[W3af-develop] A few words and thoughts about w3af web UI

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi, all!

Recent days I thought about usage of w3af in enterprise level.

What things do I need for the current moment and think that it can be
good base for the future:
     1. web based UI to schedule scans and profile management with
        multiuser support
     2. support for custom URL formats of web applications (at least URL
        rewrite)
     3. more convenient login sequences feature
     4. convenient way to test AJAX heavy usage applications (e.g.
        GMail)

My technical suggestions:
     1. very simple web UI with LDAP support and notifications. We can
        use Django for it
     2. we can implement support for URL patterns like
        '/app/controller/action/%d' so w3af will understand which part
        of URL can be fuzzed and understand that such URL in modern web
        world is not file system path.
     3. we can add login files (auth requests + special URL/pattern to
        check session) and we can generate such sequences with our MITM
        proxy tool. IMHO, it is most clear task from my list.
     4. we can integrate into web UI proxy management (tester use this
        proxy to navigate through testing app so w3af will collect all
        requests for this app) and make special output plugin which will
        store in file all requests. Then we can use this file with
        already existing importResults plugin plus auth seq to test even
        such web applications like GMail automatically.

These are my common points to discuss :)

P.S. I has made separate branch for experiments.

On Tue, 2011-03-22 at 14:47 -0300, Andres Riancho wrote:
> I think that before even starting a massive project like this one, we
> should have a discussion in w3af-develop about technology, objectives,
> etc. Would you mind starting the discussion?
> 
> On Mon, Mar 21, 2011 at 1:45 PM,  <ox...@us...> wrote:
> > Revision: 4087
> >          http://w3af.svn.sourceforge.net/w3af/?rev=4087&view=rev
> > Author:   oxdef
> > Date:     2011-03-21 16:45:13 +0000 (Mon, 21 Mar 2011)
> >
> > Log Message:
> > -----------
> > Lets think about web UI for w3af
> >
> > Added Paths:
> > -----------
> >    branches/webui/

-- 
Taras
http://oxdef.info
----
"Software is like sex: it's better when it's free." - Linus Torvalds