w3af-svn-notify Mailing List for w3af (Page 238)
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
w3af-svn-notify — This mailing list has a copy of the SVN Commit logs and each modified file
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
(235) |
Mar
(336) |
Apr
(280) |
May
(278) |
Jun
(159) |
Jul
(270) |
Aug
(240) |
Sep
(121) |
Oct
(110) |
Nov
(199) |
Dec
(228) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(251) |
Feb
(206) |
Mar
(115) |
Apr
(45) |
May
(27) |
Jun
(67) |
Jul
(49) |
Aug
(38) |
Sep
(10) |
Oct
(131) |
Nov
(89) |
Dec
(38) |
| 2010 |
Jan
(85) |
Feb
(71) |
Mar
(45) |
Apr
(23) |
May
(12) |
Jun
|
Jul
(11) |
Aug
(7) |
Sep
(81) |
Oct
(79) |
Nov
(165) |
Dec
(62) |
| 2011 |
Jan
(134) |
Feb
(73) |
Mar
(34) |
Apr
(63) |
May
(147) |
Jun
(43) |
Jul
(21) |
Aug
(26) |
Sep
(43) |
Oct
(34) |
Nov
(44) |
Dec
(112) |
| 2012 |
Jan
(47) |
Feb
(44) |
Mar
(72) |
Apr
(209) |
May
(54) |
Jun
(279) |
Jul
(151) |
Aug
(332) |
Sep
(39) |
Oct
(268) |
Nov
(116) |
Dec
(368) |
| 2013 |
Jan
(73) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2008-05-23 12:19:34
|
Task #148511 has been updated.
Project: w3af
Subproject: gtkUi - OWASP SoC 2008
Summary: Results - URLs - Right button over tree entry
Complete: 5%
Status: Open
Authority : andresriancho
Assigned to: facundobatista
Description: Results - URLs - Right button over tree entry:
- A menu should pop-up; and the following options should be there:
- Manually resend request
- Send to request fuzzer
Follow-Ups:
-------------------------------------------------------
Date: 2008-05-23 09:19
By: andresriancho
Comment:
No, I was talking about the URLs tab inside the result tab. The Informations/Vulns/etc that are stored in the KB browser can be re-sent using the buttons that will appear in the reqResViewer.
The right click is over something that says "f00.php", or "/path/" or "?a=3". When the user clicks on resend/send to fuzzer, the gtkUi should recreate the whole URL navigating the tree backwards, and then send that to the corresponding tool.
-------------------------------------------------------
Date: 2008-05-22 23:41
By: facundobatista
Comment:
Over any tree entry, or just those which actually *have* a http request to handle? (I mean, for those that the http request is being shown in the right part).
Also, I understand you're talking about the KB Browser tab of Results... tell me if I'm wrong.
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148511&group_id=170274&group_project_id=56282
|
|
From: SourceForge.net <no...@so...> - 2008-05-23 02:43:43
|
Task #148623 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: Add icons for http-config and misc-config Complete: 100% Status: Closed Authority : andresriancho Assigned to: facundobatista Description: Add icons for http-config and misc-config in the main menu window. Follow-Ups: ------------------------------------------------------- Date: 2008-05-22 23:43 By: facundobatista Comment: Done in r1202. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148623&group_id=170274&group_project_id=56282 |
|
From: <fac...@us...> - 2008-05-23 02:43:26
|
Revision: 1202
http://w3af.svn.sourceforge.net/w3af/?rev=1202&view=rev
Author: facundobatista
Date: 2008-05-22 19:43:25 -0700 (Thu, 22 May 2008)
Log Message:
-----------
Put an icon to the Config windows.
Modified Paths:
--------------
trunk/core/ui/gtkUi/confpanel.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-05-23 02:41:27
|
Task #148511 has been updated.
Project: w3af
Subproject: gtkUi - OWASP SoC 2008
Summary: Results - URLs - Right button over tree entry
Complete: 5%
Status: Open
Authority : andresriancho
Assigned to: facundobatista
Description: Results - URLs - Right button over tree entry:
- A menu should pop-up; and the following options should be there:
- Manually resend request
- Send to request fuzzer
Follow-Ups:
-------------------------------------------------------
Date: 2008-05-22 23:41
By: facundobatista
Comment:
Over any tree entry, or just those which actually *have* a http request to handle? (I mean, for those that the http request is being shown in the right part).
Also, I understand you're talking about the KB Browser tab of Results... tell me if I'm wrong.
