w3af-svn-notify Mailing List for w3af (Page 275)
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
w3af-svn-notify — This mailing list has a copy of the SVN Commit logs and each modified file
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
(235) |
Mar
(336) |
Apr
(280) |
May
(278) |
Jun
(159) |
Jul
(270) |
Aug
(240) |
Sep
(121) |
Oct
(110) |
Nov
(199) |
Dec
(228) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(251) |
Feb
(206) |
Mar
(115) |
Apr
(45) |
May
(27) |
Jun
(67) |
Jul
(49) |
Aug
(38) |
Sep
(10) |
Oct
(131) |
Nov
(89) |
Dec
(38) |
| 2010 |
Jan
(85) |
Feb
(71) |
Mar
(45) |
Apr
(23) |
May
(12) |
Jun
|
Jul
(11) |
Aug
(7) |
Sep
(81) |
Oct
(79) |
Nov
(165) |
Dec
(62) |
| 2011 |
Jan
(134) |
Feb
(73) |
Mar
(34) |
Apr
(63) |
May
(147) |
Jun
(43) |
Jul
(21) |
Aug
(26) |
Sep
(43) |
Oct
(34) |
Nov
(44) |
Dec
(112) |
| 2012 |
Jan
(47) |
Feb
(44) |
Mar
(72) |
Apr
(209) |
May
(54) |
Jun
(279) |
Jul
(151) |
Aug
(332) |
Sep
(39) |
Oct
(268) |
Nov
(116) |
Dec
(368) |
| 2013 |
Jan
(73) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 17:19:47
|
Task #145533 has been updated.
Project: w3af
Subproject: gtkUi - Phase 2
Summary: Users should be able to know if tab is "active"
Complete: 100%
Status: Closed
Authority : andresriancho
Assigned to: facundobatista
Description: Users should be able to know if tab is "active"; for example if there is no scan information, the exploit tab can not be used and the user must "click" on the tab and see the message to realize that. Maybe we could use italics fonts on the names of the tabs that are inactive, and change them to normal fonts when they can be clicked.
The same goes for HTTP Log.
Follow-Ups:
-------------------------------------------------------
Date: 2008-02-25 14:19
By: facundobatista
Comment:
In main.py you have the MainApp.setSensitiveExploit() method, which you can call with False or True to turn off/on both Exploit and HTTP Log tabs (the former was implemented before, added now the latter).
Commited in r734.
-------------------------------------------------------
Date: 2008-02-08 18:19
By: andresriancho
Comment:
Make this more generic:
main.py
def activateExploit(self):
And perform an activation of a list of tabs, or something like that. Tabs that are activated when scan starts:
- Exploit
- HTTP Log
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145533&group_id=170274&group_project_id=55112
|
|
From: <fac...@us...> - 2008-02-25 17:18:36
|
Revision: 734
http://w3af.svn.sourceforge.net/w3af/?rev=734&view=rev
Author: facundobatista
Date: 2008-02-25 09:18:07 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Added the HTTP Log tab to the machinery where it's turned
off and on if the scan started or not.
Modified Paths:
--------------
trunk/core/ui/gtkUi/main.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 16:40:19
|
Task #146668 has been updated. Project: w3af Subproject: TODO v1.00 Summary: Replace pygoogle Complete: 0% Status: Open Authority : andresriancho Assigned to: andresriancho Description: Replace pygoogle; which is a problem if w3af wants to be packaged in debian. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=146668&group_id=170274&group_project_id=48542 |
|
From: <fac...@us...> - 2008-02-25 16:17:41
|
Revision: 733
http://w3af.svn.sourceforge.net/w3af/?rev=733&view=rev
Author: facundobatista
Date: 2008-02-25 08:17:36 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Didn't need to stop the threads there.
Modified Paths:
--------------
trunk/core/ui/gtkUi/scantab.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 16:02:42
|
Task #146452 has been updated.
Project: w3af
Subproject: gtkUi - Phase 2
Summary: Ctrl+c during scan
Complete: 100%
Status: Closed
Authority : andresriancho
Assigned to: facundobatista
Description: I added this to scantab.py:
### FIXME: Maybe implement this with helpers.coreWrap ?!
def startScanWrap():
try:
self.w3af.start()
except KeyboardInterrupt, ke:
om.out.debug('The user stopped the scan.')
helpers.endThreads()
print 'Ctrl+C found, exiting!'
sys.exit(0)
It seems to be catching the KeyboardInterrupt, but the handling of the exceptions is buggy, could you please help me figure out what is wrong?
Follow-Ups:
-------------------------------------------------------
Date: 2008-02-25 13:02
By: facundobatista
Comment:
Finished in r732.
