Carlos, On Tue, Jul 19, 2011 at 11:28 AM, Carlos Pantelides <[email protected]> wrote: >> > How can I ask if a cookie is set? >> >> Not sure if there is a "clean" way of asking xUrllib >> if in the next request it will send a cookie or not >> (also, it depends on the request you make, since cookies >> might be restricted to a path). > >> What you could do, is to have two parts of the plugin, >> one to analyse all responses until you see a set-cookie >> and set an attribute like self._cookie_sent to True; >> and the second part (which will run only when >> _cookie_sent is True?!) that analyses forms. > > ok, in august I'll spend some time. I've attached a new version with cosmetic > changes.
The code looks cleaner now, thanks. >> >> Where can I test this plugin? > > These two sites are taken "from the manual", they both use a cookie with > symfony=.... The first one has csrf activated, the other one no. > > http slash slash bkdjombang dot com > > http slash slash www dot katrinjuntke dot ch slash kontakt > > There are a lot of other sites that changed the cookie, like > > http slash slash level 7 systems dot co dot uk slash en slash contact-us > > https slash slash ssl7 dot net slash websitechat dot net slash login > > that have the csrf form protection disabled, but perhaps has moved it to a > cookie. Anyway, they are undetectable as symfony. That narrows the utility of > the plugin, thumbs up for symfony! (and the developers that change the > defaults, but, we are not sure that they really run symfony...) > > I took the sites from http://www.appliedstacks.com/NewestFirst/Symfony I'll wait until you've performed your testing before performing mine, so I get a more finished version. I'll bother you again in 15 days to see if you were able to test it in detail :) > >> > Charli -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
