Hi Andres, Thanks for checking. I will try with Firefox and see, it could be the Opera browser is doing something funky.
Cheers, Usman > Usman, > > Just tested, works for me using w3af revision 4346 and firefox > 3.6.18 > > On Thu, Jun 23, 2011 at 2:26 AM, Usman Waheed <[email protected]> wrote: >> Hi Andres, >> >> Yes i do accept the SSL certificate. The first time i try to connect to >> the >> website i want to test. I then accept the pop up but for some reason i >> dont >> see the web page content at all in my browser window. It is like blank. >> Btw, >> i am working remotely today so am using the windows version of w3af. >> >> I am now suspecting there might be something in my browser settings >> that is >> not showing the info because i dont see the SSL error. >> >> Thanks, >> Usman >> >> Here is what i see in the dialog box. >> >> Starting w3af, running on: >> Python version: >> 2.6.6 (r266:84297, Aug 24 2010, 18:46:32) [MSC v.1500 32 bit (Intel)] >> GTK version: 2.22.0 >> PyGTK version: 2.22.0 >> >> w3af - Web Application Attack and Audit Framework >> Version: 1.1 (from SVN server) >> Revision: 4334 >> Author: Andres Riancho and the w3af team. >> Exiting setOutputPlugins() >> Auto-enabling plugin: grep.collectCookies >> Auto-enabling plugin: grep.httpAuthDetect >> Called w3afCore.start() >> Called buildOpeners >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 1 >> DNS response from DNS server for domain: >> publishers.mobilestore.opera.com >> GET http://publishers.mobilestore.opera.com returned HTTP code "200" - >> id: 1 >> Starting "collectCookies" grep_worker for response: < httpResponse | >> 200 | >> http: >> //publishers.mobilestore.opera.com | id:1 > >> Finished grep_worker for response: < httpResponse | 200 | >> http://publishers.mobi >> lestore.opera.com | id:1 > >> Starting "httpAuthDetect" grep_worker for response: < httpResponse | >> 200 | >> http: >> //publishers.mobilestore.opera.com | id:1 > >> Finished grep_worker for response: < httpResponse | 200 | >> http://publishers.mobi >> lestore.opera.com | id:1 > >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 1 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 2 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 3 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 4 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 5 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 6 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 7 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 8 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 9 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 10 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 11 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 12 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 13 >> [thread manager] Successfully added function to threadpool. Work queue >> size: >> 14 >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 2 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 3 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 4 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 5 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 6 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 7 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 8 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 9 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 10 >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 11 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 12 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 13 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com"]): 14 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> GET http://publishers.mobilestore.opera.com/InVVdgqa. returned HTTP code >> "404" - >> id: 2 >> No grep for: "http://publishers.mobilestore.opera.com/InVVdgqa.";, the >> plugin >> sen >> t grepResult=False. >> GET