w3af-svn-notify Mailing List for w3af (Page 233)
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
w3af-svn-notify — This mailing list has a copy of the SVN Commit logs and each modified file
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
(235) |
Mar
(336) |
Apr
(280) |
May
(278) |
Jun
(159) |
Jul
(270) |
Aug
(240) |
Sep
(121) |
Oct
(110) |
Nov
(199) |
Dec
(228) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(251) |
Feb
(206) |
Mar
(115) |
Apr
(45) |
May
(27) |
Jun
(67) |
Jul
(49) |
Aug
(38) |
Sep
(10) |
Oct
(131) |
Nov
(89) |
Dec
(38) |
| 2010 |
Jan
(85) |
Feb
(71) |
Mar
(45) |
Apr
(23) |
May
(12) |
Jun
|
Jul
(11) |
Aug
(7) |
Sep
(81) |
Oct
(79) |
Nov
(165) |
Dec
(62) |
| 2011 |
Jan
(134) |
Feb
(73) |
Mar
(34) |
Apr
(63) |
May
(147) |
Jun
(43) |
Jul
(21) |
Aug
(26) |
Sep
(43) |
Oct
(34) |
Nov
(44) |
Dec
(112) |
| 2012 |
Jan
(47) |
Feb
(44) |
Mar
(72) |
Apr
(209) |
May
(54) |
Jun
(279) |
Jul
(151) |
Aug
(332) |
Sep
(39) |
Oct
(268) |
Nov
(116) |
Dec
(368) |
| 2013 |
Jan
(73) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2008-06-12 03:04:37
|
Task #149181 has been updated. Project: w3af Subproject: gtkUi - Phase 4 Summary: use pynotify to... Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: use pynotify to: - alert when a request is trapped by the proxy - alert whenever a vulnerability is found ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=149181&group_id=170274&group_project_id=55676 |
|
From: <fac...@us...> - 2008-06-12 02:40:46
|
Revision: 1288
http://w3af.svn.sourceforge.net/w3af/?rev=1288&view=rev
Author: facundobatista
Date: 2008-06-11 19:40:42 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Verified that has been exposed at least once
before start drawing.
Modified Paths:
--------------
trunk/core/ui/gtkUi/logtab.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 20:33:58
|
Revision: 1287
http://w3af.svn.sourceforge.net/w3af/?rev=1287&view=rev
Author: andresriancho
Date: 2008-06-11 13:33:17 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Minimal change that adds a print of the w3af version when the gtkUi is started. This is used mainly for easy bug reports.
Modified Paths:
--------------
trunk/core/ui/gtkUi/main.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 15:32:34
|
Revision: 1286
http://w3af.svn.sourceforge.net/w3af/?rev=1286&view=rev
Author: andresriancho
Date: 2008-06-11 08:31:19 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Minimal change that adds a \n.
Modified Paths:
--------------
trunk/core/ui/gtkUi/helpers.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 12:20:09
|
Revision: 1285
http://w3af.svn.sourceforge.net/w3af/?rev=1285&view=rev
Author: andresriancho
Date: 2008-06-11 05:19:51 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Fixed common issue in the kb when plugins called getData with self as first param.
Modified Paths:
--------------
trunk/core/controllers/basePlugin/baseAttackPlugin.py
trunk/core/data/kb/knowledgeBase.py
trunk/plugins/grep/httpAuthDetect.py
trunk/plugins/grep/pathDisclosure.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 12:04:36
|
Revision: 1284
http://w3af.svn.sourceforge.net/w3af/?rev=1284&view=rev
Author: andresriancho
Date: 2008-06-11 05:04:26 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Fixed bug #1968002 that printed duplicated messages of 401 authentication for the same directory.
Modified Paths:
--------------
trunk/plugins/grep/httpAuthDetect.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 11:56:44
|
Revision: 1283
http://w3af.svn.sourceforge.net/w3af/?rev=1283&view=rev
Author: andresriancho
Date: 2008-06-11 04:56:29 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Minimal change to findComments, and fixed false positive detected in codeDisclosure when the remote web application used something like: "<?xml version="1.0" encoding="UTF-8"?>".
Modified Paths:
--------------
trunk/plugins/grep/codeDisclosure.py
trunk/plugins/grep/findComments.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 03:31:00
|
Revision: 1282
http://w3af.svn.sourceforge.net/w3af/?rev=1282&view=rev
Author: andresriancho
Date: 2008-06-10 20:30:56 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
While fixing [ 1989003 ] shared hosting false positive, I found some bugs in the handling of UTF8 in the output plugins, so I also fixed those.
