Sanjay, On Fri, Nov 9, 2012 at 5:58 AM, Sanjay Rawat <[email protected]> wrote: > Dear Andres, > thanks for a very detailed response. I would love to get involved in the > direction, suggested by you. however, I will have to see if I will be able > to devote enough time to take this task. I will let you know very soon.
Ok, > Coming to the problem at hand: earlier I thought that it may not be that > complicated because from user manual, what i understood is that discovery > phase is actually generating "enough" information to build this graph. It is > following the links from a given page (outgoing edges) and I think, it also > generates or knows parameters to access a page on a given URL, Yes, it does follow all links and keeps the parameters, but we don't track the "source" where each link was found and if we already crawled link A that we found from an unknown source, we don't crawl it again when finding it at source X. > if we need to > have ones, for example authentication info (user/password). So, we could > just take information generated by discovery phase and get the graph. I don't think that's possible :( > But > now, if the project leader is himself saying that this is complicated, I am > sure that it IS. I underestimated the task :) so, it seems that if at all, I > want this info, i need to get into the water to fetch. > Can you give some approximate time, in hours, that you think would be > required to do this task? While thinking about this task I realized that the simplest would be to only modify the web_spider.py plugin in order to achieve what you want. This is good because you avoid learning about w3af's core and it's internals. Regarding time... it is difficult to say because I don't know your dev skills... if I would have to do this (and now that I realized that it can be done via the web_spider.py) it would take me 1 day to get it DONE (with unittests, nige pychart graphs, etc.) Regards, > Thanks & Regards > > - Sanjay > > > ________________________________ > From: Andres Riancho <[email protected]> > To: Sanjay Rawat <[email protected]> > Cc: "[email protected]" <[email protected]> > Sent: Thursday, November 8, 2012 2:45 PM > Subject: Re: [W3af-users] w3ag output as link graph or FSM > > Sanjay, > > On Thu, Nov 8, 2012 at 5:58 AM, Sanjay Rawat <[email protected]> wrote: >> >> Hello, >> I understand that w3af can produce output in different formats. I am more >> interested in getting the output of "discovery" phase in a format that >> allows me to see the link relationship. What I mean by this is to have a >> graph like structure (or finite state machine FSM) where nodes are pages >> (links) and edges are links they points to. Additionally, it will be good >> to >> also have the parameter info (parameters of the URI/forms etc.to access >> the >> link along the edge) along the edges. >> Is it possible? > > Everything is possible with open source software if you've got enough > time ;) But in this case, I think that it would take considerable time > to achieve what you want. > > What can be done today with ease is to create a tree-like structure like > this: > > http://host.tld/ > + /foo/ > \----/bar/ > + spam.html > + def.html > \----abc.html > > But if I understood correctly you a graph that represents this information: > > * spam.html links to abc.html and def.html > * abc.html links to def.html > * def.html links to spam.html , abc.html, foo.html > * foo.html doesn't have any links > > If you're interested in working on this let me know and I can guide > you through the code, but I warn you... w3af wasn't designed to do > this and it might involve some ugly code that we might not include > into the trunk. > > Regards, > >> Thanks >> >> Thanks & Regards >> >> - Sanjay >> http://www-verimag.imag.fr/~rawat/ >> >> >> ------------------------------------------------------------------------------ >> Everyone hates slow websites. So do we. >> Make your web apps faster with AppDynamics >> Download AppDynamics Lite for free today: >> http://p.sf.net/sfu/appdyn_d2d_nov >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