http://publishers.mobilestore.opera.com/bO2EB44D.htm returned HTTP >> code >> "404 >> " - id: 4 >> No grep for: "http://publishers.mobilestore.opera.com/bO2EB44D.htm";, the >> plugin >> sent grepResult=False. >> GET http://publishers.mobilestore.opera.com/OwlR5Q5b.do returned HTTP >> code >> "404" >> - id: 3 >> GET http://publishers.mobilestore.opera.com/C9T17Hy1.asp returned HTTP >> code >> "404 >> " - id: 7 >> No grep for: "http://publishers.mobilestore.opera.com/OwlR5Q5b.do";, the >> plugin s >> ent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/C9T17Hy1.asp";, the >> plugin >> sent grepResult=False. >> GET http://publishers.mobilestore.opera.com/jPSu2zJ2.xhtml returned HTTP >> code "4 >> 04" - id: 14 >> GET http://publishers.mobilestore.opera.com/8hK1Sdg4.cgi returned HTTP >> code >> "404 >> " - id: 10 >> GET http://publishers.mobilestore.opera.com/dLPTmiYl.aspx returned HTTP >> code >> "40 >> 4" - id: 13 >> GET http://publishers.mobilestore.opera.com/gNUGVX4t.pl returned HTTP >> code >> "404" >> - id: 15 >> GET http://publishers.mobilestore.opera.com/ag0pmzY2.rb returned HTTP >> code >> "404" >> - id: 12 >> GET http://publishers.mobilestore.opera.com/2dmLFocr.jsp returned HTTP >> code >> "404 >> " - id: 9 >> GET http://publishers.mobilestore.opera.com/zE3DX3E6.gif returned HTTP >> code >> "404 >> " - id: 5 >> GET http://publishers.mobilestore.opera.com/vT5hOQSX.py returned HTTP >> code >> "404" >> - id: 6 >> GET http://publishers.mobilestore.opera.com/UMr170OE.htmls returned HTTP >> code "4 >> 04" - id: 8 >> No grep for: "http://publishers.mobilestore.opera.com/jPSu2zJ2.xhtml";, >> the >> plugi >> n sent grepResult=False. >> GET http://publishers.mobilestore.opera.com/FrT5c9xj.php returned HTTP >> code >> "404 >> " - id: 11 >> No grep for: "http://publishers.mobilestore.opera.com/8hK1Sdg4.cgi";, the >> plugin >> sent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/dLPTmiYl.aspx";, >> the >> plugin >> sent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/gNUGVX4t.pl";, the >> plugin s >> ent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/2dmLFocr.jsp";, the >> plugin >> sent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/ag0pmzY2.rb";, the >> plugin s >> ent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/zE3DX3E6.gif";, the >> plugin >> sent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/vT5hOQSX.py";, the >> plugin s >> ent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/UMr170OE.htmls";, >> the >> plugi >> n sent grepResult=False. >> No grep for: "http://publishers.mobilestore.opera.com/FrT5c9xj.php";, the >> plugin >> sent grepResult=False. >> The 404 body result database has a length of 1. >> "http://publishers.mobilestore.opera.com"; is NOT a 404. >> [similarity_index < >> 0.9] >> >> Called _discoverWorker() >> Starting plugin: spiderMan >> Changing socket options of ProxyServer to (socket.SOL_SOCKET, >> socket.SO_REUSEADD >> R, 1) >> spiderMan proxy is running on 127.0.0.1:44444. >> Please configure your browser to use these proxy settings and navigate >> the >> targe >> t site. >> To exit spiderMan plugin please navigate to >> http://127.7.7.7/spiderMan?terminate >> . >> Using proxy handler: <function constructor at 0x0852E1F0> >> Proxy server listening on 127.0.0.1:44444 >> The user is navigating through the spiderMan proxy. >> [spiderMan] Handling request: GET >> http://publishers.mobilestore.opera.com/ >> Trapped fuzzable requests: >> http://publishers.mobilestore.opera.com/ | Method: GET >> keepalive: removed one connection, >> len(self._hostmap["publishers.mobilestore.ope >> ra.com"]): 13 >> keepalive: replacing bad connection with a new one >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: removed one connection, >> len(self._hostmap["publishers.mobilestore.ope >> ra.com"]): 13 >> GET http://publishers.mobilestore.opera.com/ returned HTTP