On Oct 18, 2011, at 9:25 PM, Andres Riancho wrote:
> Got it!
>
> What about the original bug? Were you able to get past it by doing the
> manual update?
>
Yep! Had to nuke the install directory and check out a fresh svn version, but
after that a scan finished without issue.
> On Mon, Oct 17, 2011 at 4:41 PM, Chris Clements <[email protected]>
> wrote:
> > I created a share space on our online vault with the file. Please let me
> > know if you can't get it.
> > Chris
> >
> > On Oct 17, 2011, at 2:25 PM, Andres Riancho wrote:
> >
> > Chris,
> >
> > If you've got any web server where you can upload it, please do so
> > and then send me the link. If not, any file sharing service will do.
> > Where is no private information there.
> >
> > Regards,
> >
> > On Mon, Oct 17, 2011 at 4:16 PM, Chris Clements <[email protected]>
> > wrote:
> >> The resulting bz file is ~40MB. This is too large for my email limit.
> >> What
> >> is the best way to get it to you?
> >> Chris
> >>
> >> On Oct 17, 2011, at 2:03 PM, Andres Riancho wrote:
> >>
> >> Chris,
> >>
> >> The bug your're reporting is already fixed in our SVN.
> >>
> >> This seems like the auto-update bug once again :S It seems you
> >> have the latest version, but... you actually don't. This is something
> >> related to the auto-update bug. Could you please send me your w3af
> >> installation directory in a bz2 file? I need ALL the files, including
> >> the ".svn" directories. Sending me that information will allow us to
> >> debug the auto-update bug.
> >>
> >> For fixing your installation, please use "svn co" to download the
> >> latest version from the SVN manually.
> >>
> >> Regards,
> >>
> >> On Mon, Oct 17, 2011 at 12:07 PM, Chris Clements
> >> <[email protected]> wrote:
> >>> >From w3af_console rev. 4445:
> >>>
> >>> The thread: <WorkerThread(Thread-14, started daemon 139755663562496)>
> >>> raised an exception while running the request: <bound method
> >>> webSpider._verify_reference of <plugins.discovery.webSpider.webSpider
> >>> instance at 0x39ecb00>>
> >>> Exception: The "url" parameter of setURL @ fuzzableRequest must be of
> >>> urlParser.url_object type.
> >>> Finished grep_worker for response: < httpResponse | 404 |
> >>> http://demo.testfire.net/bank/XMDws.asmx | id:245 >
> >>> Adding relative reference "http://demo.testfire.net/bank/ws.asmx"; to the
> >>> resp.
> >>> Traceback: Traceback (most recent call last):
> >>> File "/pentest/web/w3af/core/controllers/threads/threadpool.py", line
> >>> 108, in run
> >>> self.resultQueue.put( (request, request.callable(*request.args,
> >>> **request.kwds)) )
> >>> File "/pentest/web/w3af/plugins/discovery/webSpider.py", line 330, in
> >>> _verify_reference
> >>> fuzzable_request_list = self._createFuzzableRequests( resp,
> >>> request=original_request )
> >>> File
> >>> "/pentest/web/w3af/core/controllers/basePlugin/baseDiscoveryPlugin.py",
> >>> line
> >>> 63, in _createFuzzableRequests
> >>> return createFuzzableRequests( httpResponse, request, add_self )
> >>> File "/pentest/web/w3af/core/data/request/frFactory.py", line 116, in
> >>> createFuzzableRequests
> >>> wspdr.setURL( remoteMethod.getLocation() )
> >>> File "/pentest/web/w3af/core/data/request/fuzzableRequest.py", line 367,
> >>> in setURL
> >>> raise ValueError( msg )
> >>> ValueError: The "url" parameter of setURL @ fuzzableRequest must be of
> >>> urlParser.url_object type.