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148511&group_id=170274&group_project_id=56282
|
|
From: SourceForge.net <no...@so...> - 2008-05-23 02:35:54
|
Task #148429 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: ? signs in fuzzer window Complete: 100% Status: Closed Authority : andresriancho Assigned to: facundobatista Description: I don't fully recall where/when, but we talked about removing the "?" signs in the fuzzer window and replacing them with something else. Follow-Ups: ------------------------------------------------------- Date: 2008-05-22 23:35 By: facundobatista Comment: Done in r1201. ------------------------------------------------------- Date: 2008-05-13 15:06 By: andresriancho Comment: Quoting myself from the mailing list: "I'm not fully sure... maybe a grayed zero ? I have tried to remember how other programs do it... but I don't recall any functionality like this one... hmmm. Does the grayed zero have any real difference in the look with the other text?" =) I think that it's just a matter of trying and seeing what looks better. ------------------------------------------------------- Date: 2008-05-13 13:48 By: facundobatista Comment: Define "something else". ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148429&group_id=170274&group_project_id=56282 |
|
From: <fac...@us...> - 2008-05-23 02:34:46
|
Revision: 1201
http://w3af.svn.sourceforge.net/w3af/?rev=1201&view=rev
Author: facundobatista
Date: 2008-05-22 19:34:45 -0700 (Thu, 22 May 2008)
Log Message:
-----------
No more interrogation signs for unknown feedback, now
we have greyed out zeroes.
Modified Paths:
--------------
trunk/core/ui/gtkUi/craftedRequests.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-05-23 02:29:15
|
Task #148224 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: Resend request Complete: 10% Status: Open Authority : andresriancho Assigned to: facundobatista Description: When showing a req/res of a vuln in the results tab, also show a button that says "Send to request editor" that opens a "Manual request editor" with the request head and body filled with the request that triggers the vulnerability. Also and when the request fuzzer is ready, add a button that says "Send to request fuzzer" that does the same but with the request fuzzer. This easy buttons "merge" these three parts of the software that were separated before =) Follow-Ups: ------------------------------------------------------- Date: 2008-05-22 23:29 By: facundobatista Comment: Three things: - Why methods to show/hide the buttons? The normal usage will be to show the req/resp window with or without those buttons, not change them later. - If still going with those methods... why separate methods for each button? Normally you'll want to show them both, or hide them both. - If still going with separate methods... why the first two are called "...ResendButton"? they should be called "...SendToManual". Thanks! ------------------------------------------------------- Date: 2008-05-13 13:23 By: andresriancho Comment: Extra note: The buttons should be easily hidden if needed. In other words, add these methods: showResendButton() hideResendButton() showSendToFuzzer() hideSendToFuzzer() ------------------------------------------------------- Date: 2008-05-13 13:18 By: andresriancho Comment: The buttons should be added to the reqResViewer class. The specific place is below the two text views that show the request. ------------------------------------------------------- Date: 2008-05-11 20:04 By: facundobatista Comment: Add a button... *where*? Or do you mean to open a popup window, when user right clicks the vuln, with those two options? ------------------------------------------------------- Date: 2008-05-01 20:27 By: andresriancho Comment: Add the same buttons in the request response navigator. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148224&group_id=170274&group_project_id=56282 |
|
From: SourceForge.net <no...@so...> - 2008-05-23 02:14:12
|
Task #148431 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: Manual request and fuzzer window icons Complete: 100% Status: Closed Authority : andresriancho Assigned to: facundobatista Description: The manual request and fuzzer windows should have window icons. For now, we cna just keep the same icon that the w3af main window has. Follow-Ups: ------------------------------------------------------- Date: 2008-05-22 23:14 By: facundobatista Comment: Done in r1200. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148431&group_id=170274&group_project_id=56282 |
|
From: <fac...@us...> - 2008-05-23 02:07:51
|
Revision: 1200
http://w3af.svn.sourceforge.net/w3af/?rev=1200&view=rev
Author: facundobatista
Date: 2008-05-22 19:07:50 -0700 (Thu, 22 May 2008)
Log Message:
-----------
Put icons to the new windows (manual request, fuzzy requests,
and the encoder decoder one).
Modified Paths:
--------------
trunk/core/ui/gtkUi/craftedRequests.py
trunk/core/ui/gtkUi/encdec.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-05-23 01:58:28
|
Task #148430 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: fuzzer analysis Complete: 100% Status: Closed Authority : andresriancho Assigned to: facundobatista Description: When the user enters the preview mode for requests generated in the fuzzer, there is no indication of how many were generated. The only please where the generated number is shown is in the main fuzzer window screen. It should be shown in the preview somewhere. Follow-Ups: ------------------------------------------------------- Date: 2008-05-22 22:58 By: facundobatista Comment: Done in r1199. Also fixed the counter to show normal counts (1 to max), not 0-based ones (0 to max-1). ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148430&group_id=170274&group_project_id=56282 |
|
From: <fac...@us...> - 2008-05-23 01:54:57
|
Revision: 1199
http://w3af.svn.sourceforge.net/w3af/?rev=1199&view=rev
Author: facundobatista
Date: 2008-05-22 18:54:55 -0700 (Thu, 22 May 2008)
Log Message:
-----------
Show the total of pages next to the page selector. Also fixed the
counter to show normal counts (1 to max), not 0-based ones
(0 to max-1).
