Taras,
On Thu, Jul 26, 2012 at 12:58 PM, Taras wrote:
> Andres,
>
> 1. fixed unittests for fuzzRepeatedParameters
> 2. Have strange situation with XSS plugin, number of xss vulns when
> fuzzRepeatedParameters=tmb. w3af finds too many vulns! =) I think it is
> because:
>
> fake_mutants = creat
Andres,
1. fixed unittests for fuzzRepeatedParameters
2. Have strange situation with XSS plugin, number of xss vulns when
fuzzRepeatedParameters=tmb. w3af finds too many vulns! =) I think it is
because:
fake_mutants = createMutants(freq, ['',])
in XSS plugin. Need help here.
--
Taras
ht
On Fri, Jul 20, 2012 at 12:08 PM, Taras wrote:
> Andres,
>>>
>>>
>>> $ cat core/controllers/miscSettings.py | grep fuzzRepeatedParameters
>>>
>>> $ svn info
>>> Path: .
>>> URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk
>>>
>>> Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3
Andres,
>>
>> $ cat core/controllers/miscSettings.py | grep fuzzRepeatedParameters
>>
>> $ svn info
>> Path: .
>> URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk
>>
>> Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af
>> Repository UUID: 16c29cf1-982c-0410-8ff8-8bb040e68b5b
>>
On Fri, Jul 20, 2012 at 10:59 AM, Taras wrote:
> Andres,
>
> $ cat core/controllers/miscSettings.py | grep fuzzRepeatedParameters
>
> $ svn info
> Path: .
> URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk
>
> Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af
> Repository UUID
Andres,
$ cat core/controllers/miscSettings.py | grep fuzzRepeatedParameters
$ svn info
Path: .
URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk
Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af
Repository UUID: 16c29cf1-982c-0410-8ff8-8bb040e68b5b
Revision: 5396
Node Kind: di
Andres,
> * Merged your changes, except the one for globalRedirect.py (see
> previous comments for reasons, also working on improving aspects like
> this in the threading2 branch)
> * Verified that all current unittests pass (or at least the same
> as before fail)
Great!
> * Tried
Taras,
On Tue, Jul 10, 2012 at 4:04 PM, Taras wrote:
> Hi!
>
>
>> I ask again, should I merge it? If so, tell me which branch and I'll
>> verify the code, apply some changes, let you know if I added/require
>> you to add more unittests, etc.
>
>
> Andres, I have already answered you :) But let me
Hi!
> I ask again, should I merge it? If so, tell me which branch and I'll
> verify the code, apply some changes, let you know if I added/require
> you to add more unittests, etc.
Andres, I have already answered you :) But let me try again.
Code for repeated parameters names limit is in my branch
On Wed, Jun 27, 2012 at 4:03 AM, Taras wrote:
> Andres, ping :)
I ask again, should I merge it? If so, tell me which branch and I'll
verify the code, apply some changes, let you know if I added/require
you to add more unittests, etc.
I would love to remove branches; many branches mean lots of st
Andres, ping :)
>> On Fri, Jun 22, 2012 at 5:44 AM, Taras wrote:
>>> I also suggest to "branch" this task with tests and merge
>>> fuzzRepeatedParams
>>> into trunk without it. Because currently we are talking about
>>> improvement of
>>> tests code and not about fuzzRepeatedParams related code wi
Andres,
> On Fri, Jun 22, 2012 at 5:44 AM, Taras wrote:
>> I also suggest to "branch" this task with tests and merge fuzzRepeatedParams
>> into trunk without it. Because currently we are talking about improvement of
>> tests code and not about fuzzRepeatedParams related code with doctests.
>
> I
Taras,
On Fri, Jun 22, 2012 at 5:44 AM, Taras wrote:
> I also suggest to "branch" this task with tests and merge fuzzRepeatedParams
> into trunk without it. Because currently we are talking about improvement of
> tests code and not about fuzzRepeatedParams related code with doctests.
I got lost
Taras,
On Fri, Jun 22, 2012 at 5:40 AM, Taras wrote:
> Andres,
>
> I have one very interesting question. Why we don't use
> profiles in this case?
Not sure, Javier did this and never asked me about the design.
> Is
> ---
> _run_configs = {
I also suggest to "branch" this task with tests and merge
fuzzRepeatedParams into trunk without it. Because currently we are
talking about improvement of tests code and not about fuzzRepeatedParams
related code with doctests.
