w3af-develop Mailing List for w3af (Page 11)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Nothing special. The directory /var/www/scanreports/ needs to be
writable by the www-data user.

On Tue, Jun 25, 2013 at 8:56 AM, saleem <asa...@cd...> wrote:
> as i have written earlier , same code i am using but this time i am trying
> to generate the XML output file .
>
> this is my w3af script :
>
> http-settings
> set timeout 60
> back
> plugins
> crawl web_spider
> crawl config web_spider
> set only_forward False
> set follow_regex .*
> set ignore_regex (?i)(logout|disconnect|signout|exit)+
> back
> audit blind_sqli
> back
> output xml_file
> output config xml_file
> set output_file /var/www/scanreports/w3af_10.242.92.6_25062013_165727.xml
> back
> back
> target
> set target <url>
> back
> start
> exit
>
>
> and this is my php script :
> <?
>
> $w3af_script="22222.w3af";
>
> echo "Start of code ::*****";
>
> if(is_readable($w3af_script))
>     {
>
>         echo "\n"."ready to execute the script in the terminal";
>
>         `python w3af_console -s $w3af_script`;
>
>     }
>
>
> if(is_readable("w3af_10.242.92.6_25062013_162721.xml"))
>
> {
>     echo "-----OOOOOOOOOOOoutput file got generated ";
>
> }
> else
>     echo "-----FFFFailed to generate the outpt file ";
>
>
> ?>
>
>
> so when i run this as root user it is generating the xml file and if same i
> run as www-data user i am unable to get the output xml file .
>
> please guide me in setting right permissions so that i can get XML as output
> file .
>
>
>
>
>
>
>
> On Tuesday 25 June 2013 05:07 PM, Andres Riancho wrote:
>>
>> On Tue, Jun 25, 2013 at 7:06 AM, saleem <asa...@cd...> wrote:
>>>
>>> Thank u andrews for guiding me .
>>>
>>> i am facing a small problem ,i.e i am unable to generate the XML file
>>> from
>>> the browser is there any dependency for that ?
>>>
>>> if i run the same from terminal i am able to generate the XML file ,  i
>>> am
>>> using mozilla browser .
>>
>> The browser has nothing to do with all this. In any case it's PHP and
>> the way you call w3af from it.
>>
>>> On Monday 24 June 2013 06:04 PM, Andres Riancho wrote:
>>>>
>>>> Saleem,
>>>>
>>>> On Mon, Jun 24, 2013 at 9:14 AM, saleem <asa...@cd...> wrote:
>>>>>
>>>>> Thanku so much for that andrews .
>>>>>
>>>>> now i am able to generate file , but i have having small problem,
>>>>>
>>>>> i am getting  this error at the end of the txt file which got generated
>>>>> .
>>>>>
>>>>> [Mon Jun 24 17:19:43 2013 - console] termios error: (25, 'Inappropriate
>>>>> ioctl for device')
>>>>
>>>> Seen this before, but never needed to fix it. I mean... w3af continues
>>>> to work, and you only get it when w3af is run "without a terminal".
>>>>
>>>> How did you fix your original error?
>>>>
>>>>> any solution for this kind of error !!
>>>>>
>>>>>
>>>>>
>>>>> On Monday 24 June 2013 04:58 PM, Andres Riancho wrote:
>>>>>>
>>>>>> On Mon, Jun 24, 2013 at 8:08 AM, saleem <asa...@cd...> wrote:
>>>>>>>
>>>>>>> thanks for the response andrews.
>>>>>>>
>>>>>>>
>>>>>>> Why do you suspect of permissions issue?
>>>>>>>
>>>>>>>
>>>>>>> I suspect permission issue because when i run the code as root user
>>>>>>> in
>>>>>>> the
>>>>>>> terminal it is generating the output file.
>>>>>>>
>>>>>>> if i run the same code in the browser it is not generating the output
>>>>>>> files
>>>>>>> .
>>>>>>
>>>>>> Can be because of other things, like the www-data user not having an
>>>>>> environment variable set, or something like that.
>>>>>>
>>>>>> Try this:
>>>>>>
>>>>>> sudo -s -H
>>>>>> <enter your root password>
>>>>>> su www-data
>>>>>> cd to-python-install
>>>>>> python w3af_console ...
