yes, i can try.audit core is in w3af/plugins/audit right?
Francione Fabrizio
> Date: Tue, 28 Apr 2009 10:39:13 -0300
> Subject: Re: [W3af-develop] contribution
> From: andres.rian...@gmail.com
> To: lordfa...@hotmail.it
> CC: w3af-develop@lists.sourceforge.net
>
> Fabrizio,
>
> On Tue, Apr 28, 2009 at 10:21 AM, Fabrizio Francione
> <lordfa...@hotmail.it> wrote:
> >
> > Hello everybody!
> >
> > How can i help you in this cool project ,w3af?
>
> Thanks for considering contributing with the w3af project. We are
> always looking for new people to help us improve w3af and achieve to
> the highest levels of quality.
>
> One of the latest features that were added to w3af, was the
> highlighting of the text from which the vulnerability was identified.
> You should have noted this in the results tab of the GUI, in the
> response of each of the grep plugins you'll see how the "vulnerable
> string" was highlighted.
>
> For example, if a request is made to the server, and the
> grep.privateIP finds a private IP address, you'll be able to see that
> IP address highlighted in the response part of the results tab.
>
> To highlight a text in the GUI, you need to set the following to the
> info or vuln object: "v.addToHighlight( match )". Here is a small
> copy+paste from the grep.privateIP plugin:
>
> """
> v = vuln.vuln()
> v.setURL( response.getURL() )
> v.setId( response.id )
> v.setSeverity(severity.LOW)
> v.setName( 'Private IP disclosure vulnerability' )
>
> msg = 'The URL: "' + v.getURL() + '" returned an
> HTTP header '
> msg += 'with an IP address: "' + match + '".'
> v.setDesc( msg )
> v['IP'] = match
> v.addToHighlight( match )
> """
>
> Your task, if you want to accept it, is really simple: add the
> "addToHighlight" method, with the corresponding parameter, to all
> audit plugins. For example, in the audit.sqli plugin, after line #84,
> you would need to add something like "v.addToHighlight( sql_error )".
>
> What do you think about the task? Will you be able to perform it?
>
> > I know some c,html and java.
>
> Cool, this will help,
>
> > thanks!
>
> Thank you!
>
> > bye!
> > Francione Fabrizio
> >
> >
> >
> > ________________________________
> > È arrivato il nuovo Messenger! Provalo subito
> > ------------------------------------------------------------------------------
> > Register Now & Save for Velocity, the Web Performance & Operations
> > Conference from O'Reilly Media. Velocity features a full day of
> > expert-led, hands-on workshops and two days of sessions from industry
> > leaders in dedicated Performance & Operations tracks. Use code vel09scf
> > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> > _______________________________________________
> > W3af-develop mailing list
> > W3af-develop@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
> >
>
>
>
> --
> Andrés Riancho
> http://www.bonsai-sec.com/
> http://w3af.sourceforge.net/
_________________________________________________________________
Quante ne sai? Scoprilo con CrossWire!
http://clk.atdmt.com/GBL/go/140630367/direct/01/
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
