Zayl, On Wed, May 2, 2012 at 6:45 PM, Zayl Linel <[email protected]> wrote: > Hello; > > I am new to this mailing list. I am using w3af_gui and need to test for sql > injection in my website, for that I need to know two things please : > 1 - which plugins to load for sql injection detection.
You need two things, first you'll need to enable some discovery plugins that will map the application (webSpider is recommended here) Then you need to find the vulnerabilities in the previously found URLs/parameters, you can use audit.sqli > 2 - My website hides get params of my url's, because it is search engine > friendly so which plugin's to crawl website and search for pages get params ? You should enable the fuzzURLParts and fuzzFileName settings in misc-settings menu Let us know how it goes, Regards, > Regards > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
