pjh,

    Please read inline:

On Mon, Nov 8, 2010 at 4:42 PM, p.j. hartlieb <philip.hartlieb@us.army.mil> wrote:
I'm receiving the following error when running remoteFileInclude against
a target

Background:
-w3af revision 3623
-w3af host: Fedora core<<2.6.33.3-85.fc13.i686.PAE>>
-target: custom Drupal install

Settings for remoteFileInclude:
- usew3afsite   True
- listenPort    44449
- listenAddress x.x.x.230

Result:
> The following was clipped from the textFile

Section 1:  The error is on the last line
----------------------------------------------------------------
[ Mon Nov  8 06:27:07 2010 - debug ] Starting plugin: remoteFileInclude
[ Mon Nov  8 06:27:07 2010 - debug ] DNS response from DNS server for
domain: x.x.x.230
[ Mon Nov  8 06:27:07 2010 - debug ] Cached DNS response for domain:
x.x.x.230
[ Mon Nov  8 06:27:07 2010 - debug ] DNS response from DNS server for
domain: hostname
[ Mon Nov  8 06:27:07 2010 - debug ] RFI test using local web server for
URL: https://hostname/og/search/47
[ Mon Nov  8 06:27:07 2010 - debug ] w3af is running a webserver
[ Mon Nov  8 06:27:07 2010 - debug ] Called start2() of:
<webserver(Thread-23, initial)>
[ Mon Nov  8 06:27:07 2010 - debug ] Starting daemon thread:
<webserver(Thread-23, initial)>
[ Mon Nov  8 06:27:07 2010 - debug ] Changing socket options of
w3afHTTPServer to (socket.SOL_SOCKET, socket.S
O_REUSEADDR, 1)
[ Mon Nov  8 06:27:07 2010 - error ] Failed to start webserver, error:
[Errno 98] Address already in use         <----------ERROR


Hmmm, this is very strange, this bug should have been fixed in:
http://sourceforge.net/apps/trac/w3af/ticket/160023

I'm CCing Javier so we can review the ticket again.

Thanks for the detailed report.
 

Section2: This is from further down in the text file.  It's obvious that
the local server is handling requests.
----------------------------------------------------------------
[ Mon Nov  8 06:27:11 2010 - debug ] POST https://hostname/og/search/9
with data:
"form_build_id=http://x.x.x.230:44449/h3O0QcxBeHEuNdoesncTWf&search_theme_form=Hello World&form_token=c5dd2919b015978d83ebdd574696284e&form_id=search_theme_form" returned HTTP code "200" - id: 2953
[ Mon Nov  8 06:27:11 2010 - debug ] keepalive: removed one connection,
len(self._hostmap["hostname"]): 2
[ Mon Nov  8 06:27:11 2010 - debug ] POST https://hostname/og/search/9
with data:
"form_build_id=form-4ecafb6fa2a44dfadafb9618a355d1bb&search_theme_form=Hello World&form_token=c5dd2919b015978d83ebdd574696284e&form_id=http://x.x.x.230:44449/h3O0QcxBeHEuNdoesncTWf" returned HTTP code "200" - id: 2954
[ Mon Nov  8 06:27:11 2010 - debug ] keepalive: removed one connection,
len(self._hostmap["hostname"]): 1
[ Mon Nov  8 06:27:11 2010 - debug ] POST https://hostname/og/search/9
with data:
"form_build_id=form-4ecafb6fa2a44dfadafb9618a355d1bb&search_theme_form=http://x.x.x.230:44449/h3O0QcxBeHEuNdoesncTWf&form_token=c5dd2919b015978d83ebdd574696284e&form_id=search_theme_form" returned HTTP code "200" - id: 2955


Yep, it seems that it's handling requests, but we need to make sure that its actually handling them properly. We could have some problems if another instance of the w3afHttpServer handles the requests. We'll check it out.
 

Questions:
Can I safely ignore this error as w3af is trying to start a web server
that is already running?

Can't tell without some deeper analysis.
 

Is is safer just to use w3af.sf.net and forget about running a local web
server?  I found that if I set listenAddress to 127.0.0.1 it will only
use the w3af.sf.net server.


If the server you're analyzing has internet access, then yes, it's safer.
 

Should I submit a formal bug report?

No need, but thanks, I'm re-opening [0] with a reference to this email thread.
[0] http://sourceforge.net/apps/trac/w3af/ticket/160023
 


Thanks,

-pjh



------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a
Billion" shares his insights and actions to help propel your
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users



--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af