Hi all,
I am using w3af to test the effectiveness of IPS rules. I'm using Snort for the
IPS. My problem is that the Snort rules are effective, but w3af doesn't like
dropped requests. Here's what I think is happening.
1. w3af uses Spiderman to find all the possible points of injection. Some are
protected by Snort but Snort drops requests only if it sees the payload.
2. w3af tries to deliver its payload to locations it knows exists.
3. w3af throws a "Too many retries" error when the page is not returned.
Is there any way to get around this? I have tried setting maxRetrys to 0 and
commenting out the code that throws the "Too many retries" error in
w3afCore.py, and the program still dies in both cases, I think because there
are redundant checks to see if things are stalled. When the error is commented
out a line in xUrllib.py throws a KeyboardInterrupt from a method called
_sleepIfPausedDieIfStopped.
I am not developing w3af and I do not know Python well so I don't fully
understand how most of the code works. Any help would be much appreciated!
Thanks,
Mac
------------------------------------------------------------------------------
Fulfilling the Lean Software Promise
Lean software platforms are now widely adopted and the benefits have been
demonstrated beyond question. Learn why your peers are replacing JEE
containers with lightweight application servers - and what you can gain
from the move. http://p.sf.net/sfu/vmware-sfemails
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
