Why do requests get modified when written to the exportFuzzableRequests file?
For example the following original request... http://www.test.senate.state.tx.us/avarchive/ramav.php?ram=00003740 ...gets written to the exportFuzzableRequests file as: http://www.test.senate.state.tx.us/avarchive/ramav.php?ram=%5B%2700003740%27%5D While that may not appear to be too big of a deal the real issue comes into play when using that exportFuzzableRequests file as the discovery for a subsequent audit. The original throws a sql injection issue. The latter does not. As a work around I can do a search and replace for the %5B%27 and %27%5D strings in the exportFuzzableRequests file to revert back to what the original was, but is there a w3af config. setting so that the requests written to the exportFuzzableRequests file remain exactly like the original without the added encoded characters? I am running w3af-1.0-rc3 (version 1.1 revision 3460) on windows. Thanks, Daniel
------------------------------------------------------------------------------
_______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
