I guess that's what I'm reporting.
On Nov 21, 2011 5:11 PM, "Andres Riancho" <[email protected]> wrote:
> Shawn,
>
> While w3af is officially supported under 2.6 it should work as
> expected in 2.7 (let us know if it doesn't).
>
> Regards,
>
> On Mon, Nov 21, 2011 at 8:19 PM, Shawn Webb <[email protected]> wrote:
> > Just tried. Looks like it's not liking that the whole world has moved
> > on beyond python 2.6. I even changed the shebang line to match the
> > python2.6 binary and the latest w3af still complains about only being
> > supported in python 2.6, even though it is running in python 2.6.
> >
> > On Mon, Nov 21, 2011 at 4:17 PM, Andres Riancho
> > <[email protected]> wrote:
> >> Version: 1.1 (from Debian Package 1.0-rc3svn3489-1)
> >>
> >> That's a very old version. Could you please download the latest from
> >> the w3af site?
> >>
> >> Regards,
> >>
> >> On Mon, Nov 21, 2011 at 8:12 PM, Shawn Webb <[email protected]> wrote:
> >>> The version in Ubuntu 11.10's repo exhibits the same behavior. Nor is
> >>> webSpider really finding anything:
> >>>
> >>> w3af>>> http-settings
> >>> w3af/config:http-settings>>> set cookieJarFile /home/shawn/cookies.txt
> >>> w3af/config:http-settings>>> back
> >>> w3af>>> target
> >>> w3af/config:target>>> set target http://[redacted]/
> >>> w3af/config:target>>> back
> >>> w3af/plugins>>> audit xss, sqli, blindSqli
> >>> w3af/plugins>>> discovery webSpider
> >>> w3af/plugins>>> back
> >>> w3af>>> start
> >>> Auto-enabling plugin: grep.error500
> >>> Auto-enabling plugin: grep.httpAuthDetect
> >>> The following is a list of broken links that were found by the
> webSpider plugin:
> >>> - http://[redacted]/ [ referenced from: http://[redacted]/ ]
> >>> Found 1 URLs and 1 different points of injection.
> >>> The list of URLs is:
> >>> - http://[redacted]/
> >>> The list of fuzzable requests is:
> >>> - http://[redacted]/ | Method: GET
> >>> Finished scanning process.
> >>> w3af>>> version
> >>> w3af - Web Application Attack and Audit Framework
> >>> Version: 1.1 (from Debian Package 1.0-rc3svn3489-1)
> >>> Author: Andres Riancho and the w3af team.
> >>>
> >>> Thanks,
> >>>
> >>> Shawn
> >>>
> >>> On Mon, Nov 21, 2011 at 2:11 PM, Shawn Webb <[email protected]> wrote:
> >>>> Looks like it's gonna be a major pain continuing to do this on
> >>>> freebsd, since freebsd uses python 2.7 by default. w3af depends on
> >>>> 2.6. I'll spin up a linux VM and see if it exhibits the same behavior.
> >>>>
> >>>> On Mon, Nov 21, 2011 at 1:45 PM, Javier Andalia <[email protected]>
> wrote:
> >>>>> Hey Shawn,
> >>>>>
> >>>>> You can start with installing our last version [0] and tell us if
> that
> >>>>> still happens.
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Javier
> >>>>>
> >>>>> [0] https://sourceforge.net/projects/w3af/files/w3af/w3af%201.1/
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Mon, Nov 21, 2011 at 5:31 PM, Shawn Webb <[email protected]>
> wrote:
> >>>>>> I'm testing using w3af against my employer's development sites. We
> use
> >>>>>> a load balancer based on nginx and haproxy which sets cookies to
> >>>>>> forward (and keep) the user's browser to a specific lighttpd
> server. I
> >>>>>> exported firefox's cookies for our site and am using that with w3af.
> >>>>>> After running w3af, I see no hits in my lighttpd server's logfiles,
> >>>>>> which makes be believe w3af isn't respecting the cookieJarFile
> >>>>>> setting. Is there something other than simply setting that config
> >>>>>> variable to the file that I should be doing? I just installed w3af
> on
> >>>>>> freebsd via ports.
> >>>>>>
> >>>>>> w3af version info: Version: 1.0-rc4 (from tgz)
> >>>>>>
> >>>>>> Thanks,
> >>>>>>
> >>>>>> Shawn
> >>>>>>
> >>>>>>
> ------------------------------------------------------------------------------
> >>>>>> All the data continuously generated in your IT infrastructure
> >>>>>> contains a definitive record of customers, application performance,
> >>>>>> security threats, fraudulent activity, and more. Splunk takes this
> >>>>>> data and makes sense of it. IT sense. And common sense.
> >>>>>> http://p.sf.net/sfu/splunk-novd2d
> >>>>>> _______________________________________________
> >>>>>> W3af-users mailing list
> >>>>>> [email protected]
> >>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-users
> >>>>>>
> >>>>>
> >>>>
> >>>
> >>>
> ------------------------------------------------------------------------------
> >>> All the data continuously generated in your IT infrastructure
> >>> contains a definitive record of customers, application performance,
> >>> security threats, fraudulent activity, and more. Splunk takes this
> >>> data and makes sense of it. IT sense. And common sense.
> >>> http://p.sf.net/sfu/splunk-novd2d
> >>> _______________________________________________
> >>> W3af-users mailing list
> >>> [email protected]
> >>> https://lists.sourceforge.net/lists/listinfo/w3af-users
> >>>
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> Director of Web Security at Rapid7 LLC
> >> Founder at Bonsai Information Security
> >> Project Leader at w3af
> >>
> >
>
>
>
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
