Shawn,
w3af shouldn't stop after that warning, is it?
On Mon, Nov 21, 2011 at 9:25 PM, Shawn Webb <[email protected]> wrote:
> I guess that's what I'm reporting.
>
> On Nov 21, 2011 5:11 PM, "Andres Riancho" <[email protected]> wrote:
>>
>> Shawn,
>>
>> While w3af is officially supported under 2.6 it should work as
>> expected in 2.7 (let us know if it doesn't).
>>
>> Regards,
>>
>> On Mon, Nov 21, 2011 at 8:19 PM, Shawn Webb <[email protected]> wrote:
>> > Just tried. Looks like it's not liking that the whole world has moved
>> > on beyond python 2.6. I even changed the shebang line to match the
>> > python2.6 binary and the latest w3af still complains about only being
>> > supported in python 2.6, even though it is running in python 2.6.
>> >
>> > On Mon, Nov 21, 2011 at 4:17 PM, Andres Riancho
>> > <[email protected]> wrote:
>> >> Version: 1.1 (from Debian Package 1.0-rc3svn3489-1)
>> >>
>> >> That's a very old version. Could you please download the latest from
>> >> the w3af site?
>> >>
>> >> Regards,
>> >>
>> >> On Mon, Nov 21, 2011 at 8:12 PM, Shawn Webb <[email protected]> wrote:
>> >>> The version in Ubuntu 11.10's repo exhibits the same behavior. Nor is
>> >>> webSpider really finding anything:
>> >>>
>> >>> w3af>>> http-settings
>> >>> w3af/config:http-settings>>> set cookieJarFile /home/shawn/cookies.txt
>> >>> w3af/config:http-settings>>> back
>> >>> w3af>>> target
>> >>> w3af/config:target>>> set target http://[redacted]/
>> >>> w3af/config:target>>> back
>> >>> w3af/plugins>>> audit xss, sqli, blindSqli
>> >>> w3af/plugins>>> discovery webSpider
>> >>> w3af/plugins>>> back
>> >>> w3af>>> start
>> >>> Auto-enabling plugin: grep.error500
>> >>> Auto-enabling plugin: grep.httpAuthDetect
>> >>> The following is a list of broken links that were found by the
>> >>> webSpider plugin:
>> >>> - http://[redacted]/ [ referenced from: http://[redacted]/ ]
>> >>> Found 1 URLs and 1 different points of injection.
>> >>> The list of URLs is:
>> >>> - http://[redacted]/
>> >>> The list of fuzzable requests is:
>> >>> - http://[redacted]/ | Method: GET
>> >>> Finished scanning process.
>> >>> w3af>>> version
>> >>> w3af - Web Application Attack and Audit Framework
>> >>> Version: 1.1 (from Debian Package 1.0-rc3svn3489-1)
>> >>> Author: Andres Riancho and the w3af team.
>> >>>
>> >>> Thanks,
>> >>>
>> >>> Shawn
>> >>>
>> >>> On Mon, Nov 21, 2011 at 2:11 PM, Shawn Webb <[email protected]> wrote:
>> >>>> Looks like it's gonna be a major pain continuing to do this on
>> >>>> freebsd, since freebsd uses python 2.7 by default. w3af depends on
>> >>>> 2.6. I'll spin up a linux VM and see if it exhibits the same
>> >>>> behavior.
>> >>>>
>> >>>> On Mon, Nov 21, 2011 at 1:45 PM, Javier Andalia <[email protected]>
>> >>>> wrote:
>> >>>>> Hey Shawn,
>> >>>>>
>> >>>>> You can start with installing our last version [0] and tell us if
>> >>>>> that
>> >>>>> still happens.
>> >>>>>
>> >>>>> Regards,
>> >>>>>
>> >>>>> Javier
>> >>>>>
>> >>>>> [0] https://sourceforge.net/projects/w3af/files/w3af/w3af%201.1/
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> On Mon, Nov 21, 2011 at 5:31 PM, Shawn Webb <[email protected]>
>> >>>>> wrote:
>> >>>>>> I'm testing using w3af against my employer's development sites. We
>> >>>>>> use
>> >>>>>> a load balancer based on nginx and haproxy which sets cookies to
>> >>>>>> forward (and keep) the user's browser to a specific lighttpd
>> >>>>>> server. I
>> >>>>>> exported firefox's cookies for our site and am using that with
>> >>>>>> w3af.
>> >>>>>> After running w3af, I see no hits in my lighttpd server's logfiles,
>> >>>>>> which makes be believe w3af isn't respecting the cookieJarFile
>> >>>>>> setting. Is there something other than simply setting that config
>> >>>>>> variable to the file that I should be doing? I just installed w3af
>> >>>>>> on
>> >>>>>> freebsd via ports.
>> >>>>>>
>> >>>>>> w3af version info: Version: 1.0-rc4 (from tgz)
>> >>>>>>
>> >>>>>> Thanks,
>> >>>>>>
>> >>>>>> Shawn
>> >>>>>>
>> >>>>>>
>> >>>>>> ------------------------------------------------------------------------------
>> >>>>>> All the data continuously generated in your IT infrastructure
>> >>>>>> contains a definitive record of customers, application performance,
>> >>>>>> security threats, fraudulent activity, and more. Splunk takes this
>> >>>>>> data and makes sense of it. IT sense. And common sense.
>> >>>>>> http://p.sf.net/sfu/splunk-novd2d
>> >>>>>> _______________________________________________
>> >>>>>> W3af-users mailing list
>> >>>>>> [email protected]
>> >>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >>>>>>
>> >>>>>
>> >>>>
>> >>>
>> >>>
>> >>> ------------------------------------------------------------------------------
>> >>> All the data continuously generated in your IT infrastructure
>> >>> contains a definitive record of customers, application performance,
>> >>> security threats, fraudulent activity, and more. Splunk takes this
>> >>> data and makes sense of it. IT sense. And common sense.
>> >>> http://p.sf.net/sfu/splunk-novd2d
>> >>> _______________________________________________
>> >>> W3af-users mailing list
>> >>> [email protected]
>> >>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Andrés Riancho
>> >> Director of Web Security at Rapid7 LLC
>> >> Founder at Bonsai Information Security
>> >> Project Leader at w3af
>> >>
>> >
>>
>>
>>
>> --
>> Andrés Riancho
>> Director of Web Security at Rapid7 LLC
>> Founder at Bonsai Information Security
>> Project Leader at w3af
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
