Christian, On Mon, Jun 1, 2015 at 6:33 AM, <spass-bill...@gmx.de> wrote: > Hello, > > I didn't get it right to ignore some URLs during evaluation of a target > webapp. > Let's say the target URL should be > > http://test.host/foo/bar/index.html > > On this entry site there are two links (among others) which should NOT be > considered for further investigation by W3AF: > > http://test.host/foo/search/ > http://test.host/print.html > > I didn't get it right yet trying for instance: > > set ignore_regex .*(search|print\.html)$ > > or (to get rid of at least the first link) > > set ignore_regex .*search.* > > or even (trying to match the second URL to ignore) > > set ignore_regex .*print\.html$ > > But W3AF always comes up with timeouts regarding both of the two URLs (the > target webapp is running in a special test environment where the mentioned > links are not backed by a responding application); it also lists the links in > the report's section "URLs found during application scan". > > What am I doing wrong here? I've tested the regular expressions for > compatibility issues regarding PERL's syntax etc. here: > > http://www.pythonregex.com/ > > Thank you for any kind of help.
The regular expressions look good. Some ideas about what might be going on: * These regular expressions only apply to the web spider [0]. If you have other plugins enabled and those plugins find the URLs then they will be crawled. If I don't remember incorrectly there is a framework-wide setting called non-target to avoid visiting a URL with ANY plugin * You might add some print statements around these lines [1] to understand what's going on [0] https://github.com/andresriancho/w3af/blob/master/w3af/plugins/crawl/web_spider.py [1] https://github.com/andresriancho/w3af/blob/master/w3af/plugins/crawl/web_spider.py#L283-L287 Regards, > Christian > > > > ------------------------------------------------------------------------------ > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
