Achim, On Wed, May 6, 2009 at 10:59 AM, Achim Hoffmann <a...@securenet.de> wrote: > Hi Andres, > > another nasty thing. > I'll explain first, then see the corresponding debug. > Tried to write a fix, but it seems not that simple without understanding > how w3af works. > > Here we go: > * a requests returns with a 302 status response (including a Location > header) > * the given FQDN in the Location header cannot be resolved (for whatever > reason) > * w3af fails to open and throws an exception (see below) > * after several such exceptions (how many?) w3af stops completely > > It would be nice if there is a simple single line for the 302, something like: > > request to http://some.tld/whatever returned 30x to > http://other.tld/whatever > > If the FQDN is not resolvable, a corresponding one-line message instead of > the stack trace. > > In this case (see below) the information returned in the Location header is > important, it yields some internal hostnames:) > > Here the debug example: > > ----------------------- > [ 05/06/09 14:35:12 - debug ] keepalive: added one connection, > len(self._hostmap["pbc-vip:8080"]): 10 > [ 05/06/09 14:35:14 - debug ] Incrementing global error count. GEC: 9 > [ 05/06/09 14:35:14 - debug ] w3af failed to reach the server while > requesting: "https://some.tld/whatever";. > [ 05/06/09 14:35:14 - debug ] Reason: "(11001, 'getaddrinfo failed')"; going > to retry. > [ 05/06/09 14:35:14 - debug ] Traceback for this error: Traceback (most > recent call last): > [ 05/06/09 14:35:14 - debug ] File > "D:\Programme\w3af\core\data\url\xUrllib.py", line 468, in _send > [ 05/06/09 14:35:14 - debug ] res = self._cacheOpener.open( req ) > [ 05/06/09 14:35:14 - debug ] File "C:\Python25\lib\urllib2.py", line 387, > in open > [ 05/06/09 14:35:14 - debug ] response = meth(req, response) > [ 05/06/09 14:35:14 - debug ] File "C:\Python25\lib\urllib2.py", line 498, > in http_response > [ 05/06/09 14:35:14 - debug ] 'http', request, response, code, msg, hdrs) > [ 05/06/09 14:35:14 - debug ] File "C:\Python25\lib\urllib2.py", line 419, > in error > [ 05/06/09 14:35:14 - debug ] result = self._call_chain(*args) > [ 05/06/09 14:35:14 - debug ] File "C:\Python25\lib\urllib2.py", line 360, > in _call_chain > [ 05/06/09 14:35:14 - debug ] result = func(*args) > [ 05/06/09 14:35:14 - debug ] File > "D:\Programme\w3af\core\data\url\handlers\logHandler.py", line 108, in > mod_http_error_302 > [ 05/06/09 14:35:14 - debug ] return self.old_http_error_302(req, fp, > code, msg, headers) > [ 05/06/09 14:35:14 - debug ] File "C:\Python25\lib\urllib2.py", line 582, > in http_error_302 > [ 05/06/09 14:35:14 - debug ] return self.parent.open(new) > [ 05/06/09 14:35:14 - debug ] File "C:\Python25\lib\urllib2.py", line 381, > in open > [ 05/06/09 14:35:14 - debug ] response = self._open(req, data) > [ 05/06/09 14:35:14 - debug ] File "C:\Python25\lib\urllib2.py", line 399, > in _open > [ 05/06/09 14:35:14 - debug ] '_open', req) > [ 05/06/09 14:35:14 - debug ] File "C:\Python25\lib\urllib2.py", line 360, > in _call_chain > [ 05/06/09 14:35:14 - debug ] result = func(*args) > [ 05/06/09 14:35:14 - debug ] File > "D:\Programme\w3af\core\data\url\handlers\keepalive.py", line 541, in > https_open > [ 05/06/09 14:35:14 - debug ] return self.do_open(req) > [ 05/06/09 14:35:14 - debug ] File > "D:\Programme\w3af\core\data\url\handlers\keepalive.py", line 421, in do_open > [ 05/06/09 14:35:14 - debug ] raise urllib2.URLError(err) > [ 05/06/09 14:35:14 - debug ] URLError: <urlopen error (11001, 'getaddrinfo > failed')> > [ 05/06/09 14:35:14 - debug ] > [ 05/06/09 14:35:14 - debug ] Re-sending request... > [ 05/06/09 14:35:14 - debug ] keepalive: The connection manager has 11 active > connections. > [ 05/06/09 14:35:14 - debug ] keepalive: The connection manager has 11 active > connections. > [ 05/06/09 14:35:14 - debug ] keepalive: added one connection, > len(self._hostmap["pbc-vip:8080"]): 11 > [ 05/06/09 14:35:16 - debug ] Incrementing global error count. GEC: 10 > [ 05/06/09 14:35:16 - error ] > [ 05/06/09 14:35:16 - error ] **IMPORTANT** The following error was detected > by > w3af and couldn't be resolved: The xUrllib found too much consecutive errors. > The remote webserver doesn't seem to be reachable anymore; please verify > manually. > [ 05/06/09 14:35:16 - error ] > -----------------------
I think that you will be able to apply a fix, if in the mod_http_error_302 method of the logHandler.py file, you check if the "new domain" can be resolved or not, before actually performing the request to it. Do you want to give it a try? Cheers, > Achim > > > ------------------------------------------------------------------------------ > The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your > production scanning environment may not be a perfect world - but thanks to > Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 > Series Scanner you'll get full speed at 300 dpi even with all image > processing features enabled. http://p.sf.net/sfu/kodak-com > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
