Just tried. Looks like it's not liking that the whole world has moved on beyond python 2.6. I even changed the shebang line to match the python2.6 binary and the latest w3af still complains about only being supported in python 2.6, even though it is running in python 2.6.
On Mon, Nov 21, 2011 at 4:17 PM, Andres Riancho <[email protected]> wrote: > Version: 1.1 (from Debian Package 1.0-rc3svn3489-1) > > That's a very old version. Could you please download the latest from > the w3af site? > > Regards, > > On Mon, Nov 21, 2011 at 8:12 PM, Shawn Webb <[email protected]> wrote: >> The version in Ubuntu 11.10's repo exhibits the same behavior. Nor is >> webSpider really finding anything: >> >> w3af>>> http-settings >> w3af/config:http-settings>>> set cookieJarFile /home/shawn/cookies.txt >> w3af/config:http-settings>>> back >> w3af>>> target >> w3af/config:target>>> set target http://[redacted]/ >> w3af/config:target>>> back >> w3af/plugins>>> audit xss, sqli, blindSqli >> w3af/plugins>>> discovery webSpider >> w3af/plugins>>> back >> w3af>>> start >> Auto-enabling plugin: grep.error500 >> Auto-enabling plugin: grep.httpAuthDetect >> The following is a list of broken links that were found by the webSpider >> plugin: >> - http://[redacted]/ [ referenced from: http://[redacted]/ ] >> Found 1 URLs and 1 different points of injection. >> The list of URLs is: >> - http://[redacted]/ >> The list of fuzzable requests is: >> - http://[redacted]/ | Method: GET >> Finished scanning process. >> w3af>>> version >> w3af - Web Application Attack and Audit Framework >> Version: 1.1 (from Debian Package 1.0-rc3svn3489-1) >> Author: Andres Riancho and the w3af team. >> >> Thanks, >> >> Shawn >> >> On Mon, Nov 21, 2011 at 2:11 PM, Shawn Webb <[email protected]> wrote: >>> Looks like it's gonna be a major pain continuing to do this on >>> freebsd, since freebsd uses python 2.7 by default. w3af depends on >>> 2.6. I'll spin up a linux VM and see if it exhibits the same behavior. >>> >>> On Mon, Nov 21, 2011 at 1:45 PM, Javier Andalia <[email protected]> wrote: >>>> Hey Shawn, >>>> >>>> You can start with installing our last version [0] and tell us if that >>>> still happens. >>>> >>>> Regards, >>>> >>>> Javier >>>> >>>> [0] https://sourceforge.net/projects/w3af/files/w3af/w3af%201.1/ >>>> >>>> >>>> >>>> On Mon, Nov 21, 2011 at 5:31 PM, Shawn Webb <[email protected]> wrote: >>>>> I'm testing using w3af against my employer's development sites. We use >>>>> a load balancer based on nginx and haproxy which sets cookies to >>>>> forward (and keep) the user's browser to a specific lighttpd server. I >>>>> exported firefox's cookies for our site and am using that with w3af. >>>>> After running w3af, I see no hits in my lighttpd server's logfiles, >>>>> which makes be believe w3af isn't respecting the cookieJarFile >>>>> setting. Is there something other than simply setting that config >>>>> variable to the file that I should be doing? I just installed w3af on >>>>> freebsd via ports. >>>>> >>>>> w3af version info: Version: 1.0-rc4 (from tgz) >>>>> >>>>> Thanks, >>>>> >>>>> Shawn >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> All the data continuously generated in your IT infrastructure >>>>> contains a definitive record of customers, application performance, >>>>> security threats, fraudulent activity, and more. Splunk takes this >>>>> data and makes sense of it. IT sense. And common sense. >>>>> http://p.sf.net/sfu/splunk-novd2d >>>>> _______________________________________________ >>>>> W3af-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>>>> >>>> >>> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a definitive record of customers, application performance, >> security threats, fraudulent activity, and more. Splunk takes this >> data and makes sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-novd2d >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> > > > > -- > Andrés Riancho > Director of Web Security at Rapid7 LLC > Founder at Bonsai Information Security > Project Leader at w3af > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
