Version: 1.1 (from Debian Package 1.0-rc3svn3489-1) That's a very old version. Could you please download the latest from the w3af site?
Regards, On Mon, Nov 21, 2011 at 8:12 PM, Shawn Webb <[email protected]> wrote: > The version in Ubuntu 11.10's repo exhibits the same behavior. Nor is > webSpider really finding anything: > > w3af>>> http-settings > w3af/config:http-settings>>> set cookieJarFile /home/shawn/cookies.txt > w3af/config:http-settings>>> back > w3af>>> target > w3af/config:target>>> set target http://[redacted]/ > w3af/config:target>>> back > w3af/plugins>>> audit xss, sqli, blindSqli > w3af/plugins>>> discovery webSpider > w3af/plugins>>> back > w3af>>> start > Auto-enabling plugin: grep.error500 > Auto-enabling plugin: grep.httpAuthDetect > The following is a list of broken links that were found by the webSpider > plugin: > - http://[redacted]/ [ referenced from: http://[redacted]/ ] > Found 1 URLs and 1 different points of injection. > The list of URLs is: > - http://[redacted]/ > The list of fuzzable requests is: > - http://[redacted]/ | Method: GET > Finished scanning process. > w3af>>> version > w3af - Web Application Attack and Audit Framework > Version: 1.1 (from Debian Package 1.0-rc3svn3489-1) > Author: Andres Riancho and the w3af team. > > Thanks, > > Shawn > > On Mon, Nov 21, 2011 at 2:11 PM, Shawn Webb <[email protected]> wrote: >> Looks like it's gonna be a major pain continuing to do this on >> freebsd, since freebsd uses python 2.7 by default. w3af depends on >> 2.6. I'll spin up a linux VM and see if it exhibits the same behavior. >> >> On Mon, Nov 21, 2011 at 1:45 PM, Javier Andalia <[email protected]> wrote: >>> Hey Shawn, >>> >>> You can start with installing our last version [0] and tell us if that >>> still happens. >>> >>> Regards, >>> >>> Javier >>> >>> [0] https://sourceforge.net/projects/w3af/files/w3af/w3af%201.1/ >>> >>> >>> >>> On Mon, Nov 21, 2011 at 5:31 PM, Shawn Webb <[email protected]> wrote: >>>> I'm testing using w3af against my employer's development sites. We use >>>> a load balancer based on nginx and haproxy which sets cookies to >>>> forward (and keep) the user's browser to a specific lighttpd server. I >>>> exported firefox's cookies for our site and am using that with w3af. >>>> After running w3af, I see no hits in my lighttpd server's logfiles, >>>> which makes be believe w3af isn't respecting the cookieJarFile >>>> setting. Is there something other than simply setting that config >>>> variable to the file that I should be doing? I just installed w3af on >>>> freebsd via ports. >>>> >>>> w3af version info: Version: 1.0-rc4 (from tgz) >>>> >>>> Thanks, >>>> >>>> Shawn >>>> >>>> ------------------------------------------------------------------------------ >>>> All the data continuously generated in your IT infrastructure >>>> contains a definitive record of customers, application performance, >>>> security threats, fraudulent activity, and more. Splunk takes this >>>> data and makes sense of it. IT sense. And common sense. >>>> http://p.sf.net/sfu/splunk-novd2d >>>> _______________________________________________ >>>> W3af-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>>> >>> >> > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