Modified Paths:
--------------
trunk/core/ui/gtkUi/entries.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-05-23 00:59:18
|
Task #148428 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: Detailed sintax help Complete: 100% Status: Closed Authority : andresriancho Assigned to: facundobatista Description: The request fuzzer needs a much more detailed sintax help. Also, you should add examples to the help. Please use all the available space inside that notepad tab and also use xml markup to make the help look nicer. Follow-Ups: ------------------------------------------------------- Date: 2008-05-22 21:59 By: facundobatista Comment: Improved, done in r1198. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148428&group_id=170274&group_project_id=56282 |
|
From: <fac...@us...> - 2008-05-23 00:57:55
|
Revision: 1198
http://w3af.svn.sourceforge.net/w3af/?rev=1198&view=rev
Author: facundobatista
Date: 2008-05-22 17:57:54 -0700 (Thu, 22 May 2008)
Log Message:
-----------
Improved the syntax help text.
Modified Paths:
--------------
trunk/core/ui/gtkUi/craftedRequests.py
trunk/core/ui/gtkUi/main.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-05-23 00:27:29
|
Task #148676 has been updated. Project: w3af Subproject: TODO v1.12 Summary: parameter discovery using static code analysis Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: parameter discovery using static code analysis; this means: - code a new plugin - plugin should have access to source code - plugin should know the URL for every file which he has access to - The plugin will read the code and if it finds something like: $GET['a'] The he should add the parameter to the script fuzzable request and then the other audit plugins can use: http://localhost/c.php?a=f00 The idea is good but we have to think about the details. This is the start of w3af doing static code analysis. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148676&group_id=170274&group_project_id=54342 |
|
From: SourceForge.net <no...@so...> - 2008-05-22 19:37:41
|
Task #148674 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: encode decode window Complete: 0% Status: Open Authority : andresriancho Assigned to: facundobatista Description: Sorry for adding more things to a window that was already finished, but I found some other encodings that we should provide to the users. Please download wfuzz from http://www.edge-security.com/wfuzz.php and see the file encoders.py . Some of them are already implemented, but some aren't. Follow-Ups: ------------------------------------------------------- Date: 2008-05-22 16:37 By: andresriancho Comment: Two more (encoder only): - encoder_mysqlchar - encoder_mssqlchar These two encoders are useful for SQL injections, and return the encoded string surrounded by a CHAR() function: MYSQL ===== def encode(self,string): new="CHAR(" for x in string: val=str(ord(x)) new+=str(val)+"," new=new.strip(",") new+=")" return new MSSQL ===== def encode(self,string): new="" for x in string: val=str(ord(x)) new+="CHAR("+str(val)+")+" new=new.strip("+") return new ------------------------------------------------------- Date: 2008-05-22 16:29 By: andresriancho Comment: The encoders to add are: - Double urlencode (apply urlencode twice) [must have decode] - Random upper (change random chars of the string to upper case) - Random lower (change random chars of the string to lower case) - Hex Encoding as specified in the pdf linked here [0] [must have decode] - Double Percent Hex Encoding as specified in the pdf linked here [0] - Double Nibble Hex Encoding as specified in the pdf linked here [0] - First Nibble Hex Encoding as specified in the pdf linked here [0] - Second Nibble Hex Encoding as specified in the pdf linked here [0] - UTF-8 Encoding as specified in the pdf linked here [0] - UTF-8 Bare Byte Encoding as specified in the pdf linked here [0] - Microsoft %U Encoding as specified in the pdf linked here [0] A lot of these encoders are already coded in the wfuzz project that I specified before. [0] docs.idsresearch.org/http_ids_evasions.pdf ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148674&group_id=170274&group_project_id=56282 |
|
From: SourceForge.net <no...@so...> - 2008-05-22 19:29:28
|
Task #148674 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: encode decode window Complete: 0% Status: Open Authority : andresriancho Assigned to: facundobatista Description: Sorry for adding more things to a window that was already finished, but I found some other encodings that we should provide to the users. Please download wfuzz from http://www.edge-security.com/wfuzz.php and see the file encoders.py . Some of them are already implemented, but some aren't. Follow-Ups: ------------------------------------------------------- Date: 2008-05-22 16:29 By: andresriancho Comment: The encoders to add are: - Double urlencode (apply urlencode twice) [must have decode] - Random upper (change random chars of the string to upper case) - Random lower (change random chars of the string to lower case) - Hex Encoding as specified in the pdf linked here [0] [must have decode] - Double Percent Hex Encoding as specified in the pdf linked here [0] - Double Nibble Hex Encoding as specified in the pdf linked here [0] - First Nibble Hex Encoding as specified in the pdf linked here [0] - Second Nibble Hex Encoding as specified in the pdf linked here [0] - UTF-8 Encoding as specified in the pdf linked here [0] - UTF-8 Bare Byte Encoding as specified in the pdf linked here [0] - Microsoft %U Encoding as specified in the pdf linked here [0] A lot of these encoders are already coded in the wfuzz project that I specified before. [0] docs.idsresearch.org/http_ids_evasions.pdf ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148674&group_id=170274&group_project_id=56282 |
|
From: <and...@us...> - 2008-05-22 19:01:56
|
Revision: 1197
http://w3af.svn.sourceforge.net/w3af/?rev=1197&view=rev
Author: andresriancho
Date: 2008-05-22 12:01:55 -0700 (Thu, 22 May 2008)
Log Message:
-----------
Fixed bug in errorPages.