code "200" - >> id: >> 16 >> Starting "collectCookies" grep_worker for response: < httpResponse | >> 200 | >> http: >> //publishers.mobilestore.opera.com/ | id:16 > >> Finished grep_worker for response: < httpResponse | 200 | >> http://publishers.mobi >> lestore.opera.com/ | id:16 > >> Starting "httpAuthDetect" grep_worker for response: < httpResponse | >> 200 | >> http: >> //publishers.mobilestore.opera.com/ | id:16 > >> Finished grep_worker for response: < httpResponse | 200 | >> http://publishers.mobi >> lestore.opera.com/ | id:16 > >> The remote web application sent the following cookie: "SMI_DEV=true". >> w3af will use it during the rest of the process in order to maintain the >> session >> . >> Local proxy daemon handling request: cosmicrhythm-PC - "GET >> http://publishers.mo >> bilestore.opera.com/ HTTP/1.0" 200 - >> [spiderMan] Handling request: GET >> http://sitecheck2.opera.com/?host=publishers.m >> obilestore.opera.com&hdn=tu1q8ZuAl6GfEjAG/OHErQ== >> http://sitecheck2.opera.com/ | Method: GET >> keepalive: added one connection, >> len(self._hostmap["sitecheck2.opera.com"]): >> 1 >> DNS response from DNS server for domain: sitecheck2.opera.com >> keepalive: removed one connection, >> len(self._hostmap["sitecheck2.opera.com"]): 0 >> >> GET >> http://sitecheck2.opera.com/?host=publishers.mobilestore.opera.com&hdn=tu1q8 >> ZuAl6GfEjAG/OHErQ== returned HTTP code "200" - id: 17 >> No grep for: >> http://sitecheck2.opera.com/?host=publishers.mobilestore.opera.com&; >> hdn=tu1q8ZuAl6GfEjAG/OHErQ==, the plugin sent grepResult=False. >> Local proxy daemon handling request: cosmicrhythm-PC - "GET >> http://sitecheck2.op >> era.com/?host=publishers.mobilestore.opera.com&hdn=tu1q8ZuAl6GfEjAG/OHErQ== >> HTTP >> /1.0" 200 - >> [spiderMan] Handling request: GET >> http://publishers.mobilestore.opera.com/favico >> n.ico >> http://publishers.mobilestore.opera.com/favicon.ico | Method: GET >> keepalive: removed one connection, >> len(self._hostmap["publishers.mobilestore.ope >> ra.com"]): 12 >> keepalive: replacing bad connection with a new one >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: removed one connection, >> len(self._hostmap["publishers.mobilestore.ope >> ra.com"]): 12 >> GET http://publishers.mobilestore.opera.com/favicon.ico returned HTTP >> code >> "404" >> - id: 18 >> Starting "collectCookies" grep_worker for response: < httpResponse | >> 404 | >> http: >> //publishers.mobilestore.opera.com/favicon.ico | id:18 > >> Finished grep_worker for response: < httpResponse | 404 | >> http://publishers.mobi >> lestore.opera.com/favicon.ico | id:18 > >> Starting "httpAuthDetect" grep_worker for response: < httpResponse | >> 404 | >> http: >> //publishers.mobilestore.opera.com/favicon.ico | id:18 > >> Finished grep_worker for response: < httpResponse | 404 | >> http://publishers.mobi >> lestore.opera.com/favicon.ico | id:18 > >> Local proxy daemon handling request: cosmicrhythm-PC - "GET >> http://publishers.mo >> bilestore.opera.com/favicon.ico HTTP/1.0" 404 - >> Local proxy daemon handling request: cosmicrhythm-PC - "CONNECT >> publishers.mobil >> estore.opera.com:443 HTTP/1.0" 200 - >> SSL 'self.connection' connection state=before/accept initialization >> [spiderMan] Handling request: GET http:/// >> https://publishers.mobilestore.opera.com:443/ | Method: GET >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com:443"]): 1 >> DNS response from DNS server for domain: >> publishers.mobilestore.opera.com >> keepalive: removed one connection, >> len(self._hostmap["publishers.mobilestore.ope >> ra.com:443"]): 0 >> GET https://publishers.mobilestore.opera.com:443/ returned HTTP code >> "200" - >> id: >> 19 >> No grep for: https://publishers.mobilestore.opera.com:443/, the plugin >> sent >> grep >> Result=False. >> The remote web application sent the following cookie: "SMI_DEV=true". >> w3af will use it during the