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=146452&group_id=170274&group_project_id=55112
|
|
From: <fac...@us...> - 2008-02-25 16:02:29
|
Revision: 732
http://w3af.svn.sourceforge.net/w3af/?rev=732&view=rev
Author: facundobatista
Date: 2008-02-25 08:02:08 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
The keyboard interrupt raised by the core to finish himself
is now handled gracefully.
Modified Paths:
--------------
trunk/core/ui/gtkUi/scantab.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 15:47:27
|
Task #146172 has been updated. Project: w3af Subproject: gtkUi - Phase 2 Summary: Think about w3afCore.quit() , w3afCore.stop(), etc. Complete: 100% Status: Closed Authority : andresriancho Assigned to: facundobatista Description: Think about w3afCore.quit() , w3afCore.stop(), etc. Follow-Ups: ------------------------------------------------------- Date: 2008-02-25 12:47 By: facundobatista Comment: All stop() and resume() works ok now. Commited in r731. ------------------------------------------------------- Date: 2008-02-12 14:17 By: facundobatista Comment: The pause() part is handled through other task for this phase 2. The KeyboardError exception appears, as the GUI can not catch it because it's generated in other thread (Andres will take a look at this). As of the rest of this task, it's implemented (r676) and almost working, but a strange error appears... it seems that a plugin is configured strangely, needs to check the cleanup() stuff. Andres? ------------------------------------------------------- Date: 2008-02-12 12:44 By: facundobatista Comment: Check r671. There I'm calling to stop, and then waiting for isRunning() to return False to change the button to "go back to config". But isRunning() is lying... ------------------------------------------------------- Date: 2008-02-11 19:34 By: andresriancho Comment: pyGTK should call: - w3afCore.stop() to stop the process but keep kb and cf in the current state. - w3afCore.cleanup() to clean all variables of the w3afCore, kb and config; in order to start a new scan. - w3afCore.pause(True) to pause the scan, and w3afCore.pause(False) to unpause the scan. Scans can be paused and then stoped. Please perform some testing with the cleanup() method, because it was implemented and never really tested. The stop() method may raise an KeyboardInterrupt exception. Thats "normal" because of the hack I used to code it ;) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=146172&group_id=170274&group_project_id=55112 |
|
From: <fac...@us...> - 2008-02-25 15:45:39
|
Revision: 731
http://w3af.svn.sourceforge.net/w3af/?rev=731&view=rev
Author: facundobatista
Date: 2008-02-25 07:45:32 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Finishes task 146172. Now stop and resume works great. Had
to touch a little in the message diverter, also.
Modified Paths:
--------------
trunk/core/ui/gtkUi/messages.py
trunk/core/ui/gtkUi/scantab.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 14:43:19
|
Task #145514 has been updated. Project: w3af Subproject: gtkUi - Phase 2 Summary: render HTML responses Complete: 80% Status: Open Authority : andresriancho Assigned to: andresriancho Description: everywhere I can look at a HTML response, I should be able to render the response! Follow-Ups: ------------------------------------------------------- Date: 2008-02-25 11:43 By: facundobatista Comment: Added functionality to buttons, and a little of cleanup. Wanted to activate back/forward buttons only when corresponds, but can_go_forward() and can_go_back() always respond false. The only thing that's still missing is to automate the library directories set up, passing the Task to Andrés for this. ------------------------------------------------------- Date: 2008-02-17 20:51 By: andresriancho Comment: I have been trying to create environment variables that affect the current process; but I have failed. It seems that the solution to this problem is to create a "bash script" that calls w3af.py; where the bash script is the one that creates the environment variables, and w3af.py is really the one that performs all the work. If you know a more elegant solution, please let me know. Problems with this solution: - Windows? (may be solved by using a python scripts that runs w3af.py) - Adding a new file ------------------------------------------------------- Date: 2008-02-14 21:07 By: andresriancho Comment: I tested the latest version on a fully updated ubuntu gutsy and it only worked if runned like this: export LD_LIBRARY_PATH=/usr/lib/firefox && export MOZILLA_FIVE_HOME=/usr/lib/firefox && ./w3af -g (as you say in the code). As you say in the code, we should work on the automatic setup of the needed variables in order to be able to run w3af gtk user interface without all the other commands. ------------------------------------------------------- Date: 2008-02-14 16:23 By: facundobatista Comment: Made it work with the gtk embedded mozilla, but it proved to be very flaky (there're some bugs that causes segmentation fault in diverse systems). Repeat: now works, but I'll test "gtkhtml2"... if this works nicely, and renders the html ok, I'll stick with it. ------------------------------------------------------- Date: 2008-02-11 22:31 By: andresriancho Comment: Also test /var/lib/python-support/python2.5/gtk-2.0/gtkhtml2.so Seems to be *really* basic, but could work when gtkmozembed is not available. Also verify dependencies if using gtkhtml2. ------------------------------------------------------- Date: 2008-02-08 20:12 By: facundobatista Comment: test gtkmozembed ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145514&group_id=170274&group_project_id=55112 |
|
From: <fac...@us...> - 2008-02-25 14:21:35
|
Revision: 730
http://w3af.svn.sourceforge.net/w3af/?rev=730&view=rev
Author: facundobatista
Date: 2008-02-25 06:20:43 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Added functionality to back/forward buttons, and fixed the
Go one.