Modified Paths:
--------------
trunk/plugins/discovery/sharedHosting.py
trunk/plugins/output/htmlFile.py
trunk/plugins/output/textFile.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 02:59:28
|
Revision: 1281
http://w3af.svn.sourceforge.net/w3af/?rev=1281&view=rev
Author: andresriancho
Date: 2008-06-10 19:59:22 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
Fixing false positives in osCommanding and in httpAuthDetect (#1988994).
Modified Paths:
--------------
trunk/plugins/audit/osCommanding.py
trunk/plugins/grep/httpAuthDetect.py
trunk/scripts/script-grepAll.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 02:27:51
|
Revision: 1280
http://w3af.svn.sourceforge.net/w3af/?rev=1280&view=rev
Author: andresriancho
Date: 2008-06-10 19:27:50 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
While fixing bug #1984680 (xsrf not saved to kb) I found a problem with the types of the gtkUi database and fixed it.
Modified Paths:
--------------
trunk/plugins/audit/xsrf.py
trunk/plugins/output/gtkOutput.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 02:07:47
|
Revision: 1279
http://w3af.svn.sourceforge.net/w3af/?rev=1279&view=rev
Author: andresriancho
Date: 2008-06-10 19:07:45 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
Fixing bug in the parsing of input tags that have no attributes. This was bug #1990352.
Modified Paths:
--------------
trunk/core/data/parsers/htmlParser.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-11 01:58:28
|
Revision: 1278
http://w3af.svn.sourceforge.net/w3af/?rev=1278&view=rev
Author: andresriancho
Date: 2008-06-10 18:58:26 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
SSN and CreditCards == Now the number is printed in the message. Minimal fixes to httpResponse and added comment in threadManager (which needs to be rewritten).
Modified Paths:
--------------
trunk/core/controllers/threads/threadManager.py
trunk/core/data/url/httpResponse.py
trunk/core/data/url/xUrllib.py
trunk/plugins/grep/creditCards.py
trunk/plugins/grep/pathDisclosure.py
trunk/plugins/grep/ssn.py
trunk/w3af.e3t
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ab...@us...> - 2008-06-10 16:38:36
|
Revision: 1277
http://w3af.svn.sourceforge.net/w3af/?rev=1277&view=rev
Author: aberezh
Date: 2008-06-10 09:38:15 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
consoleUi: Intercepting Ctrl+C on loading.
Modified Paths:
--------------
trunk/core/ui/consoleUi/consoleUi.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ab...@us...> - 2008-06-10 15:53:15
|
Revision: 1276
http://w3af.svn.sourceforge.net/w3af/?rev=1276&view=rev
Author: aberezh
Date: 2008-06-10 08:52:35 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
consoleUi: Small refactoring; commas are not suggested for plugin lists autocompletions (spaces are used instead).
Modified Paths:
--------------
trunk/core/ui/consoleUi/plugins.py
trunk/core/ui/consoleUi/util.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-10 13:33:59
|
Revision: 1275
http://w3af.svn.sourceforge.net/w3af/?rev=1275&view=rev
Author: andresriancho
Date: 2008-06-10 06:33:57 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
The proxy now knows how to stop.
Modified Paths:
--------------
trunk/core/controllers/daemons/proxy.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-10 13:11:08
|
Revision: 1274
http://w3af.svn.sourceforge.net/w3af/?rev=1274&view=rev
Author: andresriancho
Date: 2008-06-10 06:11:05 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
New signature for sql injection; comments and debug stuff for proxy and removed a print that Sasha added in spiderMan.
