Re: [W3af-develop] Cross-Site Scripting context detection engine rewrite
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-develop] Cross-Site Scripting context detection engine rewrite
|
From: Owen T. <ow...@gm...> - 2015-09-16 09:26:27
|
Try installing libxml-devel and re-run? Looks like pip is trying to build but needs the header files, which are usually in the -devel package. Cheers, Owen On 16 Sep 2015 10:05 am, "Taras" <ox...@ox...> wrote: > Hello! > > Trying to run it on Fedora 22 inside virtualenv and while installing > all deps see such error: > > /tmp/pip-build-mBBs62/lxml/src/lxml/includes/etree_defs.h:14:31: > fatal error: libxml/xmlversion.h: No such file or directory > > compilation terminated. > > error: command 'gcc' failed with exit status 1 > > $ rpm -q -a libxml* > libxml-devel-1.8.17-34.fc22.x86_64 > libxml-1.8.17-34.fc22.x86_64 > libxml2-2.9.2-3.fc22.x86_64 > libxml2-python-2.9.2-3.fc22.x86_64 > libxml2-2.9.2-3.fc22.i686 > libxml++-2.38.0-1.fc22.x86_64 > > Any ideas? > > В Чт, 10/09/2015 в 22:52 +0300, Taras пишет: > > Andres, great job! :-) I will try to test it. > > > > В Чт, 10/09/2015 в 12:16 -0300, Andres Riancho пишет: > > > List, > > > > > > I'm glad to announce that w3af can now detect 100% of the XSS > > > vulnerabilities in WAVSEP! > > > > > > As part of the "Improve w3af's score for WAVSEP XSS by at least > > > 20%" [0] task, I completely rewrote (twice) the context detection > > > engine originally developed by Taras. The new engine has the > > > following > > > improvements: > > > > > > * Code is easier to read > > > * Context detection false positive is reduced (But can still be > > > improved by migrating from HTMLParser to lxml) > > > * Added JavaScript sub-parser > > > * Added CSS sub-parser > > > > > > I've also added new payloads to the XSS plugin which were > > > required > > > to "break out" of the new contexts we're identifying. > > > > > > These changes are part of the "develop" branch, just switch to > > > the > > > branch using "git checkout develop" and enjoy the new features (bug > > > reports are always welcome!). > > > > > > For those who love to read code, you'll find most of the > > > changes here [1] > > > > > > Enjoy! > > > > > > [0] https://github.com/andresriancho/w3af/issues/37 > > > [1] https://github.com/andresriancho/w3af/tree/develop/w3af/core/da > > > ta/context > > > > > > Regards, > > --------------------------------------------------------------------- > > --------- > > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > > Get real-time metrics from all of your servers, apps and tools > > in one place. > > SourceForge users - Click here to start your Free Trial of Datadog > > now! > > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > > _______________________________________________ > > W3af-develop mailing list > > W3a...@li... > > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > > ------------------------------------------------------------------------------ > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > _______________________________________________ > W3af-develop mailing list > W3a...@li... > https://lists.sourceforge.net/lists/listinfo/w3af-develop > |