rest of the process in order to maintain the >> session >> . >> Local proxy daemon handling request: cosmicrhythm-PC - "GET / HTTP/1.1" >> 200 >> - >> Closing browser-proxy and proxy-site connections. >> Local proxy daemon handling request: cosmicrhythm-PC - "CONNECT >> publishers.mobil >> estore.opera.com:443 HTTP/1.0" 200 - >> SSL 'self.connection' connection state=before/accept initialization >> [spiderMan] Handling request: GET http:///favicon.ico >> https://publishers.mobilestore.opera.com:443/favicon.ico | Method: GET >> keepalive: added one connection, >> len(self._hostmap["publishers.mobilestore.opera >> .com:443"]): 1 >> Cached DNS response for domain: publishers.mobilestore.opera.com >> keepalive: removed one connection, >> len(self._hostmap["publishers.mobilestore.ope >> ra.com:443"]): 0 >> GET https://publishers.mobilestore.opera.com:443/favicon.ico returned >> HTTP >> code >> "404" - id: 20 >> No grep for: >> "https://publishers.mobilestore.opera.com:443/favicon.ico";, the >> plu >> gin sent grepResult=False. >> Local proxy daemon handling request: cosmicrhythm-PC - "GET /favicon.ico >> HTTP/1. >> 1" 404 - >> Closing browser-proxy and proxy-site connections. >> >> >> >> >> >> >> >>> Usman, >>> >>> Is your browser showing you an SSL certificate generated by w3af, >>> and you're accepting? >>> >>> Regards, >>> >>> On Wed, Jun 22, 2011 at 11:02 AM, Usman Waheed <[email protected]> >>> wrote: >>>> >>>> Hi, >>>> >>>> For some reason when i use the Spiderman + WebSpider plugins i get the >>>> following error message noted below. >>>> Looks like some certificate error, any clues on what i might be doing >>>> wrong here? The browser does not display any info when i try to load >>>> the >>>> target website. >>>> >>>> Thanks, >>>> Usman >>>> >>>> >>>> Asking the user about the invalid w3af MITM certificate. He must >>>> accept >>>> it. >>>> Catched SSL.Error in do_CONNECT(): [('SSL routines', 'SSL23_READ', >>>> 'ssl >>>> handshake failure')] >>>> Closing browser-proxy and proxy-site connections. >>>> Local proxy daemon handling request: localhost - "CONNECT >>>> publishers.mobilestore.opera.com:443 HTTP/1.1" 200 - >>>> SSL 'self.connection' connection state=before/accept initialization >>>> Asking the user about the invalid w3af MITM certificate. He must >>>> accept >>>> it. >>>> Catched SSL.Error in do_CONNECT(): [('SSL routines', 'SSL23_READ', >>>> 'ssl >>>> handshake failure')] >>>> Closing browser-proxy and proxy-site connections. >>>> Local proxy daemon handling request: localhost - "CONNECT >>>> publishers.mobilestore.opera.com:443 HTTP/1.1" 200 - >>>> SSL 'self.connection' connection state=before/accept initialization >>>> Asking the user about the invalid w3af MITM certificate. He must >>>> accept >>>> it. >>>> Catched SSL.Error in do_CONNECT(): [('SSL routines', 'SSL23_READ', >>>> 'ssl >>>> handshake failure')] >>>> Closing browser-proxy and proxy-site connections. >>>> >>>> >>>> >>>> -- >>>> Using Opera's revolutionary email client: http://www.opera.com/mail/ >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Simplify data backup and recovery for your virtual environment with >>>> vRanger. >>>> Installation's a snap, and flexible recovery options mean your data is >>>> safe, >>>> secure and there when you need it. Data protection magic? >>>> Nope - It's vRanger. Get your free trial download today. >>>> http://p.sf.net/sfu/quest-sfdev2dev >>>> _______________________________________________ >>>> W3af-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>>> >>> >>> >>> >> >> >> -- >> Using Opera's revolutionary email client: http://www.opera.com/mail/ >> > > > -- Using Opera's revolutionary email client: http://www.opera.com/mail/ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
![http://publishers.mobilestore.opera.com/zE3DX3E6.gif"](http://publishers.mobilestore.opera.com/zE3DX3E6.gif"){kind=link}