Hi Andres,
Yes i do accept the SSL certificate. The first time i try to connect to
the website i want to test. I then accept the pop up but for some reason i
dont see the web page content at all in my browser window. It is like
blank. Btw, i am working remotely today so am using the windows version of
w3af.
I am now suspecting there might be something in my browser settings that
is not showing the info because i dont see the SSL error.
Thanks,
Usman
Here is what i see in the dialog box.
Starting w3af, running on:
Python version:
2.6.6 (r266:84297, Aug 24 2010, 18:46:32) [MSC v.1500 32 bit (Intel)]
GTK version: 2.22.0
PyGTK version: 2.22.0
w3af - Web Application Attack and Audit Framework
Version: 1.1 (from SVN server)
Revision: 4334
Author: Andres Riancho and the w3af team.
Exiting setOutputPlugins()
Auto-enabling plugin: grep.collectCookies
Auto-enabling plugin: grep.httpAuthDetect
Called w3afCore.start()
Called buildOpeners
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 1
DNS response from DNS server for domain: publishers.mobilestore.opera.com
GET http://publishers.mobilestore.opera.com returned HTTP code "200" - id:
1
Starting "collectCookies" grep_worker for response: < httpResponse | 200 |
http:
//publishers.mobilestore.opera.com | id:1 >
Finished grep_worker for response: < httpResponse | 200 |
http://publishers.mobi
lestore.opera.com | id:1 >
Starting "httpAuthDetect" grep_worker for response: < httpResponse | 200 |
http:
//publishers.mobilestore.opera.com | id:1 >
Finished grep_worker for response: < httpResponse | 200 |
http://publishers.mobi
lestore.opera.com | id:1 >
[thread manager] Successfully added function to threadpool. Work queue
size: 1
[thread manager] Successfully added function to threadpool. Work queue
size: 2
[thread manager] Successfully added function to threadpool. Work queue
size: 3
[thread manager] Successfully added function to threadpool. Work queue
size: 4
[thread manager] Successfully added function to threadpool. Work queue
size: 5
[thread manager] Successfully added function to threadpool. Work queue
size: 6
[thread manager] Successfully added function to threadpool. Work queue
size: 7
[thread manager] Successfully added function to threadpool. Work queue
size: 8
[thread manager] Successfully added function to threadpool. Work queue
size: 9
[thread manager] Successfully added function to threadpool. Work queue
size: 10
[thread manager] Successfully added function to threadpool. Work queue
size: 11
[thread manager] Successfully added function to threadpool. Work queue
size: 12
[thread manager] Successfully added function to threadpool. Work queue
size: 13
[thread manager] Successfully added function to threadpool. Work queue
size: 14
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 2
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 3
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 4
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 5
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 6
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 7
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 8
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 9
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 10
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 11
Cached DNS response for domain: publishers.mobilestore.opera.com
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 12
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 13
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com"]): 14
Cached DNS response for domain: publishers.mobilestore.opera.com
GET http://publishers.mobilestore.opera.com/InVVdgqa. returned HTTP code
"404" -
id: 2
No grep for: "http://publishers.mobilestore.opera.com/InVVdgqa.";, the
plugin sen
t grepResult=False.
GET http://publishers.mobilestore.opera.com/bO2EB44D.htm returned HTTP
code "404
" - id: 4
No grep for: "http://publishers.mobilestore.opera.com/bO2EB44D.htm";, the
plugin
sent grepResult=False.
GET http://publishers.mobilestore.opera.com/OwlR5Q5b.do returned HTTP code
"404"
- id: 3
GET http://publishers.mobilestore.opera.com/C9T17Hy1.asp returned HTTP
code "404
" - id: 7
No grep for: "http://publishers.mobilestore.opera.com/OwlR5Q5b.do";, the
plugin s
ent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/C9T17Hy1.asp";, the
plugin
sent grepResult=False.
GET http://publishers.mobilestore.opera.com/jPSu2zJ2.xhtml returned HTTP
code "4
04" - id: 14
GET http://publishers.mobilestore.opera.com/8hK1Sdg4.cgi returned HTTP
code "404
" - id: 10
GET http://publishers.mobilestore.opera.com/dLPTmiYl.aspx returned HTTP
code "40
4" - id: 13
GET http://publishers.mobilestore.opera.com/gNUGVX4t.pl returned HTTP code
"404"
- id: 15
GET http://publishers.mobilestore.opera.com/ag0pmzY2.rb returned HTTP code
"404"
- id: 12
GET http://publishers.mobilestore.opera.com/2dmLFocr.jsp returned HTTP
code "404
" - id: 9
GET http://publishers.mobilestore.opera.com/zE3DX3E6.gif returned HTTP
code "404
" - id: 5
GET http://publishers.mobilestore.opera.com/vT5hOQSX.py returned HTTP code
"404"
- id: 6
GET http://publishers.mobilestore.opera.com/UMr170OE.htmls returned HTTP
code "4
04" - id: 8
No grep for: "http://publishers.mobilestore.opera.com/jPSu2zJ2.xhtml";, the
plugi
n sent grepResult=False.
