w3af-svn-notify Mailing List for w3af (Page 46)
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
w3af-svn-notify — This mailing list has a copy of the SVN Commit logs and each modified file
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
(235) |
Mar
(336) |
Apr
(280) |
May
(278) |
Jun
(159) |
Jul
(270) |
Aug
(240) |
Sep
(121) |
Oct
(110) |
Nov
(199) |
Dec
(228) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(251) |
Feb
(206) |
Mar
(115) |
Apr
(45) |
May
(27) |
Jun
(67) |
Jul
(49) |
Aug
(38) |
Sep
(10) |
Oct
(131) |
Nov
(89) |
Dec
(38) |
| 2010 |
Jan
(85) |
Feb
(71) |
Mar
(45) |
Apr
(23) |
May
(12) |
Jun
|
Jul
(11) |
Aug
(7) |
Sep
(81) |
Oct
(79) |
Nov
(165) |
Dec
(62) |
| 2011 |
Jan
(134) |
Feb
(73) |
Mar
(34) |
Apr
(63) |
May
(147) |
Jun
(43) |
Jul
(21) |
Aug
(26) |
Sep
(43) |
Oct
(34) |
Nov
(44) |
Dec
(112) |
| 2012 |
Jan
(47) |
Feb
(44) |
Mar
(72) |
Apr
(209) |
May
(54) |
Jun
(279) |
Jul
(151) |
Aug
(332) |
Sep
(39) |
Oct
(268) |
Nov
(116) |
Dec
(368) |
| 2013 |
Jan
(73) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <and...@us...> - 2012-08-08 17:33:32
|
Revision: 5525
http://w3af.svn.sourceforge.net/w3af/?rev=5525&view=rev
Author: andresriancho
Date: 2012-08-08 17:33:26 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Minor changes to script to clarify what's going on in the background.
Modified Paths:
--------------
extras/testEnv/webroot/moth/w3af/grep/error_500/500.php
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 17:33:25
|
Revision: 5524
http://w3af.svn.sourceforge.net/w3af/?rev=5524&view=rev
Author: andresriancho
Date: 2012-08-08 17:33:19 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Removing old test script, adding unittest, reducing plugin's memory usage.
Modified Paths:
--------------
branches/threading2/plugins/grep/error_500.py
Added Paths:
-----------
branches/threading2/plugins/tests/grep/test_error_500.py
Removed Paths:
-------------
branches/threading2/scripts/script-error500.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 17:15:34
|
Revision: 5523
http://w3af.svn.sourceforge.net/w3af/?rev=5523&view=rev
Author: andresriancho
Date: 2012-08-08 17:15:28 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Added unittest, removed test script, minor changes to plugin code.
Modified Paths:
--------------
branches/threading2/core/data/kb/info.py
branches/threading2/plugins/grep/dot_net_event_validation.py
Added Paths:
-----------
branches/threading2/plugins/tests/grep/test_dot_net_event_validation.py
Removed Paths:
-------------
branches/threading2/scripts/script-dotNetEventValidation.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 17:14:25
|
Revision: 5522
http://w3af.svn.sourceforge.net/w3af/?rev=5522&view=rev
Author: andresriancho
Date: 2012-08-08 17:14:19 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
New test cases for eventvalidation grep plugin
Modified Paths:
--------------
extras/testEnv/webroot/moth/w3af/grep/event_validation/event_validation.html
extras/testEnv/webroot/moth/w3af/grep/event_validation/index.html
Added Paths:
-----------
extras/testEnv/webroot/moth/w3af/grep/event_validation/without_event_validation.html
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 17:14:12
|
Revision: 5521
http://w3af.svn.sourceforge.net/w3af/?rev=5521&view=rev
Author: andresriancho
Date: 2012-08-08 17:14:06 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Don't forget about these unittests which are missing!
