Re: [W3af-develop] CORS plugins validation for adding into W3AF SVN repository

Dom, After spending a considerable time with inspectRequestPreflight.py [0] and the w3c document on CORS [1], I think that the vulnerability being detected by the plugin: ... msg = 'Application seems to accept the ' + self.test_http_method + ' request type even if an OPTIONS request type has

Re: [W3af-develop] CORS plugins validation for adding into W3AF SVN repository

First commit [0], the corsUtils.py is now in the threading2 branch :) Comments: * Renamed file and location where it ended in the project * Refactoring: there was no need for a class. Now we have functions * Refactoring: creating the HTTP request by concatenating strings is not as nice as creating

Re: [W3af-develop] CORS plugins validation for adding into W3AF SVN repository

Dom, Before the end of the day I'll try to write the unittests and integrate everything with the threading2 branch; that will go out shortly. Closing all the open reviews from the community is my top priority of the week :) Regards, On Sat, Oct 13, 2012 at 10:37 AM, Dominique RIGHETTO wrote

[W3af-develop] CORS plugins validation for adding into W3AF SVN repository

Hello, Does anyone know if CORS plugins [0][1] have been validated by W3AF project team in order to be added into project SVN repository ? [0] : https://code.google.com/p/righettod/source/browse/PYTHON/W3AF-Plugins/plugins/audit/inspectOriginHeaderScrutiny.py [1] : https://code.google.com/p/ri