> >>>
> >>>
> >>> Unhandled error, traceback: Traceback (most recent call last):
> >>> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 441, in
> >>> start
> >>> self._realStart()
> >>> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 542, in
> >>> _realStart
> >>> self._fuzzableRequestList = self._discover_and_bruteforce()
> >>> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 352, in
> >>> _discover_and_bruteforce
> >>> discovered_fr_list = self._discover( tmp_list )
> >>> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 774, in
> >>> _discover
> >>> result = self._discoverWorker( toWalk )
> >>> File "/pentest/web/w3af/core/controllers/w3afCore.py", line 846, in
> >>> _discoverWorker
> >>> pluginResult = plugin.discover_wrapper( fr )
> >>> File
> >>> "/pentest/web/w3af/core/controllers/basePlugin/baseDiscoveryPlugin.py",
> >>> line
> >>> 48, in discover_wrapper
> >>> return self.discover( fuzzable_request_copy )
> >>> File "/pentest/web/w3af/plugins/discovery/webSpider.py", line 202, in
> >>> discover
> >>> self._tm.join( self )
> >>> File "/pentest/web/w3af/core/controllers/threads/threadManager.py", line
> >>> 120, in join
> >>> self._threadPool.wait( ownerObj, joinAll )
> >>> File "/pentest/web/w3af/core/controllers/threads/threadpool.py", line
> >>> 271, in wait
> >>> self.poll(block=True, ownerObj=ownerObj, joinAll=joinAll)
> >>> File "/pentest/web/w3af/core/controllers/threads/threadpool.py", line
> >>> 108, in run
> >>> self.resultQueue.put( (request, request.callable(*request.args,
> >>> **request.kwds)) )
> >>> File "/pentest/web/w3af/plugins/discovery/webSpider.py", line 330, in
> >>> _verify_reference
> >>> fuzzable_request_list = self._createFuzzableRequests( resp,
> >>> request=original_request )
> >>> File
> >>> "/pentest/web/w3af/core/controllers/basePlugin/baseDiscoveryPlugin.py",
> >>> line
> >>> 63, in _createFuzzableRequests
> >>> return createFuzzableRequests( httpResponse, request, add_self )
> >>> File "/pentest/web/w3af/core/data/request/frFactory.py", line 116, in
> >>> createFuzzableRequests
> >>> wspdr.setURL( remoteMethod.getLocation() )
> >>> File "/pentest/web/w3af/core/data/request/fuzzableRequest.py", line 367,
> >>> in setURL
> >>> raise ValueError( msg )
> >>> ValueError: The "url" parameter of setURL @ fuzzableRequest must be of
> >>> urlParser.url_object type.
> >>>
> >>>
> >>> Scan finished in 11 seconds.
> >>> Exception in thread Thread-28:
> >>> Traceback (most recent call last):
> >>> File "/usr/lib/python2.6/threading.py", line 532, in __bootstrap_inner
> >>> self.run()
> >>> File "/usr/lib/python2.6/threading.py", line 484, in run
> >>> self.__target(*self.__args, **self.__kwargs)
> >>> File "/pentest/web/w3af/core/ui/consoleUi/rootMenu.py", line 119, in
> >>> _real_start
> >>> raise e
> >>> ValueError: The "url" parameter of setURL @ fuzzableRequest must be of
> >>> urlParser.url_object type.
> >>>
> >>>
> >>> ------------------------------------------------------------------------------
> >>> All the data continuously generated in your IT infrastructure contains a
> >>> definitive record of customers, application performance, security
> >>> threats, fraudulent activity and more. Splunk takes this data and makes
> >>> sense of it. Business sense. IT sense. Common sense.
> >>> http://p.sf.net/sfu/splunk-d2d-oct
> >>> _______________________________________________
> >>> W3af-users mailing list
> >>> [email protected]
> >>> https://lists.sourceforge.net/lists/listinfo/w3af-users
> >>>
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> Director of Web Security at Rapid7 LLC
> >> Founder at Bonsai Information Security
> >> Project Leader at w3af
> >>
> >
> >
> >
> > --
> > Andrés Riancho
> > Director of Web Security at Rapid7 LLC
> > Founder at Bonsai Information Security
> > Project Leader at w3af
> >
>
>
>
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
