Re: [W3af-users] W3AF scan behaviour (now in users list)
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-users] W3AF scan behaviour (now in users list)
|
From: Andres R. <and...@gm...> - 2016-07-25 14:31:48
|
Tiago, On Sat, Jul 23, 2016 at 12:32 PM, Tiago Vieira <tia...@no...> wrote: > Hello, > > My name is Tiago, I'm doing a master thesis in web security and I'm using > w3af to perform some tests. > > My question is related with the scan, when we select a URL to attack, does > the application performs posts on that URL? Most likely not, it depends on the plugins you enabled. If you enabled the web_spider plugin it will perform a GET to the URL, retrieve the forms, and perform POST on those forms. > I've tried manual requests and fuzzing but this does not allow simple > parametrization for multiple requests and I would prefer using the available > plugins. > > One of the applications I'm testing has several assync requests and I wanted > to test each one of them with the available plugins. You may want to read: http://docs.w3af.org/en/latest/advanced-use-cases.html > Thank you > Best regards > > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning > reports.http://sdm.link/zohodev2dev > _______________________________________________ > W3af-users mailing list > W3a...@li... > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