GET http://publishers.mobilestore.opera.com/FrT5c9xj.php returned HTTP
code "404
" - id: 11
No grep for: "http://publishers.mobilestore.opera.com/8hK1Sdg4.cgi";, the
plugin
sent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/dLPTmiYl.aspx";, the
plugin
sent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/gNUGVX4t.pl";, the
plugin s
ent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/2dmLFocr.jsp";, the
plugin
sent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/ag0pmzY2.rb";, the
plugin s
ent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/zE3DX3E6.gif";, the
plugin
sent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/vT5hOQSX.py";, the
plugin s
ent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/UMr170OE.htmls";, the
plugi
n sent grepResult=False.
No grep for: "http://publishers.mobilestore.opera.com/FrT5c9xj.php";, the
plugin
sent grepResult=False.
The 404 body result database has a length of 1.
"http://publishers.mobilestore.opera.com"; is NOT a 404. [similarity_index
< 0.9]
Called _discoverWorker()
Starting plugin: spiderMan
Changing socket options of ProxyServer to (socket.SOL_SOCKET,
socket.SO_REUSEADD
R, 1)
spiderMan proxy is running on 127.0.0.1:44444.
Please configure your browser to use these proxy settings and navigate the
targe
t site.
To exit spiderMan plugin please navigate to
http://127.7.7.7/spiderMan?terminate
.
Using proxy handler: <function constructor at 0x0852E1F0>
Proxy server listening on 127.0.0.1:44444
The user is navigating through the spiderMan proxy.
[spiderMan] Handling request: GET http://publishers.mobilestore.opera.com/
Trapped fuzzable requests:
http://publishers.mobilestore.opera.com/ | Method: GET
keepalive: removed one connection,
len(self._hostmap["publishers.mobilestore.ope
ra.com"]): 13
keepalive: replacing bad connection with a new one
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: removed one connection,
len(self._hostmap["publishers.mobilestore.ope
ra.com"]): 13
GET http://publishers.mobilestore.opera.com/ returned HTTP code "200" -
id: 16
Starting "collectCookies" grep_worker for response: < httpResponse | 200 |
http:
//publishers.mobilestore.opera.com/ | id:16 >
Finished grep_worker for response: < httpResponse | 200 |
http://publishers.mobi
lestore.opera.com/ | id:16 >
Starting "httpAuthDetect" grep_worker for response: < httpResponse | 200 |
http:
//publishers.mobilestore.opera.com/ | id:16 >
Finished grep_worker for response: < httpResponse | 200 |
http://publishers.mobi
lestore.opera.com/ | id:16 >
The remote web application sent the following cookie: "SMI_DEV=true".
w3af will use it during the rest of the process in order to maintain the
session
.
Local proxy daemon handling request: cosmicrhythm-PC - "GET
http://publishers.mo
bilestore.opera.com/ HTTP/1.0" 200 -
[spiderMan] Handling request: GET
http://sitecheck2.opera.com/?host=publishers.m
obilestore.opera.com&hdn=tu1q8ZuAl6GfEjAG/OHErQ==
http://sitecheck2.opera.com/ | Method: GET
keepalive: added one connection,
len(self._hostmap["sitecheck2.opera.com"]): 1
DNS response from DNS server for domain: sitecheck2.opera.com
keepalive: removed one connection,
len(self._hostmap["sitecheck2.opera.com"]): 0
GET
http://sitecheck2.opera.com/?host=publishers.mobilestore.opera.com&hdn=tu1q8
ZuAl6GfEjAG/OHErQ== returned HTTP code "200" - id: 17
No grep for:
http://sitecheck2.opera.com/?host=publishers.mobilestore.opera.com&;
hdn=tu1q8ZuAl6GfEjAG/OHErQ==, the plugin sent grepResult=False.
Local proxy daemon handling request: cosmicrhythm-PC - "GET
http://sitecheck2.op
era.com/?host=publishers.mobilestore.opera.com&hdn=tu1q8ZuAl6GfEjAG/OHErQ==
HTTP
/1.0" 200 -
[spiderMan] Handling request: GET
http://publishers.mobilestore.opera.com/favico
n.ico
http://publishers.mobilestore.opera.com/favicon.ico | Method: GET
keepalive: removed one connection,
len(self._hostmap["publishers.mobilestore.ope
ra.com"]): 12
keepalive: replacing bad connection with a new one
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: removed one connection,
len(self._hostmap["publishers.mobilestore.ope
ra.com"]): 12
GET http://publishers.mobilestore.opera.com/favicon.ico returned HTTP code
"404"
- id: 18
Starting "collectCookies" grep_worker for response: < httpResponse | 404 |
http:
//publishers.mobilestore.opera.com/favicon.ico | id:18 >
Finished grep_worker for response: < httpResponse | 404 |
http://publishers.mobi
lestore.opera.com/favicon.ico | id:18 >
Starting "httpAuthDetect" grep_worker for response: < httpResponse | 404 |
http:
//publishers.mobilestore.opera.com/favicon.ico | id:18 >
Finished grep_worker for response: < httpResponse | 404 |
http://publishers.mobi
lestore.opera.com/favicon.ico | id:18 >
Local proxy daemon handling request: cosmicrhythm-PC - "GET
http://publishers.mo
bilestore.opera.com/favicon.ico HTTP/1.0" 404 -
Local proxy daemon handling request: cosmicrhythm-PC - "CONNECT
publishers.mobil
estore.opera.com:443 HTTP/1.0" 200 -
SSL 'self.connection' connection state=before/accept initialization
[spiderMan] Handling request: GET http:///
https://publishers.mobilestore.opera.com:443/ | Method: GET
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com:443"]): 1
DNS response from DNS server for domain: publishers.mobilestore.opera.com
keepalive: removed one connection,
len(self._hostmap["publishers.mobilestore.ope
ra.com:443"]): 0
GET https://publishers.mobilestore.opera.com:443/ returned HTTP code "200"
- id:
19
No grep for: https://publishers.mobilestore.opera.com:443/, the plugin
sent grep
Result=False.
