Dammit, this assignment I'm doing just keeps piling up the bugs: When a server redirects requests with a 302, vhost discovery gets confused. Example:
GET https://target/ HTTP/1.1 Host: iDoNotExistPleaseGoAwayNowOrDieRhYC HTTP/1.1 302 Moved Temporarily content-length: 0 expires: Thu, 01 Jan 1970 01:00:00 CET server: Apache-Coyote/1.1 location: https://iDoNotExistPleaseGoAwayNowOrDieRhYC/secure/login.jsp pragma: No-cache cache-control: no-cache date: Fri, 13 Mar 2009 08:54:33 GMT content-type: text/html;charset=UTF-8 Perfectly fine response from the webserver, but what does w3af do? It tries to "follow" th redirect and resolves iDoNotExistPleaseGoAwayNowOrDieRhYC in DNS. Since I happen to be using OpenDNS, this means w3af actually issues a request to the OpenDNS "guide" site: GET http://guide.opendns.com/?url=iDoNotExistPleaseGoAwayNowOrDieRhYC%2Fsecure%2FDashboard.jspa HTTP/1.1 Since a scan is expected to be restricted to the target website this is kind of dangerous and might end someone up in breach of contract somehow... /olle ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
