Carlos,
I tried for a while to see if I could fix that error of the kb...
failed to. It seems to be an issue with nose, how tests are run using
eval(), and the "kb singleton" that we use.
Anyway, I just commited your code to the trunk [0]. Thank you so
much for the excellent work on this plugin! Keep them coming ;)
[0] https://sourceforge.net/apps/trac/w3af/changeset/4424
Regards,
On Mon, Sep 12, 2011 at 2:50 PM, Carlos Pantelides
<[email protected]> wrote:
> Andres:
>
> With some delay, here is a(n almost fully) tested version. The only problem
> it already has is the last test, at line 125.
>
> Carlos Pantelides
>
> -----------------
>
> http://seguridad-agile.blogspot.com/
>
>
> --- On Tue, 7/19/11, Andres Riancho <[email protected]> wrote:
>
>> From: Andres Riancho <[email protected]>
>> Subject: Re: [W3af-users] symfony plugin
>> To: "Carlos Pantelides" <[email protected]>
>> Cc: [email protected], "w3af" <[email protected]>
>> Date: Tuesday, July 19, 2011, 4:19 PM
>> Carlos,
>>
>> On Tue, Jul 19, 2011 at 11:28 AM, Carlos Pantelides
>> <[email protected]>
>> wrote:
>> >> > How can I ask if a cookie is set?
>> >>
>> >> Not sure if there is a "clean" way of asking
>> xUrllib
>> >> if in the next request it will send a cookie or
>> not
>> >> (also, it depends on the request you make, since
>> cookies
>> >> might be restricted to a path).
>> >
>> >> What you could do, is to have two parts of the
>> plugin,
>> >> one to analyse all responses until you see a
>> set-cookie
>> >> and set an attribute like self._cookie_sent to
>> True;
>> >> and the second part (which will run only when
>> >> _cookie_sent is True?!) that analyses forms.
>> >
>> > ok, in august I'll spend some time. I've attached a
>> new version with cosmetic changes.
>>
>> The code looks cleaner now, thanks.
>>
>> >> >> Where can I test this plugin?
>> >
>> > These two sites are taken "from the manual", they both
>> use a cookie with symfony=.... The first one has csrf
>> activated, the other one no.
>> >
>> > http slash slash bkdjombang dot com
>> >
>> > http slash slash www dot katrinjuntke dot ch slash
>> kontakt
>> >
>> > There are a lot of other sites that changed the
>> cookie, like
>> >
>> > http slash slash level 7 systems dot co dot uk slash
>> en slash contact-us
>> >
>> > https slash slash ssl7 dot net slash websitechat dot
>> net slash login
>> >
>> > that have the csrf form protection disabled, but
>> perhaps has moved it to a cookie. Anyway, they are
>> undetectable as symfony. That narrows the utility of the
>> plugin, thumbs up for symfony! (and the developers that
>> change the defaults, but, we are not sure that they really
>> run symfony...)
>> >
>> > I took the sites from http://www.appliedstacks.com/NewestFirst/Symfony
>>
>> I'll wait until you've performed your testing before
>> performing mine,
>> so I get a more finished version. I'll bother you again in
>> 15 days to
>> see if you were able to test it in detail :)
>>
>> >
>> >> > Charli
>>
>>
>>
>> --
>> Andrés Riancho
>> Director of Web Security at Rapid7 LLC
>> Founder at Bonsai Information Security
>> Project Leader at w3af
>>
> ------------------------------------------------------------------------------
> Doing More with Less: The Next Generation Virtual Desktop
> What are the key obstacles that have prevented many mid-market businesses
> from deploying virtual desktops? How do next-generation virtual desktops
> provide companies an easier-to-deploy, easier-to-manage and more affordable
> virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops? How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