Modified Paths:
--------------
trunk/plugins/grep/errorPages.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-05-22 19:00:37
|
Revision: 1196
http://w3af.svn.sourceforge.net/w3af/?rev=1196&view=rev
Author: andresriancho
Date: 2008-05-22 12:00:35 -0700 (Thu, 22 May 2008)
Log Message:
-----------
"Removed" a debug line that was really bad for our log messages.
Modified Paths:
--------------
trunk/core/data/url/xUrllib.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-05-22 18:47:16
|
Task #148675 has been updated. Project: w3af Subproject: gtkUi - Phase 4 Summary: case insensitive search for ctrl+f in log tab Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: case insensitive search for ctrl+f in log tab. This should be handled just as the ctrl+f in Mozilla that has a checkbox (disabled by default) that says "Match case". ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148675&group_id=170274&group_project_id=55676 |
|
From: SourceForge.net <no...@so...> - 2008-05-22 18:27:27
|
Task #148674 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: encode decode window Complete: 0% Status: Open Authority : andresriancho Assigned to: facundobatista Description: Sorry for adding more things to a window that was already finished, but I found some other encodings that we should provide to the users. Please download wfuzz from http://www.edge-security.com/wfuzz.php and see the file encoders.py . Some of them are already implemented, but some aren't. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148674&group_id=170274&group_project_id=56282 |
|
From: SourceForge.net <no...@so...> - 2008-05-22 18:06:04
|
Task #148673 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: log graph Complete: 0% Status: Open Authority : andresriancho Assigned to: facundobatista Description: When the user is in another tab, why should be keep redrawing the graph? I propose a change in the code, that detects when the user has a focus in the log tab, and only then redraw the tab. This is related to the issue of slow redraws that I'm seeing when performing scans of BIG sites on LAN networks. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148673&group_id=170274&group_project_id=56282 |
|
From: <and...@us...> - 2008-05-22 18:02:24
|
Revision: 1195
http://w3af.svn.sourceforge.net/w3af/?rev=1195&view=rev
Author: andresriancho
Date: 2008-05-22 11:02:23 -0700 (Thu, 22 May 2008)
Log Message:
-----------
Fixed bug reported by Ezequiel Mina.
Modified Paths:
--------------
trunk/plugins/evasion/modsecurity.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-05-22 17:40:56
|
Revision: 1194
http://w3af.svn.sourceforge.net/w3af/?rev=1194&view=rev
Author: andresriancho
Date: 2008-05-22 10:40:45 -0700 (Thu, 22 May 2008)
Log Message:
-----------
Fixed a small bug in the status label in logtab, was #1969711.
Modified Paths:
--------------
trunk/core/controllers/w3afCore.py
trunk/core/ui/gtkUi/logtab.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-05-22 17:05:57
|
Revision: 1193
http://w3af.svn.sourceforge.net/w3af/?rev=1193&view=rev
Author: andresriancho
Date: 2008-05-22 10:05:56 -0700 (Thu, 22 May 2008)
Log Message:
-----------
Finally! It works!
Modified Paths:
--------------
trunk/core/data/url/urlOpenerSettings.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-05-22 16:55:02
|
Revision: 1192
http://w3af.svn.sourceforge.net/w3af/?rev=1192&view=rev
Author: andresriancho
Date: 2008-05-22 09:54:59 -0700 (Thu, 22 May 2008)
Log Message:
-----------
While fixing a bug, I deleted one extra line that makes basic auth unusable. Fixing that.
Modified Paths:
--------------
trunk/core/data/url/urlOpenerSettings.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
