[W3af-svn-notify] [Task #147988] misc-settings / nonTarget should be parameter specific
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
[W3af-svn-notify] [Task #147988] misc-settings / nonTarget should be parameter specific
|
From: SourceForge.net <no...@so...> - 2008-04-23 01:49:22
|
Task #147988 has been updated. Project: w3af Subproject: TODO v1.10 Summary: misc-settings / nonTarget should be parameter specific Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: Comment by Gerry Eisenhaur: """It seems like there should be a way to set which parameters to not fuzz during the audits. Like I said before, I had very little time to look over the code so if this exists, sorry.""" My answer: """ hmm... you can actually "blacklist" URLs this way: w3af>>> misc-settings w3af/misc-settings>>> view Parameter Value Description ========= ===== =========== ... nonTarget A comma separated list of URLs that w3af should completely ignore ... w3af/misc-settings>>> set nonTarget http://localhost/doNotFuzz.php BUT like you say, there is no way to say "on URL xyz, fuzz everything BUT variable f00". Once again, this could be useful; but has priority 0 IMHO if you compare it to the session thing you mentioned before .""" ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=147988&group_id=170274&group_project_id=54341 |
