Hi Tiff,
Software filters based on the destination port, not the source port:
http://stackoverflow.com/questions/21253474/source-port-vs-destination-port
The source port is always random, as Andres says. The destination port is
static as you are describing.
For what it is worth, this is handled
Hi,
But it's weird. Don't software filter which port has already be used, if it
choose 22, 80 and so on?If it can check that's mean, it can check the open port
to send packet?
Because there are Firewall in front of my VM, must to let w3af to send packet
on the same port so that I don't need to
Source ports are dynamic on all OS
On Wed, Aug 5, 2015 at 10:18 PM, 冠庭 羅 wrote:
> Hi,
>
> There is an another question.
> Is that possible for scanning be used on the static port?
> I used wireshark to catch packet.
> I found that the packet which send by w3af doesn't use the "same port" each
> t
Hi,
There is an another question.Is that possible for scanning be used on the
static port?I used wireshark to catch packet.I found that the packet which send
by w3af doesn't use the "same port" each time I start a new scanning.
Thanks,
Tiff
@John: Awesome! Since Jay mentioned that he might work on this, I
believe we'll have to wait and see if he's able to write the code; but
something very important that's always required for a feature to be
accepted in w3af is a functional test.
Our functional tests are part of the django-moth [0] a
I can help with this
On Aug 5, 2015 4:41 PM, "Andres Riancho" wrote:
> Jay,
>
> Interesting subject, never came across JSON web tokens before.
>
> AFAIK nobody is working on adding this feature to the framework,
> but I would be happy if you give it a try. There seems to be a library
> we
Jay,
Interesting subject, never came across JSON web tokens before.
AFAIK nobody is working on adding this feature to the framework,
but I would be happy if you give it a try. There seems to be a library
we can use to handle all the encoding stuff [0] and some notes on the
w3af-specifics:
Hi,
We are using JWT token after user name/password authentication for the
subsequent http request. The JWT token returned as access-token and the
subsequent request need to include x-aacess-token as part of request.
Otherwise, the server under scan simply rejects http request with 401.
Is this f
Lists,
The REST API milestone for w3af is coming to an end, the only
pending feature is "Expose plugin and core (misc|http) configuration"
[0] and OwenTuz is already working on it. Before I move to other
things... any feature requests for the REST API?
[0] https://github.com/andresriancho/w3a
