That I know. But I'm not able to resolve it.
I'm having OWASP broken web apps in my system, Everyone knows it has
security issues but I'm still not able to get any exploit in that.

Sometimes I get exploit sometimes I dont. Is there any way to resolve this
http timeout error.
I have tried giving max timeout(which is 30 second in w3af) still it didnt
yield nothing

Thanks
Shreyas



[image: --]

Shreyas M R
[image: http://]about.me/shreyasmrs
<http://about.me/shreyasmrs?promo=email_sig>


On Wed, Oct 12, 2016 at 7:36 PM, ad^2 <adsquai...@gmail.com> wrote:

> Hey Shreyas,
>
> According to the output of "report-full audit.html" there was a connection
> issue. There were a number of 'HTTP timeout errors'.
>
> The sqli plugin got an error while requesting "http://demo.testfire.net/
> subscribe.aspx". Reason: "HTTP timeout error"
> rror"
>
>
> Thx,
>
> ad^2
>
> On Wed, Oct 12, 2016 at 2:34 AM, Shreyas M R <shreyas7...@gmail.com>
> wrote:
>
>> Hi,
>>
>> Thanks for suggestions ad^2
>> Sorry for late reply
>>
>> 1) I have used w3af version: 1.6.54
>> 2) I used console to do the scan as gui hangs sometimes
>> 3) I used Full audit profile (other than this i didnt not use any plugins
>> or exploit)
>> 4) scan output I'm sharing as attachment
>>
>>
>> the steps I followed are
>> profiles Full audit
>> plugins output html_file, csv_file
>> target set target http://demo.testfire.net
>> start
>>
>> I have different output for same profile and same target.
>>
>> Please help me out in this
>>
>> Thanks
>> Shreyas
>>
>>
>>
>>
>>
>>
>> [image: --]
>>
>> Shreyas M R
>> [image: http://]about.me/shreyasmrs
>> <http://about.me/shreyasmrs?promo=email_sig>
>>
>>
>> On Wed, Oct 5, 2016 at 9:15 PM, ad^2 <adsquai...@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> First, it's always good to include the steps you used to reproduce the
>>> issue reported. Help us the community help you by providing more details
>>> and things you have tried.
>>>
>>> What version of w3af?
>>> GUI or Console?
>>> Your selection of plugins/profiles/exploits, etc.?  (you mentioned OWASP
>>> top 10).
>>> What is the output of the scan?
>>>
>>>
>>> Try this and let me know if you find something interesting.
>>>
>>> w3af -s testfire.w3af.script
>>>
>>> [testfire script file contents]
>>>
>>> profiles use audit_high_risk
>>> plugins output html_file
>>> plugins output config html_file
>>> set output_file /root/testfire.html
>>> back
>>> plugins audit blind_sqli sqli
>>> target set target http://demo.testfire.net
>>> start
>>>
>>>
>>>
>>>
>>> Thx,
>>>
>>> ad^2
>>>
>>>
>>>
>>>
>>> On Wed, Oct 5, 2016 at 1:59 AM, Shreyas M R <shreyas7...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm using w3af owasp top10 profile on http://demo.testfire.net/ which
>>>> has sqli and xss vulnerabilities. I'm not getting any vulnerabilities from
>>>> w3af scan. please anyone help me out in this.
>>>>
>>>>
>>>>
>>>>
>>>> [image: --]
>>>>
>>>> Shreyas M R
>>>> [image: http://]about.me/shreyasmrs
>>>> <http://about.me/shreyasmrs?promo=email_sig>
>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> W3af-users mailing list
>>>> W3af-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to