Modified Paths:
--------------
trunk/core/ui/gtkUi/mozillaTab.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 11:08:10
|
Task #145401 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: audit.sqli plugin avoids false positives Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: audit.sqli plugin avoids false positives; and uses all known good techniques to speed up searches. All other plugins should look alike. copy+paste! Follow-Ups: ------------------------------------------------------- Date: 2008-02-25 08:08 By: andresriancho Comment: The only "problem" with the sqli plugin is that it doesn't verify if the error is there one or more times. ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145401&group_id=170274&group_project_id=50603 |
|
From: <and...@us...> - 2008-02-25 11:01:24
|
Revision: 728
http://w3af.svn.sourceforge.net/w3af/?rev=728&view=rev
Author: andresriancho
Date: 2008-02-25 02:48:26 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Added a plugin that searches for HTTP request and responses inside the HTTP response body.
Added Paths:
-----------
trunk/extras/testEnv/webroot/httpInBody/
trunk/extras/testEnv/webroot/httpInBody/body.html
trunk/plugins/grep/httpInBody.py
trunk/scripts/script-httpInBody.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 10:51:14
|
Task #145761 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: grep http response in body Complete: 0% Status: Closed Authority : andresriancho Assigned to: andresriancho Description: Remember the gov agency that "forwarded" requests and put responses in the HTTP body. I should be able to detect if a HTTP request/response is "echoed" in the response body. Something like this: HTTP/1.1 200 OK Header1: abc Header2: def Content-Length: 1234 some content... bla bla... HTTP/1.1 404 Not Found Header2: def more content ending content I should detect: HTTP/1.1 404 Not Found Header2: def As something of interest. Follow-Ups: ------------------------------------------------------- Date: 2008-02-25 07:51 By: andresriancho Comment: Coded it! ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145761&group_id=170274&group_project_id=50603 |
|
From: <and...@us...> - 2008-02-25 10:50:10
|
Revision: 729
http://w3af.svn.sourceforge.net/w3af/?rev=729&view=rev
Author: andresriancho
Date: 2008-02-25 02:50:04 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
A better long description.
Modified Paths:
--------------
trunk/plugins/grep/httpInBody.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-02-25 10:47:23
|
Revision: 727
http://w3af.svn.sourceforge.net/w3af/?rev=727&view=rev
Author: andresriancho
Date: 2008-02-25 02:47:20 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Moved getId from vuln to info.
Modified Paths:
--------------
trunk/core/data/kb/info.py
trunk/core/data/kb/vuln.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 01:18:22
|
Task #145492 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: analyze comments, and inform about strange things on them Complete: 0% Status: Closed Authority : andresriancho Assigned to: andresriancho Description: If findComments finds something like this: <!-- Se sacaron las operaciones pendientes por el Issue 7099 <tr class="td_titulo5"> <td class="tablaSaludo_cuerpo_lat"></td> <td > Operaciones Pendientes</td> <td class="tablaSaludo_cuerpo_lat"></td> <tr> <tr class="td_tipo2"> <td class="tablaSaludo_cuerpo_lat"></td> <td style="width: 554px"> <a href="ConsultaSchedulerPagoTarjeta.do" class="linkType2">Pago de tarjetas de crédito</a></td> --> It should parse it, and report something like: "Sections of HTML code are hidden with HTML comments" Follow-Ups: ------------------------------------------------------- Date: 2008-02-24 22:18 By: andresriancho Comment: Done! ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145492&group_id=170274&group_project_id=50603 |
|
From: <and...@us...> - 2008-02-25 01:18:16
|
Revision: 726
http://w3af.svn.sourceforge.net/w3af/?rev=726&view=rev
Author: andresriancho
Date: 2008-02-24 17:18:14 -0800 (Sun, 24 Feb 2008)
Log Message:
-----------
grep.findComments plugin now identifies if the comment contains HTML code and issues a warning about it.
