Sandeep, On Tue, Nov 12, 2013 at 4:38 PM, sandeep kumar bandaru <bandarusandeepku...@gmail.com> wrote: > Hi, > > I have been getting below error while using "spider_man" proxy plugin in > w3af to scan the application, which is running using the HTTPS protocol. > > Error: > File "/home/w3af/core/controllers/daemons/proxy.py", line 337, in do_CONNECT > httpsServer.process_request(conWrap, self.client_address) > File "/usr/lib64/python2.6/SocketServer.py", line 309, in process_request > self.finish_request(request, client_address) > File "/usr/lib64/python2.6/SocketServer.py", line 322, in finish_request > self.RequestHandlerClass(request, client_address, self) > File "/home/w3af/plugins/crawl/spider_man.py", line 183, in __init__ > w3afProxyHandler.__init__(self, request, client_address, server) > File "/usr/lib64/python2.6/SocketServer.py", line 617, in __init__ > self.handle() > File "/usr/lib64/python2.6/BaseHTTPServer.py", line 329, in handle > self.handle_one_request() > File "/home/w3af/core/controllers/daemons/proxy.py", line 73, in > handle_one_request > self.do_ALL() > File "/home/w3af/plugins/crawl/spider_man.py", line 193, in do_ALL > path = URL(self.path) > File "/home/w3af/core/data/parsers/url.py", line 196, in __init__ > raise ValueError, 'Invalid URL "%s"' % (data,) > ValueError: Invalid URL "/application/index.jsp" > > > However, when I used the application running on HTTP protocol for scanning > through proxy there were no errors. > > Please let me know whether W3af spider_man proxy plugin works for HTTPS > protocols? If so, can you please let me know the details of how to configure > w3af for the same.
Well, anything is possible... we've got unittests for https traffic in the proxy daemon [0], but no test for https traffic in the spider_man plugin [1] which uses the proxy and seems to be the place where it's crashing. I don't have much time for testing/fixing now, but if you know your way around source code, could you please try to change test_spider_man.py to use SSL and run it using nosetests? [0] https://github.com/andresriancho/w3af/blob/master/core/controllers/daemons/tests/test_proxy.py#L76 [1] https://github.com/andresriancho/w3af/blob/master/plugins/tests/crawl/test_spider_man.py > Technical Details of the Local Machine: > OS: CentOS release 6.4 (Final) > > Technical Details of W3af: > Version: 1.5 > Revision: 319d65d0c5 > > > > Thanks, > Sandeep > > ------------------------------------------------------------------------------ > November Webinars for C, C++, Fortran Developers > Accelerate application performance with scalable programming models. Explore > techniques for threading, error checking, porting, and tuning. Get the most > from the latest Intel processors and coprocessors. See abstracts and > register > http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