>>>>>>
>>>>>>> Are you trying "su www-data" and then running the exact same command?
>>>>>>>
>>>>>>>
>>>>>>> i have given www-data:www-data permission to my code as well .
>>>>>>> still it is not working.
>>>>>>>
>>>>>>> i will try to explain once again :
>>>>>>>
>>>>>>> i have a w3af script for w3af crawl -
>>>>>>> http-settings
>>>>>>> set timeout 60
>>>>>>> back
>>>>>>> plugins
>>>>>>> crawl web_spider
>>>>>>> crawl config web_spider
>>>>>>> set only_forward False
>>>>>>> set follow_regex .*http:/localhost.*
>>>>>>> set ignore_regex (?i)(logout|disconnect|signout|exit)+
>>>>>>> back
>>>>>>> output text_file
>>>>>>> output config text_file
>>>>>>> set output_file
>>>>>>> /var/www/wsafe1/scanreports/crawl_localhost_222222222.txt
>>>>>>> set verbose False
>>>>>>> back
>>>>>>> back
>>>>>>> target
>>>>>>> set target http://localhost:80
>>>>>>> back
>>>>>>> start
>>>>>>> exit
>>>>>>>
>>>>>>>
>>>>>>> i have called this script in my php code i.e :
>>>>>>>
>>>>>>> <?
>>>>>>>
>>>>>>> $w3af_script="/var/www/wsafe1/crawl_localhost_222222222.w3af";
>>>>>>> echo "Start of code ::*****";
>>>>>>>
>>>>>>> if(is_readable($w3af_script))
>>>>>>>        {
>>>>>>>
>>>>>>>            echo "\n"."ready to execute the script in the terminal";
>>>>>>>
>>>>>>>            `python /var/www/wsafe1/tools/w3af/w3af_console -s
>>>>>>> $w3af_script`;
>>>>>>>
>>>>>>>        }
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> if(is_readable("/var/www/wsafe1/scanreports/crawl_localhost_222222222.txt"))
>>>>>>> {
>>>>>>>        echo "-----OOOOOOOOOOOoutput file got generated ";
>>>>>>>
>>>>>>> }
>>>>>>> else
>>>>>>>        echo "-----FFFFailed to generate the outpt file ";
>>>>>>>
>>>>>>>
>>>>>>> ?>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> now problem is , i am not getting the file generated if i run the
>>>>>>> code
>>>>>>> from
>>>>>>> the browser or by normal user.
>>>>>>>
>>>>>>> root user is able to generate the files using the same code .
>>>>>>>
>>>>>>>
>>>>>>> please help me out !!!!!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Monday 24 June 2013 04:14 PM, Andres Riancho wrote:
>>>>>>>>
>>>>>>>> Saleem,
>>>>>>>>
>>>>>>>> On Mon, Jun 24, 2013 at 1:11 AM, saleem <asa...@cd...>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> ok thanku for responding andres .
>>>>>>>>>
>>>>>>>>> fine i will tell u in detail what i have done .
>>>>>>>>>
>>>>>>>>> Earlier i had older version of w3af(r4473) in which my script was
>>>>>>>>> working
>>>>>>>>> fine
>>>>>>>>> currently i am using
>>>>>>>>> w3af - Web Application Attack and Audit Framework
>>>>>>>>> Version: 1.5
>>>>>>>>> Revision: 790bb82add
>>>>>>>>
>>>>>>>> First of all, it was a great idea to update.
>>>>>>>>
>>>>>>>>> w3af script i have written (attachment) :
>>>>>>>>> screenshot 1
>>>>>>>>> PHP script i have written was (attachment):
>>>>>>>>> screenshot 2
>>>>>>>>
>>>>>>>> I wouldn't run w3af in the request/response process. I'm unsure
>>>>>>>> about
>>>>>>>> how to do it for PHP, but in python there is Celery which allows you
>>>>>>>> to queue work, process results, etc.
>>>>>>>>
>>>>>>>>> now i have given permission to that php script as  well as w3af ,
>>>>>>>>> using
>>>>>>>>> chmod command i have given 777 permissions.
