Oops, forgot to add w3af-users!
---------- Forwarded message ---------- From: Andres Riancho <[email protected]> Date: Wed, Oct 2, 2013 at 9:29 AM Subject: Re: [W3af-users] TargetURL enable subdomains To: assmann <[email protected]> Tobias, On Wed, Oct 2, 2013 at 5:20 AM, <[email protected]> wrote: > Hi, > > I am using 1.6 Revision 3ef1aa4e9e > > Maybe the problem is, that this domain is not a public one? It is > internal for the company only, but is known to the system w3af is > running on... Seems to be a bug. Reading some code, it seems to all come up to this code: """ protocol = target_url.get_protocol() is_file = file_target and protocol == 'file' is_http = protocol in ('http', 'https') and \ target_url.is_valid_domain() if not is_file and not is_http: msg = ('Invalid format for target URL "%s", you have to specify ' 'the protocol (http/https/file) and a domain or IP address.' ' Examples: http://host.tld/ ; https://127.0.0.1/ .') raise w3afException(msg % target_url) """ """ def is_valid_domain(self): ''' :param url: The url to parse. :return: Returns a boolean that indicates if <url>'s domain is valid ''' domain_re = '[a-z0-9-]+(\.[a-z0-9-]+)*(:\d\d?\d?\d?\d?)?$' return re.match(domain_re, self.netloc) is not None """ If you like to code, I would appreciate it if you could add a test with the URL that's not validated to test_target.py [0] and then play around with the code (most likely the regex?) until you fix it. My first impression is that maybe the re.match should be case insensitive? In the case where you don't want to do this, please let me know and I'll try to do it next week. [0] https://github.com/andresriancho/w3af/blob/master/core/controllers/core_helpers/tests/test_target.py >> Which w3af version are you using? > >> On Tue, Oct 1, 2013 at 8:59 AM, <[email protected]> wrote: >>> Hi >>> >>> again I tried to use w3af to test an new webapp and I got the >>> following error: >>> >>> Invalid format for target URL "http://foobar.foo.bar.de/web/app.php";, you >>> have to specify the protocol (http/https/file) and a domain or IP address. >>> Examples: http://host.tld/ ; https://127.0.0.1/ . >>> >>> Is it possible to enable URLs like this? The are valid :) >>> >>> TIA >>> >>> Tobias >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> October Webinars: Code for Performance >>> Free Intel webinars can help you accelerate application performance. >>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >>> from >>> the latest Intel processors and coprocessors. See abstracts and register > >>> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> W3af-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/w3af-users > > > > > > Mit freundlichen Grüßen > > Tobias Assmann > _______________________________________________________ > > SkyGate internetworking GmbH > Pfuelstrasse 5, Aufgang VI > D - 10997 Berlin > Handelsreg. Berlin Charlottenburg, HRB 87258 > Geschaeftsfuehrer: Stephan Jensen > > T: +49- (0)30 - 611038-0 > F: +49- (0)30 - 61280465 > W: http://www.skygate.de > _______________________________________________________ > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
