Finally got some time to research this issue a little bit more. Found that it seems to be a common issue [0]. After reading [1] it seems that it is because of incorrect (threads/multiprocessing) + pygtk. The same error message seems to appear on a bug report related to fglrx [2].
So, if you have an old debian/ubuntu which uses fglrx it might be a bug there... if not, w3af might be breaking something. Let me know if you're still getting the bug, and if your system fits the profile. [0] https://www.google.com.ar/search?q=Fatal+IO+error+11+(Resource+temporarily+unavailable)+on+X+server+%3A0.&aq=f&oq=Fatal+IO+error+11+(Resource+temporarily+unavailable)+on+X+server+%3A0.&aqs=chrome.0.57.515j0&sourceid=chrome&ie=UTF-8 [1] http://wwwfgu.anat.ox.ac.uk/~andreas/SphinxReport/FAQ.html [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649346 On Wed, Apr 10, 2013 at 11:48 AM, Mostafa Kamel <mostafa.k.zah...@gmail.com> wrote: > OK, > > 1- open shell and get root privilege > > 2- ./w3af_gui > > 3- enable the following plugins : > audit{blind_sqli - buffer_overflow - cors_origin - csrf - dav - eval - > format_string - frontpage - generic - htaccess_method - ldapi - lfi - > mx_injection - os_commanding - phishing_vector - redos - response_splitting > - rfi - sqli - ssi - xpath - xss - xst} > > crawl { dot_listing - find_backdoors - find_dvcs - phishtank - > ria_enumerator - robots_txt - sitemap_xml - web_spider} > > grep { ajax - analyze_cookie - blank_body - click_jacking - code_disclosure > - cross_domain_js - csp - directory_indexing - dom_xss - error_500 - > error_pages - file_upload - form_autocomplete - get_emails - hash_analysis - > html_comments - http_auth_detect - http_in_body - lang - meta_tags - objects > - path_disclosure - strange_headers - stange_http_codes - strange_parameters > - starnge_reason - symfony - url_session - wsdl_greper - > xss_protection_header } > > infrastructure { allawed_methods - frontpage_version - server_header } > > output { console - export_requests - html_file } > > 4- change Configuration->http Config -> General -> headers_file from empty > to file path containing a cookie > > 5- change Configuration->http Config ->Cookies - >ignore_session_cookie from > false to true > > 6- Target { http://127.0.0.1:3000/ } > > 7- Start > > 8- crash > > I hope that is fine > > > On Wed, Apr 10, 2013 at 5:07 PM, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> Ok, now it gets interesting... could you please tell me how to >> reproduce the bug? For example: >> >> 1- ./w3af_gui >> 2- Click on X >> 3- Type ... >> 4- Click Start >> 5- Crash >> >> With that, I'll try to reproduce and fix, >> >> On Wed, Apr 10, 2013 at 11:32 AM, Mostafa Kamel >> <mostafa.k.zah...@gmail.com> wrote: >> > now I am using threading2 >> > but still I have the same error >> > >> > >> > On Wed, Apr 10, 2013 at 2:20 PM, Andres Riancho >> > <andres.rian...@gmail.com> >> > wrote: >> >> >> >> Please use the latest version which is available in the threading2 >> >> branch. Here is how to do it: >> >> http://w3af.org/beta-testers-wanted >> >> >> >> I think I'll merge to master today/tomorrow, meanwhile please use >> >> threading2. >> >> >> >> On Wed, Apr 10, 2013 at 9:19 AM, Mostafa Kamel >> >> <mostafa.k.zah...@gmail.com> wrote: >> >> > w3af - Web Application Attack and Audit Framework >> >> > Version: 1.2 >> >> > Revision: unknown >> >> > Author: Andres Riancho and the w3af team. >> >> > >> >> > I download it yesterday using this >> >> > >> >> > git clone https://github.com/andresriancho/w3af.git >> >> > >> >> > >> >> > >> >> > On Wed, Apr 10, 2013 at 2:13 PM, Andres Riancho >> >> > <andres.rian...@gmail.com> >> >> > wrote: >> >> >> >> >> >> Which w3af version are you using? Here on my workstation it says: >> >> >> >> >> >> pablo@eulogia:~/workspace/w3af$ ./w3af_console --version >> >> >> w3af - Web Application Attack and Audit Framework >> >> >> Version: 1.5 >> >> >> Revision: a708fc6901 - 09 Apr 2013 17:19 >> >> >> Author: Andres Riancho and the w3af team. >> >> >> >> >> >> On Wed, Apr 10, 2013 at 8:36 AM, Mostafa Kamel >> >> >> <mostafa.k.zah...@gmail.com> wrote: >> >> >> > my python version is 2.7.3 >> >> >> > also I tried to use w3af_console and every thing is OK >> >> >> > >> >> >> > >> >> >> > On Wed, Apr 10, 2013 at 10:28 AM, Mostafa Kamel >> >> >> > <mostafa.k.zah...