Taras, On Sun, Jul 26, 2009 at 6:12 PM, Taras<ta...@securityaudit.ru> wrote: > Andres, > >> Lists, >> >> Yesterday I committed a new feature to the framework, it's simple >> but really handy in some cases. Now w3af allows you to export the HTTP >> requests to javascript and python. The idea is to be able to reproduce >> the same requests from different places. In the first case, the >> javascript exporting will be mainly used for XSS exploitation; while >> the python export feature is handy to send a python script to your >> client to say: "run this to reproduce your problem". >> >> The new feature can be found in the SVN trunk, more precisely in >> the GTK user interface toolbar. >> >> What do you guys think? > > Looks like nice feature =) > I have some comments about it: > >> request = urllib2.Request(url, data, headers) >> response = urllib2.urlopen(request) >> response_body = response.read() >> print response_body > > What will be if HTML output will be really big? > May be it will be useful to add some filter to output and print it like: > > " > ... > <script>alert(/XSS/)</script><h1> > > ... > "
At first I thought the same, but I think that this tool will be used by people that know something about coding, and will change the code after exporting it. Maybe they'll remove the print line, maybe they'll concatenate two exported requests in order to reproduce something more interesting, etc. Cheers, > -- > Taras > ---- > "Software is like sex: it's better when it's free." - Linus Torvalds > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
