re.match("(.*req_signup01\\.php|.*distemailhandler\\.php)","distemailhandler.php")
<_sre.SRE_Match object at 0x7f5e8c456990>
!!!
re.match("(.*req_signup01\\.php|.*distemailhandler\\.php)","another-script.php")
!!!
Works as expected.
> It also looks like if the action= goes to different server(s), it also gets
> acted upon. I suppose I could/should include the external server references
> in ignoreRegex once it works for action= references?
>
> I used the following to run w3af:
>
> misc-settings
> set maxDiscoveryTime 1200
> set maxThreads 0
> # maxDepth not in rc3 1.1 3460
> # set maxDepth 25
> set exportFuzzableRequests FuzzableRequests.csv
> set fuzzFormComboValues t
> # set fuzzFileContent False
> back
> #plugins
> # audit sqli, xss
> # audit config xss
> # set numberOfChecks 3
> # back
> # back
> plugins
> output htmlFile, textFile, console, xmlFile
> back
> plugins
> discovery webSpider
> discovery config webSpider
> set onlyForward True
> set ignoreRegex
> (?i).*[.](pdf|doc|ram|mp3|mov|ppt|gif|jpg|png|ico)|.*75[rs]/senate/archive|.*75[rs]/senate/members/dist[0-9]*/pr|.*req_inv[.]php|.*req_svc[.]php|.*req_survey01[.]php|.*req_survey02[.]php|.*survey001[.]php|.*survey002[.]php|.*req_signup01[.]php|.*C820handler[.]php|.*distemailhandler[.]php|.*distemailhandler2[.]php|.*FHdists[.]php|.*FHwebadmin[.]php|.*harrisQhandler[.]php|.*ltgovhandler[.]php|.*NLhandler[.]php|.*QH090001[.]php|.*QH120001[.]php|.*QH230001[.]php|.*QH230002[.]php|.*SRChandler[.]php|.*webadminhandler[.]php|.*adminform[.]php
wow, that's a complex regex :)
I advise you to test your regexes in python, the way I do it is:
arian...@toreng-0557:~/w3af/trunk$ python
Python 2.5.2 (r252:60911, Jan 20 2010, 23:14:04)
[GCC 4.2.4 (Ubuntu 4.2.4-1ubuntu3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import re
>>> re.match("req_signup01.ph.","req_signup01.php")
<_sre.SRE_Match object at 0x7f5e8c37ecc8>
>>> re.match(".*req_signup01[.]php
>>> |.*distemailhandler[.]php","req_signup01.php")
>>>
>>>
>>>
>>>
>>> re.match(".*req_signup01[.]php
>>> |.*distemailhandler[.]php","req_signup01.php")
>>> re.match("(.*req_signup01\\.php|.*distemailhandler\\.php)","req_signup01.php")
<_sre.SRE_Match object at 0x7f5e8c36b918>
>>> re.match("(.*req_signup01\\.php|.*distemailhandler\\.php)","distemailhandler.php")
<_sre.SRE_Match object at 0x7f5e8c456990>
>>> re.match("(.*req_signup01\\.php|.*distemailhandler\\.php)","another-script.php")
>>>
> back
> back
> target
> set target
> http://www.test.senate.state.tx.us/75r/senate/members/dist7/dist7.htm
> set targetOS windows
> back
> start
>
> Thanks,
> Daniel
> -----Original Message-----
> From: Andres Riancho [mailto:[email protected]]
> Sent: Thursday, May 06, 2010 7:15 PM
> To: Daniel Gaddis
> Cc: [email protected]
> Subject: Re: webSpider ignoreRegex functionality question
>
> Daniel,
>
> Please read inline,
>
> On Thu, Apr 22, 2010 at 5:15 PM, Daniel Gaddis
> <[email protected]> wrote:
>> It looks like webSpider will find requests that match ignoreRegex entries
>> and include them for the audit phase.
>>
>>
>>
>> For example, let's say home.php has a link to email.php and I would like to
>> totally ignore email.php. It looks like just specifying ignoreRegex for
>> email.php is not good enough but that I must specify ignoreRegex for the
>> parent home.,php.
>
> hmmm, wierd... are you ONLY enabling the webSpider plugin?
>
>>
>>
>> While I do want to ignore email.php in this example, I don't really want to
>> miss the other links in the home.php
>>
>>
>>
>> Am I seeing this correctly or am I missing something?
>
> I just tested the ignoreRegex feature in a test webapp I have, and
> it's working for me. Could you please send me this information? :
>
> - list of enabled plugins
> - parameters for those plugins
> - global parameters (if any were changed from defaults)
>
>>
>>
>> I am running w3af-1.0-rc3 (version 1.1 revision 3460) on windows.
>
> Ok, that looks good.
>
>>
>>
>> Thanks,
>>
>> Daniel
>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