Modified Paths:
--------------
trunk/plugins/grep/findComments.py
Added Paths:
-----------
trunk/extras/testEnv/webroot/grepPlugins/htmlInComments.html
trunk/scripts/script-findHtmlInComments.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-02-25 01:05:14
|
Revision: 725
http://w3af.svn.sourceforge.net/w3af/?rev=725&view=rev
Author: andresriancho
Date: 2008-02-24 17:05:11 -0800 (Sun, 24 Feb 2008)
Log Message:
-----------
The document parsers now distinguish a script from a comment.
Modified Paths:
--------------
trunk/core/data/parsers/abstractParser.py
trunk/core/data/parsers/documentParser.py
trunk/core/data/parsers/htmlParser.py
trunk/core/data/parsers/sgmlParser.py
trunk/core/data/parsers/wmlParser.py
trunk/extras/generated-php/pluginDesc.php
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 01:02:55
|
Task #145386 has been updated. Project: w3af Subproject: Plugin TODO v1.20 Summary: when printing comments, do not show javascripts Complete: 95% Status: Open Authority : andresriancho Assigned to: nobody Description: when printing comments, do not show javascripts. Maybe do that as an option that by default is set to False. Follow-Ups: ------------------------------------------------------- Date: 2008-02-24 22:02 By: andresriancho Comment: Done. Implemented without the option in findComments. Maybe I could create a findScripts ? hmm.... Think about this later, if it still makes sense, code it. ------------------------------------------------------- Date: 2008-01-11 18:16 By: andresriancho Comment: The right way to do this is to create a findJavascript method in sgmlParser that returns all code that is between <script> and </script> and on the other side, modify the "handle_comment" method to ignore comments that are inside those tags. Maybe if you modify this section of the code, you won't even need to modify findComments.py . ------------------------------------------------------- Date: 2008-01-11 11:37 By: andresriancho Comment: The plugin that should be modified is grep.findComments ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145386&group_id=170274&group_project_id=51670 |
|
From: <and...@us...> - 2008-02-25 00:52:05
|
Revision: 724
http://w3af.svn.sourceforge.net/w3af/?rev=724&view=rev
Author: andresriancho
Date: 2008-02-24 16:52:01 -0800 (Sun, 24 Feb 2008)
Log Message:
-----------
Damn. The 'extras/' in front of the filenames was needed.
Modified Paths:
--------------
trunk/extras/describePlugins-html.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-02-25 00:50:13
|
Revision: 723
http://w3af.svn.sourceforge.net/w3af/?rev=723&view=rev
Author: andresriancho
Date: 2008-02-24 16:50:11 -0800 (Sun, 24 Feb 2008)
Log Message:
-----------
Some minimal changes to the code of extras/describePlugins-html.py ; also added the result of that script to the svn.
Modified Paths:
--------------
trunk/extras/describePlugins-html.py
trunk/extras/testEnv/webroot/permanent-xss/test-permanentxss.txt
trunk/scripts/script-pdf.w3af
Added Paths:
-----------
trunk/extras/generated-php/
trunk/extras/generated-php/pluginDesc.php
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-02-25 00:43:21
|
Revision: 722
http://w3af.svn.sourceforge.net/w3af/?rev=722&view=rev
Author: andresriancho
Date: 2008-02-24 16:43:18 -0800 (Sun, 24 Feb 2008)
Log Message:
-----------
I think that I finally solved the unicode/ascii issue with the output plugins.
Modified Paths:
--------------
trunk/core/controllers/outputManager.py
trunk/plugins/output/textFile.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-02-25 00:42:24
|
Revision: 721
http://w3af.svn.sourceforge.net/w3af/?rev=721&view=rev
Author: andresriancho
Date: 2008-02-24 16:42:18 -0800 (Sun, 24 Feb 2008)
Log Message:
-----------
Better epydoc for one important function.
Modified Paths:
--------------
trunk/core/data/request/frFactory.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-02-25 00:40:39
|
Revision: 720
http://w3af.svn.sourceforge.net/w3af/?rev=720&view=rev
Author: andresriancho
Date: 2008-02-24 16:40:34 -0800 (Sun, 24 Feb 2008)
Log Message:
-----------
Added a plugin that can be used to import results from other tools.
Added Paths:
-----------
trunk/plugins/discovery/importResults.py
trunk/scripts/input-test.csv
trunk/scripts/script-importResults.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-02-25 00:40:33
|
Task #145494 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: import URLs from file Complete: 0% Status: Closed Authority : andresriancho Assigned to: andresriancho Description: import URLs from file, maybe import paros proxy sessions ? What other softwares export their URLs ? Follow-Ups: ------------------------------------------------------- Date: 2008-02-24 21:40 By: andresriancho Comment: Done! ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145494&group_id=170274&group_project_id=50603 |
