Carlos, On Tue, Jul 19, 2011 at 4:19 PM, Andres Riancho <[email protected]> wrote: > Carlos, > > On Tue, Jul 19, 2011 at 11:28 AM, Carlos Pantelides > <[email protected]> wrote: >>> > How can I ask if a cookie is set? >>> >>> Not sure if there is a "clean" way of asking xUrllib >>> if in the next request it will send a cookie or not >>> (also, it depends on the request you make, since cookies >>> might be restricted to a path). >> >>> What you could do, is to have two parts of the plugin, >>> one to analyse all responses until you see a set-cookie >>> and set an attribute like self._cookie_sent to True; >>> and the second part (which will run only when >>> _cookie_sent is True?!) that analyses forms. >> >> ok, in august I'll spend some time. I've attached a new version with >> cosmetic changes. > > The code looks cleaner now, thanks. > >>> >> Where can I test this plugin? >> >> These two sites are taken "from the manual", they both use a cookie with >> symfony=.... The first one has csrf activated, the other one no. >> >> http slash slash bkdjombang dot com >> >> http slash slash www dot katrinjuntke dot ch slash kontakt >> >> There are a lot of other sites that changed the cookie, like >> >> http slash slash level 7 systems dot co dot uk slash en slash contact-us >> >> https slash slash ssl7 dot net slash websitechat dot net slash login >> >> that have the csrf form protection disabled, but perhaps has moved it to a >> cookie. Anyway, they are undetectable as symfony. That narrows the utility >> of the plugin, thumbs up for symfony! (and the developers that change the >> defaults, but, we are not sure that they really run symfony...) >> >> I took the sites from http://www.appliedstacks.com/NewestFirst/Symfony > > I'll wait until you've performed your testing before performing mine, > so I get a more finished version. I'll bother you again in 15 days to > see if you were able to test it in detail :)
Ahá! I remembered this email! :) [0] . Were you able to spend some quality time with the plugin? ;) [0] Not really, I use www.rememberthemilk.com for these types of things. >> >>> > Charli > > > > -- > Andrés Riancho > Director of Web Security at Rapid7 LLC > Founder at Bonsai Information Security > Project Leader at w3af > -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