Modified Paths:
--------------
branches/threading2/plugins/tests/grep/test_code_disclosure.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 17:13:05
|
Revision: 5520
http://w3af.svn.sourceforge.net/w3af/?rev=5520&view=rev
Author: andresriancho
Date: 2012-08-08 17:12:57 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Class name change
Modified Paths:
--------------
branches/threading2/plugins/tests/grep/test_dom_xss.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 16:06:00
|
Revision: 5519
http://w3af.svn.sourceforge.net/w3af/?rev=5519&view=rev
Author: andresriancho
Date: 2012-08-08 16:05:54 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
More serious tests for DOM XSS vulnerability that match the new unittests I've just created
Modified Paths:
--------------
extras/testEnv/webroot/moth/w3af/grep/index.html
Added Paths:
-----------
extras/testEnv/webroot/moth/w3af/grep/dom_xss/
extras/testEnv/webroot/moth/w3af/grep/dom_xss/dom_xss_false_positive.html
extras/testEnv/webroot/moth/w3af/grep/dom_xss/dom_xss_trivial.html
extras/testEnv/webroot/moth/w3af/grep/dom_xss/index.html
Removed Paths:
-------------
extras/testEnv/webroot/moth/w3af/grep/dom_xss.html
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 16:05:50
|
Revision: 5518
http://w3af.svn.sourceforge.net/w3af/?rev=5518&view=rev
Author: andresriancho
Date: 2012-08-08 16:05:44 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Removing test script, adding unittest, minor modifications to plugin: removed false-positive prone code, minor perf improvements.
Modified Paths:
--------------
branches/threading2/plugins/grep/dom_xss.py
Added Paths:
-----------
branches/threading2/plugins/tests/grep/test_dom_xss.py
Removed Paths:
-------------
branches/threading2/scripts/script-dom_xss.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 15:33:55
|
Revision: 5517
http://w3af.svn.sourceforge.net/w3af/?rev=5517&view=rev
Author: andresriancho
Date: 2012-08-08 15:33:49 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Removing test scripts now that I have unittest for it
Removed Paths:
-------------
branches/threading2/scripts/script-creditCards-no.w3af
branches/threading2/scripts/script-creditCards-yes.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 15:33:10
|
Revision: 5516
http://w3af.svn.sourceforge.net/w3af/?rev=5516&view=rev
Author: andresriancho
Date: 2012-08-08 15:33:01 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Better regular expression in credit_cards, added unittest for plugin
Modified Paths:
--------------
branches/threading2/plugins/grep/credit_cards.py
Added Paths:
-----------
branches/threading2/plugins/tests/grep/test_credit_cards.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 15:11:48
|
Revision: 5515
http://w3af.svn.sourceforge.net/w3af/?rev=5515&view=rev
Author: andresriancho
Date: 2012-08-08 15:11:42 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Avoiding some false positives where the code was 302 and they were NOT using location header
Modified Paths:
--------------
branches/threading2/plugins/grep/blank_body.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 14:05:44
|
Revision: 5514
http://w3af.svn.sourceforge.net/w3af/?rev=5514&view=rev
Author: andresriancho
Date: 2012-08-08 14:05:38 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Added more injection payloads to cover all test cases.
Modified Paths:
--------------
branches/threading2/plugins/audit/response_splitting.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 14:04:53
|
Revision: 5513
http://w3af.svn.sourceforge.net/w3af/?rev=5513&view=rev
Author: andresriancho
Date: 2012-08-08 14:04:44 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Adding one more detection technique (no proto URL) and one vulnerability source (Refresh header) and their tests.
Modified Paths:
--------------
branches/threading2/plugins/audit/global_redirect.py
branches/threading2/plugins/tests/audit/test_global_redirect.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-08 14:03:45
|
Revision: 5512
http://w3af.svn.sourceforge.net/w3af/?rev=5512&view=rev
Author: andresriancho
Date: 2012-08-08 14:03:34 +0000 (Wed, 08 Aug 2012)
Log Message:
-----------
Adding two tests for global redirects that increase our coverage!