>>>>>>>>
>>>>>>>> Why do you suspect of permissions issue?
>>>>>>>>
>>>>>>>>> problem is when i am executing it in terminal i am getting the
>>>>>>>>> output
>>>>>>>>> ,
>>>>>>>>> if
>>>>>>>>> the same i am executing in the browser i am not getting the output
>>>>>>>>> i.e
>>>>>>>>> output files are not getting generated .
>>>>>>>>
>>>>>>>> Are you trying "su www-data" and then running the exact same
>>>>>>>> command?
>>>>>>>>
>>>>>>>>> please help me out and sorry for my english.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Monday 24 June 2013 12:35 AM, Andres Riancho wrote:
>>>>>>>>>>
>>>>>>>>>> Saleem,
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 21, 2013 at 12:31 PM, saleem <asa...@cd...>
>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi all ,
>>>>>>>>>>>
>>>>>>>>>>> I have written a script which uses w3af script in the background,
>>>>>>>>>>> and
>>>>>>>>>>> trying
>>>>>>>>>>> to execute that script through browser , but i am not getting any
>>>>>>>>>>> output
>>>>>>>>>>> if
>>>>>>>>>>> i do the same in the terminal i am getting the output .
>>>>>>>>>>>
>>>>>>>>>>> please help me out !!!
>>>>>>>>>>
>>>>>>>>>> It's almost impossible to answer this question without more
>>>>>>>>>> detail.
>>>>>>>>>> Also, why do you think this is a w3af problem and not just you
>>>>>>>>>> setting
>>>>>>>>>> incorrect permissions to the filesystem files? More than glad to
>>>>>>>>>> help
>>>>>>>>>> if you send details,
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>>
>>>>>>>>>>> Thanks & Regards ,
>>>>>>>>>>> saleem
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> This e-mail is for the sole use of the intended recipient(s) and
>>>>>>>>>>> may
>>>>>>>>>>> contain confidential and privileged information. If you are not
>>>>>>>>>>> the
>>>>>>>>>>> intended recipient, please contact the sender by reply e-mail and
>>>>>>>>>>> destroy
>>>>>>>>>>> all copies and the original message. Any unauthorized review,
>>>>>>>>>>> use,
>>>>>>>>>>> disclosure, dissemination, forwarding, printing or copying of
>>>>>>>>>>> this
>>>>>>>>>>> email
>>>>>>>>>>> is strictly prohibited and appropriate legal action will be
>>>>>>>>>>> taken.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>> This SF.net email is sponsored by Windows:
>>>>>>>>>>>
>>>>>>>>>>> Build for Windows Store.
>>>>>>>>>>>
>>>>>>>>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> W3af-develop mailing list
>>>>>>>>>>> W3a...@li...
>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Andrés Riancho
>>>>>>>>>> Project Leader at w3af - http://w3af.org/
>>>>>>>>>> Web Application Attack and Audit Framework
>>>>>>>>>> Twitter: @w3af
>>>>>>>>>> GPG: 0x93C344F3
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> This e-mail is for the sole use of the intended recipient(s) and
>>>>>>>>> may
>>>>>>>>> contain confidential and privileged information. If you are not the
>>>>>>>>> intended recipient, please contact the sender by reply e-mail and
>>>>>>>>> destroy
>>>>>>>>> all copies and the original message. Any unauthorized review, use,
>>>>>>>>> disclosure, dissemination, forwarding, printing or copying of this
>>>>>>>>> email
>>>>>>>>> is strictly prohibited and appropriate legal action will be taken.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>> --
>>>>>>>> Andrés Riancho
>>>>>>>> Project Leader at w3af - http://w3af.org/
>>>>>>>> Web Application Attack and Audit Framework
>>>>>>>> Twitter: @w3af
>>>>>>>> GPG: 0x93C344F3
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>
>>>>>>> This e-mail is for the sole use of the intended recipient(s) and may
>>>>>>> contain confidential and privileged information. If you are not the
>>>>>>> intended recipient, please contact the sender by reply e-mail and
>>>>>>> destroy
>>>>>>> all copies and the original message. Any unauthorized review, use,
>>>>>>> disclosure, dissemination, forwarding, printing or copying of this
>>>>>>> email
>>>>>>> is strictly prohibited and appropriate legal action will be taken.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>>>
>>>>>> --
>>>>>> Andrés Riancho
>>>>>> Project Leader at w3af - http://w3af.org/
>>>>>> Web Application Attack and Audit Framework
>>>>>> Twitter: @w3af
>>>>>> GPG: 0x93C344F3
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> This e-mail is for the sole use of the intended recipient(s) and may
>>>>> contain confidential and privileged information. If you are not the
>>>>> intended recipient, please contact the sender by reply e-mail and
>>>>> destroy
>>>>> all copies and the original message. Any unauthorized review, use,
>>>>> disclosure, dissemination, forwarding, printing or copying of this
>>>>> email
>>>>> is strictly prohibited and appropriate legal action will be taken.
