I did some more testing. Here is what I am seeing using the webspider plugin
and its dependent
httpAuthDetect grep plugin.
If the target is a request with a form action=xxxxxx.xxx
the webspider ignoreRegex has no effect on the action=request
the action=request is acted upon even if not part of the same web site
if you don't want the action=request acted upon,
- set the misc settings nonTarget to ignore the action=request
If the request with a form action=xxxxxx.xxx is not the target
the webspider ignoreRegex has no effect on the action=request
if you don't want the action=request acted upon, do either of the following:
- include the parent in webspider ignoreRegex
- set misc settings nonTarget to ignore the action=request
Can you verify?
Thanks,
Daniel
------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