Modified Paths:
--------------
extras/testEnv/webroot/moth/w3af/audit/global_redirect/index.html
Added Paths:
-----------
extras/testEnv/webroot/moth/w3af/audit/global_redirect/302-filtered.php
extras/testEnv/webroot/moth/w3af/audit/global_redirect/refresh-header.php
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-07 20:07:08
|
Revision: 5511
http://w3af.svn.sourceforge.net/w3af/?rev=5511&view=rev
Author: andresriancho
Date: 2012-08-07 20:07:02 +0000 (Tue, 07 Aug 2012)
Log Message:
-----------
Adding utility script that cleans all data that's modified when running w3af's unittests
Added Paths:
-----------
extras/testEnv/webroot/moth/clean_unittest_generated_data.sh
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-07 20:05:51
|
Revision: 5510
http://w3af.svn.sourceforge.net/w3af/?rev=5510&view=rev
Author: andresriancho
Date: 2012-08-07 20:05:45 +0000 (Tue, 07 Aug 2012)
Log Message:
-----------
Utility function that allows moth users to append "showphp" to every php script in order to read the source code. This works together with an "append" in php.ini
Added Paths:
-----------
extras/testEnv/webroot/moth/show_source.php
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-07 20:04:18
|
Revision: 5509
http://w3af.svn.sourceforge.net/w3af/?rev=5509&view=rev
Author: andresriancho
Date: 2012-08-07 20:04:13 +0000 (Tue, 07 Aug 2012)
Log Message:
-----------
Removing old form login password only
Removed Paths:
-------------
extras/testEnv/webroot/moth/w3af/bruteforce/form_login_password/
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-07 20:02:33
|
Revision: 5508
http://w3af.svn.sourceforge.net/w3af/?rev=5508&view=rev
Author: andresriancho
Date: 2012-08-07 20:02:27 +0000 (Tue, 07 Aug 2012)
Log Message:
-----------
Minor modifications to password only login
Modified Paths:
--------------
extras/testEnv/webroot/moth/w3af/bruteforce/form_login/login-password-only.php
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-07 20:00:32
|
Revision: 5507
http://w3af.svn.sourceforge.net/w3af/?rev=5507&view=rev
Author: andresriancho
Date: 2012-08-07 20:00:26 +0000 (Tue, 07 Aug 2012)
Log Message:
-----------
Adding test scripts for click_jacking
Modified Paths:
--------------
extras/testEnv/webroot/moth/w3af/grep/index.html
Added Paths:
-----------
extras/testEnv/webroot/moth/w3af/grep/click_jacking/
extras/testEnv/webroot/moth/w3af/grep/click_jacking/index.php
extras/testEnv/webroot/moth/w3af/grep/click_jacking/with_header.php
extras/testEnv/webroot/moth/w3af/grep/click_jacking/without_protection.php
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-05 23:31:30
|
Revision: 5506
http://w3af.svn.sourceforge.net/w3af/?rev=5506&view=rev
Author: andresriancho
Date: 2012-08-05 23:31:24 +0000 (Sun, 05 Aug 2012)
Log Message:
-----------
An interesting experiment that aims to remove the dp_cache.
Late commit after lots of time after the experiment, can't remember the result. Should measure again!
Modified Paths:
--------------
branches/no_dpCache/core/data/db/temp_persist.py
branches/no_dpCache/core/data/db/tests/test_temp_persist.py
branches/no_dpCache/core/data/request/frFactory.py
branches/no_dpCache/core/data/url/httpResponse.py
branches/no_dpCache/plugins/audit/globalRedirect.py
branches/no_dpCache/plugins/discovery/archiveDotOrg.py
branches/no_dpCache/plugins/discovery/findCaptchas.py
branches/no_dpCache/plugins/discovery/findvhost.py
branches/no_dpCache/plugins/discovery/fingerBing.py
branches/no_dpCache/plugins/discovery/fingerGoogle.py
branches/no_dpCache/plugins/discovery/webSpider.py
branches/no_dpCache/plugins/grep/findComments.py
branches/no_dpCache/plugins/grep/getMails.py
branches/no_dpCache/plugins/grep/httpAuthDetect.py
branches/no_dpCache/plugins/grep/metaTags.py
branches/no_dpCache/plugins/grep/strangeParameters.py
Added Paths:
-----------
branches/no_dpCache/core/controllers/misc/itertools_toolset.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-05 23:24:47
|
Revision: 5505
http://w3af.svn.sourceforge.net/w3af/?rev=5505&view=rev
Author: andresriancho
Date: 2012-08-05 23:24:39 +0000 (Sun, 05 Aug 2012)
Log Message:
-----------
VERY important change that allows us to have auto-update
Modified Paths:
--------------
extras/pkg-generation/make_bz2.sh
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-05 23:22:31
|
Revision: 5504
http://w3af.svn.sourceforge.net/w3af/?rev=5504&view=rev
Author: andresriancho
Date: 2012-08-05 23:22:25 +0000 (Sun, 05 Aug 2012)
Log Message:
-----------
Some old tests I did and forgot to commit.
