Philip,
Please read inline,
On Tue, Dec 21, 2010 at 5:49 PM, philip hartlieb
<philip.hartl...@us.army.mil> wrote:
> Hello,
>
> I was able to push my discovery results to a file using the export fuzzable
> requests option in misc settings.
Cool,
> The file name is a simple "date_name". There is no .txt or .csv extension.
Ok,
> I now want to suck the csv file into the next "audit" using the importResults
> plugin.
>
> I've enabled the xss and importResults plugins only.
>
> I've tried placing the csv file in the root w3af directory so all I need to
> script is "set input_csv filename" when configuring importResults.
>
> No luck.
>
> I've also tried placing the file elsewhere on the file system and scripting "
> set input_csv /full/path/to/filename "
>
> Each time I get a "No target specified" error.
Are you specifying the target? :) I know it might be
counter-intuitive, but even when importing results from a file you
need to specify the target in w3af.
> I know that I am incorrectly assuming that no target needs to be specified
> when using the importResults option.
Cool,
> Can anyone comment on what needs to go in the "set target" directive when
> using the importResults plugin?
Its a generic check that we perform. In 99% of the cases it makes
sense to have a target, you've found the case in which its not needed
:)
> Do I need to specify the path here as well? What would be the format?
In the target you would put "http://target-web-application.com/"; .
If you only enable the importResults plugin, no URLs out from the ones
specified in the file should be crawled / injected.
> Thank you,
>
> -pjh
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Forrester recently released a report on the Return on Investment (ROI) of
> Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
> within 7 months. Over 3 million businesses have gone Google with Google Apps:
> an online email calendar, and document program that's accessible from your
> browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
