Luke,
On Thu, Sep 27, 2012 at 9:36 PM, luke <[email protected]> wrote:
>
>
> ---------- Forwarded message ----------
> From: luke <[email protected]>
> Date: Wed, Sep 26, 2012 at 4:02 PM
> Subject: test about inspectOriginHeaderScrutiny
> To: Andres Riancho <[email protected]>
>
>
>
> Hi andres
> I tested inspectOriginHeaderScrutiny.py module
> but the result show nothing about this module ?
Usually plugins put results in the Knowledge Base and/or log if
they find something, you don't want w3af telling you all the places
where it did NOT find SQL, XSS, OSC, etc. right?
> I am wondering if I used it wrong
> this is my script :
> ===============================================
> plugins
> discovery webSpider,hmap,allowedMethods,robotsReader
> audit inspectOriginHeaderScrutiny
> discovery config webSpider
> set onlyForward True
> back
> output console
> output htmlFile
> output config htmlFile
> set fileName sourceforge.html
> back
> back
> target
> set target http://sourceforge.net
Are you sure that sourceforge.net is vulnerable to the things that [0]
checks for? Could you explain why and show us HTTP requests and
responses backing that?
[0]
https://code.google.com/p/righettod/source/browse/PYTHON/W3AF-Plugins/plugins/audit/inspectOriginHeaderScrutiny.py
Regards,
> back
> start
> =====================================================
>
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
>
>
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