Modified Paths:
--------------
trunk/core/controllers/daemons/proxy.py
trunk/plugins/audit/sqli.py
trunk/plugins/discovery/spiderMan.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-06-10 13:01:56
|
Task #148812 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: default|.aspx Complete: 0% Status: Open Authority : andresriancho Assigned to: andresriancho Description: default|.aspx is guaranteed to generate an exception in aspx pages. I should add this to a plugin... maybe a new plugin ? Follow-Ups: ------------------------------------------------------- Date: 2008-06-10 10:01 By: andresriancho Comment: Also detect this ones: http://www.securiteam.com/windowsntfocus/5YP0I0AM0U.html ------------------------------------------------------- Date: 2008-05-28 13:18 By: andresriancho Comment: if I grep for <Appsettings> (make it case insensitive) I may found the web.config of aspx. Maybe its a good idea to create a plugin that fetches web.config. ------------------------------------------------------- Date: 2008-05-28 13:15 By: andresriancho Comment: also view default~.aspx ------------------------------------------------------- Date: 2008-05-28 13:14 By: andresriancho Comment: hmmm , ASP.NET security plugin ? http://g100603sv953.cencosud.corp/BzbBalanzas/Accesos/Usuarios/trace.axd I should search for trace.axd, if the response is "<title>Trace Error</title>" then i don't have a problem. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148812&group_id=170274&group_project_id=50603 |
|
From: SourceForge.net <no...@so...> - 2008-06-09 13:00:36
|
Task #149098 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: plugin that sends empty parameters Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: Create a plugin that sends empty parameters and analyzes responses. There are times where "param=" triggers some interesting bug that "param='a[]f0';--" won't. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=149098&group_id=170274&group_project_id=50603 |
|
From: SourceForge.net <no...@so...> - 2008-06-09 00:16:07
|
Task #148224 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: Resend request Complete: 90% Status: Open Authority : andresriancho Assigned to: facundobatista Description: When showing a req/res of a vuln in the results tab, also show a button that says "Send to request editor" that opens a "Manual request editor" with the request head and body filled with the request that triggers the vulnerability. Also and when the request fuzzer is ready, add a button that says "Send to request fuzzer" that does the same but with the request fuzzer. This easy buttons "merge" these three parts of the software that were separated before =) Follow-Ups: ------------------------------------------------------- Date: 2008-06-08 21:16 By: facundobatista Comment: We're sending information to the compare... but still needing to send the title of the comparing panes. ------------------------------------------------------- Date: 2008-06-07 10:41 By: facundobatista Comment: Added functionality to send to fuzzy and manual, still missing the send to compare. ------------------------------------------------------- Date: 2008-06-06 19:59 By: facundobatista Comment: Added the buttons, still missing the functionality. ------------------------------------------------------- Date: 2008-05-22 23:29 By: facundobatista Comment: Three things: - Why methods to show/hide the buttons? The normal usage will be to show the req/resp window with or without those buttons, not change them later. - If still going with those methods... why separate methods for each button? Normally you'll want to show them both, or hide them both. - If still going with separate methods... why the first two are called "...ResendButton"? they should be called "...SendToManual". Thanks! ------------------------------------------------------- Date: 2008-05-13 13:23 By: andresriancho Comment: Extra note: The buttons should be easily hidden if needed. In other words, add these methods: showResendButton() hideResendButton() showSendToFuzzer() hideSendToFuzzer() ------------------------------------------------------- Date: 2008-05-13 13:18 By: andresriancho Comment: The buttons should be added to the reqResViewer class. The specific place is below the two text views that show the request. ------------------------------------------------------- Date: 2008-05-11 20:04 By: facundobatista Comment: Add a button... *where*? Or do you mean to open a popup window, when user right clicks the vuln, with those two options? ------------------------------------------------------- Date: 2008-05-01 20:27 By: andresriancho Comment: Add the same buttons in the request response navigator. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148224&group_id=170274&group_project_id=56282 |
|
From: SourceForge.net <no...@so...> - 2008-06-09 00:15:17
|
Task #148114 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: HTTP response side by side content compare Complete: 70% Status: Open Authority : facundobatista Assigned to: facundobatista Description: Try to reutilize MELD (check the license). Test if that reutilization is ok in win32. Andres needs to define how to choose the two responses (or more than two). This task needs further definitions!! Follow-Ups: ------------------------------------------------------- Date: 2008-06-08 21:15 By: facundobatista Comment: Added a lot of functionality, ------------------------------------------------------- Date: 2008-05-26 01:26 By: facundobatista Comment: This should be discused and designed face to face. Andres, we should meet about this. Good news: I now have MELD trimmed down and usable for what we want (+4 hs cleaning code!), :D ------------------------------------------------------- Date: 2008-05-25 