w3af's crawler should find that on it's own, if it doesn't it's
because your application is heavily based on JavaScript (and w3af
doesn't know how to crawl those yet).

Specifically answering your POST question, you could write a mangle
plugin, like this one [0], which will modify the http method for each
request before sending it to the wire.

[0] https://github.com/andresriancho/w3af/blob/master/plugins/mangle/sed.py

On Tue, Nov 12, 2013 at 4:00 PM, sandeep kumar bandaru
<bandarusandeepku...@gmail.com> wrote:
> We have implemented our app in such a way that, for all the dynamic url's,
> POST navigation will be used and GET navigation for the static files
> (images,js files, etc.,)
>
> Thanks,
> Sandeep
>
>
> On Fri, Nov 8, 2013 at 9:15 PM, Andres Riancho <andres.rian...@gmail.com>
> wrote:
>>
>> I'm almost sure that POST for all requests is not what you need. Could
>> you please better explain your requirements?
>>
>> On Fri, Nov 8, 2013 at 11:18 AM, sandeep kumar bandaru
>> <bandarusandeepku...@gmail.com> wrote:
>> > Hi,
>> >
>> > W3af is crawling through the pages (from the response page of a request)
>> > only using the GET requests. The only request I can see the POST request
>> > is
>> > the authentication (even this has to be configured via the 'auth'
>> > plugin).
>> >
>> > Problem here is most of the requests in our application are POST and
>> > hence
>> > unable to do the actual testing with this tool.
>> >
>> > Can you please let me know, how to configure w3af to crawl all the
>> > requests
>> > via POST method?
>> >
>> >
>> > Thanks,
>> > Sandeep
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > November Webinars for C, C++, Fortran Developers
>> > Accelerate application performance with scalable programming models.
>> > Explore
>> > techniques for threading, error checking, porting, and tuning. Get the
>> > most
>> > from the latest Intel processors and coprocessors. See abstracts and
>> > register
>> >
>> > http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
>> > _______________________________________________
>> > W3af-users mailing list
>> > W3af-users@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to