Not your fault, I should merge that branch into develop/master once
and for all...
On Wed, Jan 29, 2014 at 11:40 AM, Vojtěch Polášek <krec...@gmail.com> wrote:
> Thank you very much. I am sorry if I am asking something that has been
> already mentioned, but I didn't see this trick anywhere explicitly written.
> Thanks,
> Vojta
>
>
> Dne 29.1.2014 15:37, Andres Riancho napsal(a):
>> I'm getting tired of saying this (and it is completely my fault)
>> but... have you tried with the `feature/module` branch?
>>
>> cd w3af
>> git checkout feature/module
>> ./w3af_console
>>
>> On Tue, Jan 21, 2014 at 8:32 PM, Vojtěch Polášek <krec...@gmail.com> wrote:
>>> Hi,
>>> here I am sending the traceback I get:
>>> ----------------------------------------
>>> Exception happened during processing of request from ('127.0.0.1', 44787)
>>> Traceback (most recent call last):
>>> File "/usr/lib/python2.7/SocketServer.py", line 284, in
>>> _handle_request_noblock
>>> self.process_request(request, client_address)
>>> File "/usr/lib/python2.7/SocketServer.py", line 310, in process_request
>>> self.finish_request(request, client_address)
>>> File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
>>> self.RequestHandlerClass(request, client_address, self)
>>> File
>>> "/home/vojta/software/pentesting/w3af/plugins/crawl/spider_man.py", line
>>> 109, in constructor
>>> return ProxyHandler(request, client_addr, server, self)
>>> File
>>> "/home/vojta/software/pentesting/w3af/plugins/crawl/spider_man.py", line
>>> 183, in __init__
>>> w3afProxyHandler.__init__(self, request, client_address, server)
>>> File "/usr/lib/python2.7/SocketServer.py", line 638, in __init__
>>> self.handle()
>>> File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
>>> self.handle_one_request()
>>> File
>>> "/home/vojta/software/pentesting/w3af/core/controllers/daemons/proxy.py",
>>> line
>>> 54, in handle_one_request
>>> self.raw_requestline = self.rfile.readline()
>>> File "/usr/lib/python2.7/socket.py", line 447, in readline
>>> data = self._sock.recv(self._rbufsize)
>>> timeout: timed out
>>> ----------------------------------------
>>> Dne 22.1.2014 00:14, Vojtěch Polášek napsal(a):
>>> After that scanning seems to continue but when I want to access
>>> http://127.7.7.7/spiderman?terminate
>>> I get:
>>> There was an error while requesting
>>> "http://127.7.7.7/spiderman?terminate=";. Reason: [Errno 111] Connection
>>> refused
>>> http://127.7.7.7/spiderman | Method: GET
>>> What could be the problem?
>>> Vojta
>>>> Hi,
>>>> I am doing some penetration testing on a web application. This
>>>> application doesn't offer any great functions without actually logging in.
>>>> I found some posts about authenticated scans from earlier times here on
>>>> this list.
>>>> So I use spider-man and I set correct regex pattern for ignoring some
>>>> parts of the application.
>>>> I selected various combinations of plugins and I always end with some
>>>> w3af proxy traceback.
>>>> I suppose that this is due because of some aggressive test interfering
>>>> with application logic.
>>>> unfortunatelly I can't give you more specific info about the application.
>>>> I wonder if following would be possible:
>>>> 1. Scan just structure of the application with spiderman and webspider,
>>>> probably some little URL fuzzing but maybe not.
>>>> 2. export all found URLs.
>>>> 3. run W3Af again with these URLs imported and valid user session token
>>>> (cookie) supplied.
>>>> Or is there any other thing that would help me?
>>>> Like running tests in strictly given order?
>>>> thank oyu very much,
>>>> Vojta
>>>
>>> ------------------------------------------------------------------------------
>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>> Critical Workloads, Development Environments & Everything In Between.
>>> Get a Quote or Start a Free Trial Today.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> W3af-users mailing list
>>> W3af-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> WatchGuard Dimension instantly turns raw network data into actionable
> security intelligence. It gives you real-time visual feedback on key
> security issues and trends. Skip the complicated setup - simply import
> a virtual appliance and go from zero to informed in seconds.
> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