15:30 By: andresriancho Comment: Given that the responses to compare are going to be selected by the user at some point; and the only way that the user can see responses are within a reqResViewer then I think that the best place to add the selector for responses to compare is there. Now, more in detail: - The compare tool, if based on meld, should have the same icon. For now, the tool can be called "Diff tool". - The selector that I was talking before, should be a small button with the tool icon, which would be located on the bottom of the response notebook inside reqResViewer. The button should only show the icon and have a tooltip that says "Send to diff tool". - In order to keep the same design, the buttons that send the request to the manual request editor and to the fuzzy should look like the above one: only the icon in the button and the corresponding tooltip. Please note that these buttons are below the request notebook, and the diff tool one is below the response notebook. - The user can send as many responses as he wants to the diff tool. - When the user opens the diff tool, he will be presented with a modified version of meld, that on the left pane shows the first response that he sent to the diff tool, and on the right pane shows the second response. All other responses can be selected to be diff'ed with a entries.PagesControl widget. - This modified version of meld should *clearly* show to the user if the responses are equal. A good way of doing this is to put on top of the responses two labels that have the sha1 hash of the responses; and if the hashes match set the background color of the two labels to green, and if they don't set them to red. - The diff tool should also have a "Clear" button that removes all responses from the current view; so the user can send others to compare. - The tool should have a "delete from view" button that allows the user to remove the response being compared from the diff tool. - The tool should have a button that sends a response from the right pane to the left pane; and sends the one in the left pane to the list of other responses being compared. Do you need more definitions? If so, don't hesitate to ask. Crazy feature that would be really cool to implement in version 3.0 of w3af: after sending a lot of responses to the diff tool, you would hit a button that says "Multicompare" that draws a graph that has one circle for each request. The distance between the circles determines how different they are. This would make a multiple comparison of responses sooooooo easy! I think I could implement this just for the fun of watching it work ;) ------------------------------------------------------- Date: 2008-05-11 17:32 By: facundobatista Comment: Pretty much it can be reused, need to find out how to stop using gnome stuff, for win32. Regarding license, it's GPL, so I think it's fine. I'll wait further definitions here, to see if MELD is suitable or not (so I'm assigning this now to Andres). ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148114&group_id=170274&group_project_id=56282 |
|
From: <fac...@us...> - 2008-06-09 00:14:59
|
Revision: 1273
http://w3af.svn.sourceforge.net/w3af/?rev=1273&view=rev
Author: facundobatista
Date: 2008-06-08 17:14:57 -0700 (Sun, 08 Jun 2008)
Log Message:
-----------
Added a lot of functionality, although some still missing.
Modified Paths:
--------------
trunk/core/ui/gtkUi/comparator/comparator.py
trunk/core/ui/gtkUi/compare.py
trunk/core/ui/gtkUi/entries.py
trunk/core/ui/gtkUi/main.py
trunk/core/ui/gtkUi/reqResViewer.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-08 13:53:22
|
Revision: 1272
http://w3af.svn.sourceforge.net/w3af/?rev=1272&view=rev
Author: andresriancho
Date: 2008-06-08 06:53:20 -0700 (Sun, 08 Jun 2008)
Log Message:
-----------
Starting to work with encodings... hmmm... this could solve some bugs and introduce new ones... not sure about this commit.
Modified Paths:
--------------
trunk/core/data/url/httpResponse.py
trunk/scripts/script-webSpider.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <fac...@us...> - 2008-06-07 20:13:22
|
Revision: 1271
http://w3af.svn.sourceforge.net/w3af/?rev=1271&view=rev
Author: facundobatista
Date: 2008-06-07 13:13:18 -0700 (Sat, 07 Jun 2008)
Log Message:
-----------
Integrated the comparator to w3af, with no functionality
yet, but with the full window designed.
Modified Paths:
--------------
trunk/core/ui/gtkUi/comparator/comparator.py
trunk/core/ui/gtkUi/main.py
trunk/core/ui/gtkUi/prompt.py
Added Paths:
-----------
trunk/core/ui/gtkUi/comparator/__init__.py
trunk/core/ui/gtkUi/compare.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-07 15:51:38
|
Revision: 1270
http://w3af.svn.sourceforge.net/w3af/?rev=1270&view=rev
Author: andresriancho
Date: 2008-06-07 08:51:34 -0700 (Sat, 07 Jun 2008)
Log Message:
-----------
The request response viewer now has a new parameter that indicates if the textview is going to be editable or not. I adapted the code so it respects
what the user can and can't do with the responses.
Modified Paths:
--------------
trunk/core/ui/gtkUi/craftedRequests.py
trunk/core/ui/gtkUi/httpLogTab.py
trunk/core/ui/gtkUi/reqResViewer.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-07 15:27:28
|
Revision: 1269
http://w3af.svn.sourceforge.net/w3af/?rev=1269&view=rev
Author: andresriancho
Date: 2008-06-07 08:27:26 -0700 (Sat, 07 Jun 2008)
Log Message:
-----------
New version of the clusterView window, which also changes some other files because I moved the throbber from main to helpers.
Modified Paths:
--------------
trunk/core/ui/gtkUi/clusterView.py
trunk/core/ui/gtkUi/entries.py
trunk/core/ui/gtkUi/helpers.py
trunk/core/ui/gtkUi/main.py
trunk/w3af.e3p
trunk/w3af.e3t
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