>>>>>
>>>>>
>>>>> -------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>
>>>> --
>>>> Andrés Riancho
>>>> Project Leader at w3af - http://w3af.org/
>>>> Web Application Attack and Audit Framework
>>>> Twitter: @w3af
>>>> GPG: 0x93C344F3
>>>>
>>>>
>>>
>>>
>>> -------------------------------------------------------------------------------------------------------------------------------
>>>
>>> This e-mail is for the sole use of the intended recipient(s) and may
>>> contain confidential and privileged information. If you are not the
>>> intended recipient, please contact the sender by reply e-mail and destroy
>>> all copies and the original message. Any unauthorized review, use,
>>> disclosure, dissemination, forwarding, printing or copying of this email
>>> is strictly prohibited and appropriate legal action will be taken.
>>>
>>> -------------------------------------------------------------------------------------------------------------------------------
>>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>>
>>
>
>
> -------------------------------------------------------------------------------------------------------------------------------
>
> This e-mail is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender by reply e-mail and destroy
> all copies and the original message. Any unauthorized review, use,
> disclosure, dissemination, forwarding, printing or copying of this email
> is strictly prohibited and appropriate legal action will be taken.
> -------------------------------------------------------------------------------------------------------------------------------
>

-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

2008	Jan (20)	Feb (36)	Mar (45)	Apr (83)	May (100)	Jun (86)	Jul (68)	Aug (143)	Sep (41)	Oct (58)	Nov (47)	Dec (66)
2009	Jan (41)	Feb (33)	Mar (115)	Apr (61)	May (68)	Jun (83)	Jul (64)	Aug (33)	Sep (18)	Oct (62)	Nov (61)	Dec (24)
2010	Jan (38)	Feb (24)	Mar (56)	Apr (31)	May (19)	Jun (5)	Jul (13)	Aug (12)	Sep (34)	Oct (32)	Nov (37)	Dec (13)
2011	Jan (50)	Feb (56)	Mar (15)	Apr (12)	May (39)	Jun (16)	Jul (23)	Aug (7)	Sep (10)	Oct (32)	Nov (44)	Dec (40)
2012	Jan (40)	Feb (78)	Mar (21)	Apr (88)	May (56)	Jun (89)	Jul (55)	Aug (37)	Sep (31)	Oct (47)	Nov (13)	Dec (8)
2013	Jan (24)	Feb (20)	Mar (12)	Apr (23)	May (27)	Jun (22)	Jul (18)	Aug (14)	Sep (5)	Oct (7)	Nov (2)	Dec (1)
2014	Jan (7)	Feb (13)	Mar (52)	Apr (23)	May (3)	Jun	Jul	Aug (5)	Sep (5)	Oct (1)	Nov	Dec
2015	Jan (4)	Feb (7)	Mar (8)	Apr (3)	May	Jun (2)	Jul (12)	Aug (15)	Sep (9)	Oct (3)	Nov (4)	Dec (10)
2016	Jan (1)	Feb	Mar	Apr	May (4)	Jun	Jul	Aug (4)	Sep	Oct	Nov	Dec
2019	Jan	Feb	Mar	Apr (1)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2021	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug (1)	Sep	Oct	Nov	Dec

w3af-develop Mailing List for w3af (Page 11)

w3af-develop — dev list for w3af