Re: [W3af-develop] w3af q
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-develop] w3af q
|
From: Andres R. <and...@gm...> - 2015-03-03 12:01:42
|
Electric Mind,
On Tue, Mar 3, 2015 at 5:40 AM, Electric Mind <ma...@ze...> wrote:
> Hello everyone!
>
> Here is my code sample:
>
> #!/usr/bin/env python
>
> from w3af.core.controllers.w3afCore import w3afCore
> from w3af.plugins.tests.helper import create_target_option_list
> from w3af.core.data.parsers.url import URL
> from w3af.core.data.options.option_list import OptionList
> from w3af.core.data.options.opt_factory import opt_factory
> from w3af.core.data.kb import knowledge_base
>
> w3afcore = w3afCore()
> target_opts = create_target_option_list(URL("http://localhost"))
> w3afcore.target.set_options(target_opts)
>
> w3afcore.plugins.set_plugins(['click_jacking'] , 'grep')
>
> w3afcore.plugins.init_plugins()
> w3afcore.start()
>
>
> I’d like to understand where is method “OPTIONS * HTTP/1.0” get executed. I
> couldn’t find it in fingerprint_404 class...
>
> Below you could see my apache logs:
>
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET / HTTP/1.1" 200 428
> "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
> w3af.org)”
>
> ==> error.log <==
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/lvX119D7.cgi
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/BdfTExEg.do
>
> ==> other_vhosts_access.log <==
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /lvX119D7.cgi
> HTTP/1.1" 404 447 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /BdfTExEg.do
> HTTP/1.1" 404 446 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
>
> ==> error.log <==
>
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/zneaLKli.asp
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/nj2Wub66.foobar
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/mp5JzKQz.htm
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/Ll5OAx0X.py
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/VCVM34f7.gif
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/348kxmyI.htmls
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/lY3gD4if.jsp
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/FJZ3bNfK.rb
>
> ==> other_vhosts_access.log <==
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /zneaLKli.asp
> HTTP/1.1" 404 446 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /nj2Wub66.foobar
> HTTP/1.1" 404 450 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /mp5JzKQz.htm
> HTTP/1.1" 404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /Ll5OAx0X.py
> HTTP/1.1" 404 447 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /VCVM34f7.gif
> HTTP/1.1" 404 449 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /348kxmyI.htmls
> HTTP/1.1" 404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /lY3gD4if.jsp
> HTTP/1.1" 404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /FJZ3bNfK.rb
> HTTP/1.1" 404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
>
> ==> error.log <==
> [Mon Mar 02 03:46:44 2015] [error] [client ::1] File does not exist:
> /var/www/JxX8yBjT.xhtml
>
> ==> other_vhosts_access.log <==
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:44 -0500] "GET /JxX8yBjT.xhtml
> HTTP/1.1" 404 449 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
>
> ==> error.log <==
> [Mon Mar 02 03:46:45 2015] [error] [client ::1] script
> '/var/www/joHWRGWy.php' not found or unable to stat
> [Mon Mar 02 03:46:45 2015] [error] [client ::1] File does not exist:
> /var/www/GFDhaqJu.aspx
>
> ==> other_vhosts_access.log <==
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:45 -0500] "GET /joHWRGWy.php
> HTTP/1.1" 404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:45 -0500] "GET /GFDhaqJu.aspx
> HTTP/1.1" 404 448 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
>
> ==> error.log <==
> [Mon Mar 02 03:46:46 2015] [error] [client ::1] File does not exist:
> /var/www/1Qy6y9dj.pl
>
> ==> other_vhosts_access.log <==
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:46 -0500] "GET /1Qy6y9dj.pl
> HTTP/1.1" 404 447 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
> Trident/4.0; w3af.org)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:47 -0500] "OPTIONS * HTTP/1.0" 200
> 126 "-" "Apache/2.2.22 (Debian) (internal dummy connection)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:48 -0500] "OPTIONS * HTTP/1.0" 200
> 126 "-" "Apache/2.2.22 (Debian) (internal dummy connection)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:49 -0500] "OPTIONS * HTTP/1.0" 200
> 126 "-" "Apache/2.2.22 (Debian) (internal dummy connection)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:50 -0500] "OPTIONS * HTTP/1.0" 200
> 126 "-" "Apache/2.2.22 (Debian) (internal dummy connection)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:51 -0500] "OPTIONS * HTTP/1.0" 200
> 126 "-" "Apache/2.2.22 (Debian) (internal dummy connection)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:52 -0500] "OPTIONS * HTTP/1.0" 200
> 126 "-" "Apache/2.2.22 (Debian) (internal dummy connection)"
> 127.0.1.1:80 ::1 - - [02/Mar/2015:03:46:53 -0500] "OPTIONS * HTTP/1.0" 200
> 126 "-" "Apache/2.2.22 (Debian) (internal dummy connection)”
w3af doesn't send those HTTP requests, those are for internal
management of child processes in apache, see:
https://wiki.apache.org/httpd/InternalDummyConnection
>
> Thanks!
>
>
> Best Regards.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> W3af-develop mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
|
