Thank you very much. I am sorry if I am asking something that has been
already mentioned, but I didn't see this trick anywhere explicitly written.
Thanks,
Vojta
Dne 29.1.2014 15:37, Andres Riancho napsal(a):
> I'm getting tired of saying this (and it is completely my fault)
> but... have you tried with the `feature/module` branch?
>
> cd w3af
> git checkout feature/module
> ./w3af_console
>
> On Tue, Jan 21, 2014 at 8:32 PM, Vojtěch Polášek <krec...@gmail.com> wrote:
>> Hi,
>> here I am sending the traceback I get:
>> ----------------------------------------
>> Exception happened during processing of request from ('127.0.0.1', 44787)
>> Traceback (most recent call last):
>> File "/usr/lib/python2.7/SocketServer.py", line 284, in
>> _handle_request_noblock
>> self.process_request(request, client_address)
>> File "/usr/lib/python2.7/SocketServer.py", line 310, in process_request
>> self.finish_request(request, client_address)
>> File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
>> self.RequestHandlerClass(request, client_address, self)
>> File
>> "/home/vojta/software/pentesting/w3af/plugins/crawl/spider_man.py", line
>> 109, in constructor
>> return ProxyHandler(request, client_addr, server, self)
>> File
>> "/home/vojta/software/pentesting/w3af/plugins/crawl/spider_man.py", line
>> 183, in __init__
>> w3afProxyHandler.__init__(self, request, client_address, server)
>> File "/usr/lib/python2.7/SocketServer.py", line 638, in __init__
>> self.handle()
>> File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
>> self.handle_one_request()
>> File
>> "/home/vojta/software/pentesting/w3af/core/controllers/daemons/proxy.py",
>> line
>> 54, in handle_one_request
>> self.raw_requestline = self.rfile.readline()
>> File "/usr/lib/python2.7/socket.py", line 447, in readline
>> data = self._sock.recv(self._rbufsize)
>> timeout: timed out
>> ----------------------------------------
>> Dne 22.1.2014 00:14, Vojtěch Polášek napsal(a):
>> After that scanning seems to continue but when I want to access
>> http://127.7.7.7/spiderman?terminate
>> I get:
>> There was an error while requesting
>> "http://127.7.7.7/spiderman?terminate=";. Reason: [Errno 111] Connection
>> refused
>> http://127.7.7.7/spiderman | Method: GET
>> What could be the problem?
>> Vojta
>>> Hi,
>>> I am doing some penetration testing on a web application. This
>>> application doesn't offer any great functions without actually logging in.
>>> I found some posts about authenticated scans from earlier times here on
>>> this list.
>>> So I use spider-man and I set correct regex pattern for ignoring some
>>> parts of the application.
>>> I selected various combinations of plugins and I always end with some
>>> w3af proxy traceback.
>>> I suppose that this is due because of some aggressive test interfering
>>> with application logic.
>>> unfortunatelly I can't give you more specific info about the application.
>>> I wonder if following would be possible:
>>> 1. Scan just structure of the application with spiderman and webspider,
>>> probably some little URL fuzzing but maybe not.
>>> 2. export all found URLs.
>>> 3. run W3Af again with these URLs imported and valid user session token
>>> (cookie) supplied.
>>> Or is there any other thing that would help me?
>>> Like running tests in strictly given order?
>>> thank oyu very much,
>>> Vojta
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>> _______________________________________________
>> W3af-users mailing list
>> W3af-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