@gmail.com> >> >> >> > wrote: >> >> >> >> >> >> >> >> Andres, >> >> >> >> I used W3af in 2 operating systems trying to find security issues >> >> >> >> in >> >> >> >> my >> >> >> >> webapp on local host ,it is ruby on rails app running on webrick >> >> >> >> server. >> >> >> >> I needed to run authenticated scan so I use HTTP Conf->General -> >> >> >> >> Headerfile to add authenticated cookie in the HTTP headers , also >> >> >> >> I >> >> >> >> enabled >> >> >> >> " webspider plugin " and for output I enabled verbose on console >> >> >> >> then I >> >> >> >> scanned :- >> >> >> >> >> >> >> >> 1- On BackTrack5 : w3af is just crashed and closed left only the >> >> >> >> error >> >> >> >> message on console >> >> >> >> 2- On fedora: w3af opened a new window with title "Dot Viewer" >> >> >> >> carried >> >> >> >> the >> >> >> >> same error message and in the console the error message appeared >> >> >> >> but >> >> >> >> it >> >> >> >> continue scan process till the end, after it done I wasn't able >> >> >> >> to >> >> >> >> interact >> >> >> >> with w3af_gui or the error window >> >> >> >> >> >> >> >> if you need any other details please tell me >> >> >> >> >> >> >> >> >> >> >> >> On Tue, Apr 9, 2013 at 6:07 PM, Andres Riancho >> >> >> >> <andres.rian...@gmail.com> >> >> >> >> wrote: >> >> >> >>> >> >> >> >>> Mostafa, >> >> >> >>> >> >> >> >>> Doesn't look like anything I've seen before. Please send us >> >> >> >>> all >> >> >> >>> the information necessary to reproduce in our environment, >> >> >> >>> >> >> >> >>> On Tue, Apr 9, 2013 at 12:12 PM, Mostafa Kamel >> >> >> >>> <mostafa.k.zah...@gmail.com> wrote: >> >> >> >>> > Hello everyone >> >> >> >>> > please I need help with this error , which make w3af craches >> >> >> >>> > >> >> >> >>> > Warning: <stdin>:2: string ran past end of line >> >> >> >>> > Warning: <stdin>:3: string ran past end of line >> >> >> >>> > Error: <stdin>:3: syntax error near line 3 >> >> >> >>> > context: "<GtkTreeIter at 0x583c220>" >>> -- <<< >> >> >> >>> > "<GtkTreeIter >> >> >> >>> > at >> >> >> >>> > 0x5832920>"}w3af_gui: Fatal IO error 11 (Resource temporarily >> >> >> >>> > unavailable) >> >> >> >>> > on X server :0. >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > ------------------------------------------------------------------------------ >> >> >> >>> > Precog is a next-generation analytics platform capable of >> >> >> >>> > advanced >> >> >> >>> > analytics on semi-structured data. The platform includes APIs >> >> >> >>> > for >> >> >> >>> > building >> >> >> >>> > apps and a phenomenal toolset for data science. Developers can >> >> >> >>> > use >> >> >> >>> > our toolset for easy data analysis & visualization. Get a free >> >> >> >>> > account! >> >> >> >>> > http://www2.precog.com/precogplatform/slashdotnewsletter >> >> >> >>> > _______________________________________________ >> >> >> >>> > W3af-users mailing list >> >> >> >>> > W3af-users@lists.sourceforge.net >> >> >> >>> > https://lists.sourceforge.net/lists/listinfo/w3af-users >> >> >> >>> > >> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >> >>> -- >> >> >> >>> Andrés Riancho >> >> >> >>> Project Leader at w3af - http://w3af.org/ >> >> >> >>> Web Application Attack and Audit Framework >> >> >> >>> Twitter: @w3af >> >> >> >>> GPG: 0x93C344F3 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> >> >> >> >> Best Regards, >> >> >> >> >> >> >> >> Mostafa Kamel >> >> >> >> >> >> >> >> Software Engineer >> >> >> >> >> >> >> >> Fawry Integrated Systems >> >> >> >> >> >> >> >> Address: El Salam Tower- Eigth Floor- Beside El Salam Hospital >> >> >> >> >> >> >> >> Corniche el Nil, Maadi Cairo >> >> >> >> >> >> >> >> Mob: +2012 2041 6632 >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > >> >> >> > Best Regards, >> >> >> > >> >> >> > Mostafa Kamel >> >> >> > >> >> >> > Software Engineer >> >> >> > >> >> >> > Fawry Integrated Systems >> >> >> > >> >> >> > Address: El Salam Tower- Eigth Floor- Beside El Salam Hospital >> >> >> > >> >> >> > Corniche el Nil, Maadi Cairo >> >> >> > >> >> >> > Mob: +2012 2041 6632 >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Andrés Riancho >> >> >> Project Leader at w3af - http://w3af.org/ >> >> >> Web Application Attack and Audit Framework >> >> >> Twitter: @w3af >> >> >> GPG: 0x93C344F3 >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > >> >> > Best Regards, >> >> > >> >> > Mostafa Kamel >> >> > >> >> > Software Engineer >> >> > >> >> > Fawry Integrated Systems >> >> > >> >> > Address: El Salam Tower- Eigth Floor- Beside El Salam Hospital >> >> > >> >> > Corniche el Nil, Maadi Cairo >> >> > >> >> > Mob: +2012 2041 6632 >> >> >> >> >> >> >> >> -- >> >> Andrés Riancho >> >> Project Leader at w3af - http://w3af.org/ >> >> Web Application Attack and Audit Framework >> >> Twitter: @w3af >> >> GPG: 0x93C344F3 >> > >> > >> > >> > >> > -- >> > >> > Best Regards, >> > >> > Mostafa Kamel >> > >> > Software Engineer >> > >> > Fawry Integrated Systems >> > >> > Address: El Salam Tower- Eigth Floor- Beside El Salam Hospital >> > >> > Corniche el Nil, Maadi Cairo >> > >> > Mob: +2012 2041 6632 >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 > > > > > -- > > Best Regards, > > Mostafa Kamel > > Software Engineer > > Fawry Integrated Systems > > Address: El Salam Tower- Eigth Floor- Beside El Salam Hospital > > Corniche el Nil, Maadi Cairo > > Mob: +2012 2041 6632 > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