On 06/22/2012 12:40 PM, Taras wrote:
> Andres,
>
> I have one very in
Andres,
I have one very interesting question. Why we don't use
profiles in this case? Is
---
_run_configs = {
'cfg': {
'target': None,
'plugins': {
'audit': (
PluginConfig(
Andres,
>> How can I set up misc-settings in test? I haven't found it in plugins/tests
>> :(
>
> That's a good question... I never needed to do something like that. I
> think that the test helper doesn't support that. You can either:
> * (recommended) Extend the test helper (plugins/tests/hel
Taras,
On Thu, Jun 21, 2012 at 10:34 AM, Taras wrote:
> Andres,
>
>
>> Minor comments:
>>
>> * The help doesn't seem to be enough for a novice user that won't
>> ever read the source code (talking about h17). I would explain it a
>> little bit better
>
> Fixed
>
>
>>
>> * The doctest look
Andres,
> Minor comments:
>
> * The help doesn't seem to be enough for a novice user that won't
> ever read the source code (talking about h17). I would explain it a
> little bit better
Fixed
>
> * The doctest looks good, but I would add some "integration test"
> to it also. Something t
Andres,
> On Sat, Jun 9, 2012 at 5:52 AM, Taras wrote:
>> In previous letter I suggest to have option fuzzRepeatedParameters with only
>> two states on/off. But if we really want to have more complex behavior here
>> we can do it in same way as already exist option fuzzFormComboValues which
>> i
Andres,
> /me claps
>
> Loved the enumRepeatedParams solution with those yield statements.
> Very good python coding there :)
=)
> * The help doesn't seem to be enough for a novice user that won't
> ever read the source code (talking about h17). I would explain it a
> little bit better
Agree
Taras,
On Wed, Jun 13, 2012 at 10:22 AM, Taras wrote:
> Done [0]!
/me claps
Loved the enumRepeatedParams solution with those yield statements.
Very good python coding there :)
> Now user can setup limit for fuzzing such params in same way with
> fuzzFormComboValues.
Minor comments:
* The
Done [0]!
Now user can setup limit for fuzzing such params in same way with
fuzzFormComboValues.
[0] https://sourceforge.net/apps/trac/w3af/changeset/5110
On 06/11/2012 03:28 AM, Andres Riancho wrote:
> Taras,
>
> On Sat, Jun 9, 2012 at 5:52 AM, Taras wrote:
>> In previous letter I suggest to
Taras,
On Sat, Jun 9, 2012 at 5:52 AM, Taras wrote:
> In previous letter I suggest to have option fuzzRepeatedParameters with only
> two states on/off. But if we really want to have more complex behavior here
> we can do it in same way as already exist option fuzzFormComboValues which
> indicates
Achim,
On Fri, Jun 8, 2012 at 11:17 AM, Achim Hoffmann wrote:
> I'd use the first two and the last parameter, so there're max. 3
> If performance counts, the user should decide what to do:
> a) use the first two
> b) use first and last
> c) check first a) then b)
Not a bad approach at all,
>
Taras,
On Fri, Jun 8, 2012 at 11:53 AM, Taras wrote:
> Andres,
>
>>> I see some work on implementing Parameter Pollution Plugin for w3af.
>>> Just want to point on performance problem in similar area. Currently w3af
>>> don't know anything about repeated parameters in query string and post
>>> da
Stephen,
On Fri, Jun 8, 2012 at 10:50 AM, Stephen Breen wrote:
> I think your idea of having an upper limit on N is good, the problem is
> deciding on what the limit should be and which values should be included.
>
> The problem with ignoring some of the repeated parameters is that some
> languag
In previous letter I suggest to have option fuzzRepeatedParameters
with only two states on/off. But if we really want to have more complex
behavior here we can do it in same way as already exist option
fuzzFormComboValues which indicates what HTML form combo values w3af
plugins will use: all, t
Andres,
>> I see some work on implementing Parameter Pollution Plugin for w3af.
>> Just want to point on performance problem in similar area. Currently w3af
>> don't know anything about repeated parameters in query string and post data,
>> e.g. http://foo.com/test.php?a=1&a=2&a=3...&a=N.
>
> Well,
I'd use the first two and the last parameter, so there're max. 3
If performance counts, the user should decide what to do:
a) use the first two
b) use first and last
c) check first a) then b)
Achim
Am 08.06.2012 15:50, schrieb Stephen Breen:
> I think your idea of having an upper limit on N
I think your idea of having an upper limit on N is good, the problem is
deciding on what the limit should be and which values should be included.
The problem with ignoring some of the repeated parameters is that some
languages will actually make use of them all, eg:
http://foo.com/test.php?a=1&a=2
Taras,
On Fri, Jun 8, 2012 at 9:42 AM, Taras wrote:
> Andres,
>
> I see some work on implementing Parameter Pollution Plugin for w3af.
> Just want to point on performance problem in similar area. Currently w3af
> don't know anything about repeated parameters in query string and post data,
> e.g.
Andres,
I see some work on implementing Parameter Pollution Plugin for w3af.
Just want to point on performance problem in similar area. Currently
w3af don't know anything about repeated parameters in query string and
post data, e.g. http://foo.com/test.php?a=1&a=2&a=3...&a=N.
After grabbing such
33 matches
Mail list logo