Modified Paths:
--------------
extras/measure_http/send-requests-gevent.py
extras/measure_http/send-requests-threads.py
extras/measure_http/send-requests-tornado.py
extras/measure_http/send-requests.py
Added Paths:
-----------
extras/measure_http/measure.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2012-08-04 23:41:06
|
Revision: 5503
http://w3af.svn.sourceforge.net/w3af/?rev=5503&view=rev
Author: andresriancho
Date: 2012-08-04 23:40:59 +0000 (Sat, 04 Aug 2012)
Log Message:
-----------
Cosmetic
Modified Paths:
--------------
branches/threading2/core/data/url/handlers/tests/test_keepalive.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: Andres R. <and...@gm...> - 2012-08-04 23:29:48
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/04/2012 05:04 PM, Taras wrote: > Andres, > >> Regarding the js_event_handlers list, is there any reason for >> excluding the ones defined in html5? > > We will add them all :) > Perfect, just checking :) I don't want us to pass WAVSEP tests and don't find some other strange cases that might be out there. Regards, - -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlAdsF4ACgkQLgy+VpPDRPM5kQCeK+VJm2vYAxlON9o+uQMqWG+w Vs4Anjx8aSVvtAGZDs1joplXSMKdn7/E =Rpdz -----END PGP SIGNATURE----- |
|
From: Andres R. <and...@gm...> - 2012-08-04 23:29:45
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good to hear that :)
On 08/04/2012 04:58 PM, Taras wrote:
> Andres,
>
> It is all right with this test because __VIEWSTATE is used here
> only as CSRF token (not as vulnerable parameter). We already passes
> it.
>
>
>> There is a test in WAVSEP that I think we won't be able to pass
>> because of a performance improvement that w3af has:
>>
>> ('Case32-Tag2HtmlPageScopeValidViewstateRequired.jsp',
>> 'userinput', ['userinput', '__VIEWSTATE']),
>>
>> If this means that w3af should find XSS vuln in __VIEWSTATE, I
>> think it won't be possible because in fuzzer.py we have
>> IGNORED_PARAMETERS that contains it.
>>
>> Of course we could change that... but I don't think it will make
>> much sense. Just wanted to let you know beforehand so you know
>> what's going on when that test is not passed.
>>
>> Regards,
>>
>> On 08/04/2012 10:16 AM, ox...@us... wrote:
>>> Revision: 5502
>>> http://w3af.svn.sourceforge.net/w3af/?rev=5502&view=rev
>>> Author: oxdef Date: 2012-08-04 13:16:16 +0000 (Sat, 04 Aug
>>> 2012) Log Message: ----------- Fixed tests
>>>
>>> Modified Paths: --------------
>>> branches/xss/plugins/tests/audit/test_xss.py
>>>
>>> This was sent by the SourceForge.net collaborative development
>>> platform, the world's largest Open Source development site.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>>
>>>
>>>
>>
>>>
Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security
>>> and threat landscape has changed and how IT managers can
>>> respond. Discussions will include endpoint security, mobile
>>> security and the latest in malware threats.
>>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> W3af-svn-notify mailing list
>>> W3a...@li...
>>> https://lists.sourceforge.net/lists/listinfo/w3af-svn-notify
>>>
>>
>>
>>
>> - -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web
>> Application Attack and Audit Framework Twitter: @w3af GPG:
>> 0x93C344F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11
>> (GNU/Linux)
>>
>> iEYEARECAAYFAlAdPXYACgkQLgy+VpPDRPPoeACfT0E2CDyx7xLHjlGcSmv5YtoK
>> T9oAnAiRHO8zbmorJGHR+OGEFtX7E2OS =rXXC -----END PGP
>> SIGNATURE-----
>
>
- --
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlAdsCQACgkQLgy+VpPDRPNRAACdH7CWFU2f9uYZQpE/K/5IvLl8
mbgAnjYFTDMX5V1kwU+Z/HIllhiyod0A
=MTLY
-----END PGP SIGNATURE-----
|