The remote web application sent the following cookie: "SMI_DEV=true".
w3af will use it during the rest of the process in order to maintain the
session
.
Local proxy daemon handling request: cosmicrhythm-PC - "GET / HTTP/1.1"
200 -
Closing browser-proxy and proxy-site connections.
Local proxy daemon handling request: cosmicrhythm-PC - "CONNECT
publishers.mobil
estore.opera.com:443 HTTP/1.0" 200 -
SSL 'self.connection' connection state=before/accept initialization
[spiderMan] Handling request: GET http:///favicon.ico
https://publishers.mobilestore.opera.com:443/favicon.ico | Method: GET
keepalive: added one connection,
len(self._hostmap["publishers.mobilestore.opera
.com:443"]): 1
Cached DNS response for domain: publishers.mobilestore.opera.com
keepalive: removed one connection,
len(self._hostmap["publishers.mobilestore.ope
ra.com:443"]): 0
GET https://publishers.mobilestore.opera.com:443/favicon.ico returned HTTP
code
"404" - id: 20
No grep for: "https://publishers.mobilestore.opera.com:443/favicon.ico";,
the plu
gin sent grepResult=False.
Local proxy daemon handling request: cosmicrhythm-PC - "GET /favicon.ico
HTTP/1.
1" 404 -
Closing browser-proxy and proxy-site connections.
> Usman,
>
> Is your browser showing you an SSL certificate generated by w3af,
> and you're accepting?
>
> Regards,
>
> On Wed, Jun 22, 2011 at 11:02 AM, Usman Waheed <[email protected]> wrote:
>> Hi,
>>
>> For some reason when i use the Spiderman + WebSpider plugins i get the
>> following error message noted below.
>> Looks like some certificate error, any clues on what i might be doing
>> wrong here? The browser does not display any info when i try to load the
>> target website.
>>
>> Thanks,
>> Usman
>>
>>
>> Asking the user about the invalid w3af MITM certificate. He must accept
>> it.
>> Catched SSL.Error in do_CONNECT(): [('SSL routines', 'SSL23_READ', 'ssl
>> handshake failure')]
>> Closing browser-proxy and proxy-site connections.
>> Local proxy daemon handling request: localhost - "CONNECT
>> publishers.mobilestore.opera.com:443 HTTP/1.1" 200 -
>> SSL 'self.connection' connection state=before/accept initialization
>> Asking the user about the invalid w3af MITM certificate. He must accept
>> it.
>> Catched SSL.Error in do_CONNECT(): [('SSL routines', 'SSL23_READ', 'ssl
>> handshake failure')]
>> Closing browser-proxy and proxy-site connections.
>> Local proxy daemon handling request: localhost - "CONNECT
>> publishers.mobilestore.opera.com:443 HTTP/1.1" 200 -
>> SSL 'self.connection' connection state=before/accept initialization
>> Asking the user about the invalid w3af MITM certificate. He must accept
>> it.
>> Catched SSL.Error in do_CONNECT(): [('SSL routines', 'SSL23_READ', 'ssl
>> handshake failure')]
>> Closing browser-proxy and proxy-site connections.
>>
>>
>>
>> --
>> Using Opera's revolutionary email client: http://www.opera.com/mail/
>>
>> ------------------------------------------------------------------------------
>> Simplify data backup and recovery for your virtual environment with
>> vRanger.
>> Installation's a snap, and flexible recovery options mean your data is
>> safe,
>> secure and there when you need it. Data protection magic?
>> Nope - It's vRanger. Get your free trial download today.
>> http://p.sf.net/sfu/quest-sfdev2dev
>> _______________________________________________
>> W3af-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>>
>
>
>
--
Using Opera's revolutionary email client: http://www.opera.com/mail/
------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
![http://publishers.mobilestore.opera.com/zE3DX3E6.gif"](http://publishers.mobilestore.opera.com/zE3DX3E6.gif"){kind=link}