I'm getting tired of saying this (and it is completely my fault)
but... have you tried with the `feature/module` branch?
cd w3af
git checkout feature/module
./w3af_console
On Tue, Jan 21, 2014 at 8:32 PM, Vojtěch Polášek <krec...@gmail.com> wrote:
> Hi,
> here I am sending the traceback I get:
> ----------------------------------------
> Exception happened during processing of request from ('127.0.0.1', 44787)
> Traceback (most recent call last):
> File "/usr/lib/python2.7/SocketServer.py", line 284, in
> _handle_request_noblock
> self.process_request(request, client_address)
> File "/usr/lib/python2.7/SocketServer.py", line 310, in process_request
> self.finish_request(request, client_address)
> File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
> self.RequestHandlerClass(request, client_address, self)
> File
> "/home/vojta/software/pentesting/w3af/plugins/crawl/spider_man.py", line
> 109, in constructor
> return ProxyHandler(request, client_addr, server, self)
> File
> "/home/vojta/software/pentesting/w3af/plugins/crawl/spider_man.py", line
> 183, in __init__
> w3afProxyHandler.__init__(self, request, client_address, server)
> File "/usr/lib/python2.7/SocketServer.py", line 638, in __init__
> self.handle()
> File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
> self.handle_one_request()
> File
> "/home/vojta/software/pentesting/w3af/core/controllers/daemons/proxy.py", line
> 54, in handle_one_request
> self.raw_requestline = self.rfile.readline()
> File "/usr/lib/python2.7/socket.py", line 447, in readline
> data = self._sock.recv(self._rbufsize)
> timeout: timed out
> ----------------------------------------
> Dne 22.1.2014 00:14, Vojtěch Polášek napsal(a):
> After that scanning seems to continue but when I want to access
> http://127.7.7.7/spiderman?terminate
> I get:
> There was an error while requesting
> "http://127.7.7.7/spiderman?terminate=";. Reason: [Errno 111] Connection
> refused
> http://127.7.7.7/spiderman | Method: GET
> What could be the problem?
> Vojta
>> Hi,
>> I am doing some penetration testing on a web application. This
>> application doesn't offer any great functions without actually logging in.
>> I found some posts about authenticated scans from earlier times here on
>> this list.
>> So I use spider-man and I set correct regex pattern for ignoring some
>> parts of the application.
>> I selected various combinations of plugins and I always end with some
>> w3af proxy traceback.
>> I suppose that this is due because of some aggressive test interfering
>> with application logic.
>> unfortunatelly I can't give you more specific info about the application.
>> I wonder if following would be possible:
>> 1. Scan just structure of the application with spiderman and webspider,
>> probably some little URL fuzzing but maybe not.
>> 2. export all found URLs.
>> 3. run W3Af again with these URLs imported and valid user session token
>> (cookie) supplied.
>> Or is there any other thing that would help me?
>> Like running tests in strictly given order?
>> thank oyu very much,
>> Vojta
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
