Probably I need to add something, in order to clarify the code snippets:
I patched my Webkit browser engine to automatically modify the .attributeList
of a QWebElement as soon as a JSEvents is attached to it.
So I automatically get every event by simply iterating through the
attributelist, looki
I agree. My response was not very clear.
Actually, what I wanted to state:
There are two different approaches to detect those custom events. If I
interpret your E-Mail correctly, you are about to use the static approach / you
want to parse the HTML Tree to extract hard-coded onsomething="" event
Daniel,
On Thu, Jun 28, 2012 at 12:18 AM, Daniel Zulla
wrote:
> You will need a function that simply returns a list of tuples:
> [0] -> the Web Element (a, form, ...)
> [1] -> a anonymous function that fires the event
Yes, that makes sense, but isn't it the same as the following?
* For each sta
You will need a function that simply returns a list of tuples:
[0] -> the Web Element (a, form, ...)
[1] -> a anonymous function that fires the event
It is pointless to fire arbitrary events against WebElements -
At some point, you will want to ask a WebElement which Events it is waiting for.
>
List,
On Wed, Jun 27, 2012 at 5:16 PM, Andres Riancho
wrote:
> Taras,
>
> This might be an interesting read for your ajax research:
>
> http://blog.watchfire.com/wfblog/2012/06/automated-blackbox-crawling-the-next-generation.html
After reading this paper, I came up with a requirement
Taras,
This might be an interesting read for your ajax research:
http://blog.watchfire.com/wfblog/2012/06/automated-blackbox-crawling-the-next-generation.html
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
G
Taras,
On Wed, Jun 27, 2012 at 3:56 AM, Taras wrote:
> Andres,
>
>
>>> Upper case tag is ok. HTML is not case sensitive (because of it I use
>>> lower() everywhere in the code) and yes, here I need raw body from
>>> response.
>>> I use response.getBody(). Does this method return clear body withou
Am 27.06.2012 08:56, schrieb Taras:
...
>>> >>
>>> and browser will eat it and render hr!
>>
>> Ahh! Nice. That works in all browsers?
> At least in Firefox, Opera and Chrome!
you can test more such things with EMiR https://github.com/EnDe/EMiR/
let me know if you need assistance :)
Achim
-
Steve,
> You may wish to look at how both arachni and ZAP handle this problem, as
> they both now detect 100% of the XSS part of the WAVSEP benchmark.
I will look on these tools, thanks!
>
> (I must admit I have some concerns with using REGEX to do the job
> instead of a real parser for both fals
Andres, ping :)
>> On Fri, Jun 22, 2012 at 5:44 AM, Taras wrote:
>>> I also suggest to "branch" this task with tests and merge
>>> fuzzRepeatedParams
>>> into trunk without it. Because currently we are talking about
>>> improvement of
>>> tests code and not about fuzzRepeatedParams related code wi
10 matches
Mail list logo
