Re: [W3af-develop] w3af scanning can use the static port or only can use on dynamical way?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Tiff,

    Please follow these [0] guidelines to report your bugs. Thanks!

[0] http://docs.w3af.org/en/latest/report-a-bug.html

On Fri, Aug 7, 2015 at 12:03 AM, 冠庭 羅 <bti...@ya...> wrote:
> Hi,
>
> I got some error message but I don't understand, first of all I thought that
> was because of Firewall am I right?
>
> (venv)[root@VC07-i-14A0C84F w3af]# ./w3af_api
> * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
> 127.0.0.1 - - [07/Aug/2015 10:53:21] "POST /scans/ HTTP/1.1" 201 -
> The URL: "http://testaspnet.vulnweb.com/" has .NET ViewState encryption
> disabled. This programming/configuration error could be exploited to decode
> the viewstate contents. This information was found in the request with id
> 18.
> The remote Web server sent a strange HTTP reasonmessage "", manual
> inspection is recommended. This information was found in the request with id
> 18.
> No URLs found during crawl phase.
> The following error was detected and could not be resolved:
> Failed to initialize the 404 detection, original exception was: "".
>
> Scan finished in 8 seconds.
> Stopping the core...
> ^CException TypeError: "'NoneType' object is not callable" in  ignored
> Exception TypeError: "'NoneType' object is not callable" in  ignored
>
> Thanks,
>
> Tiff
>
>
>
>
> Owen Tuz <ow...@gm...> 於 2015/8/6 (週四) 2:30 PM 寫道﹕
>
>
> Hi Tiff,
> Software filters based on the destination port, not the source port:
> http://stackoverflow.com/questions/21253474/source-port-vs-destination-port
> The source port is always random, as Andres says. The destination port is
> static as you are describing.
> For what it is worth, this is handled by your operating system and is true
> for all programs.  It is not controlled by w3af at all.
> Best regards,
> Owen
> On 6 Aug 2015 4:51 am, "冠庭 羅" <bti...@ya...> wrote:
>
> Hi,
>
> But it's weird. Don't software filter which port has already be used, if it
> choose 22, 80 and so on?
> If it can check that's mean, it can check the open port to send packet?
>
> Because there are Firewall in front of my VM, must to let w3af to send
> packet on the same port so that I don't need to open all Firewall's port.
> or maybe some way to solve it, but not open all the port.
>
> Thanks,
>
> Tiff
>
>
>
>
> Andres Riancho <and...@gm...> 於 2015/8/6 (週四) 10:09 AM 寫道﹕
>
>
>
>
> Source ports are dynamic on all OS
>
> On Wed, Aug 5, 2015 at 10:18 PM, 冠庭 羅 <bti...@ya...> wrote:
>> Hi,
>>
>> There is an another question.
>> Is that possible for scanning be used on the static port?
>> I used wireshark to catch packet.
>> I found that the packet which send by w3af doesn't use the "same port"
>> each
>> time I start a new scanning.
>>
>> Thanks,
>>
>> Tiff
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> W3af-develop mailing list
>> W3a...@li...
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>>
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-develop mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>
>


-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3