Carlos,
On Tue, Jul 19, 2011 at 10:20 AM, Carlos Pantelides
<[email protected]> wrote:
> Andres:
>
>> - From reading the plugin I understand that the symfony framework
>> will send a Set-Cookie in each HTTP response that contains
>> a form. Is that correct?
>
> I thought so, but for the tone of your question... I'm not sure. Let me ask
> wireshark... no, only in the first connection. I don't know how w3af deal with
> cookies. Now I think that if w3af finds a page with a form and the cookie was
> set earlier the plugin will miss the form.
>
> How can I ask if a cookie is set?
Not sure if there is a "clean" way of asking xUrllib if in the next
request it will send a cookie or not (also, it depends on the request
you make, since cookies might be restricted to a path). What you could
do, is to have two parts of the plugin, one to analyse all responses
until you see a set-cookie and set an attribute like self._cookie_sent
to True; and the second part (which will run only when _cookie_sent is
True?!) that analyses forms.
>
>> - actions = form.xpath('//input[@id]') , I
>> would call that inputs,
>> not actions.
>
> agreed,
>
>> - def log(self, response, url, key,msg): is
>> defined but never used?
>
> missed, used for debugging
>
>> Great job :) Where can I test this plugin?
>
> answer me my question while I search a suitable site and later I will send
> the fixed version
>
>
>
>
> Charli
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
