Hi all,
I have a few questions about the way w3af currently saves requests and responses
in its sqlite database, which naturally go primarily to you, Andrés ;).
I use w3af more for its manual testing abilities than for the whole automated
stuff, which is why I'm mostly interested in the spiderMan plugin / the proxy
taras is currently writing. Not that I think the automated plugins are bad, I
just don't use them much, if at all.
So I was looking at the URLs I had already gathered in the "Results" tab of the
GUI (with spiderMan) and noticed that the search function is actually quite
limited. I cannot search in request bodies (e.g. POST data) and I cannot search
in responses at all.
Having a look at the code saving the requests and responses and the persist.py
sources tells me why: because the request and response object are stored as
pickled blobs of data in the database. This is of course unfortunate if you
want to search in their data.
So my question are:
- What would you say: would it be a good idea to code the possibility into w3af
to search in _all_ of the request and response data?
- Is there already work done in this area?
- Can you think of any pitfalls or suggestions you may have before I go and code
sth. up, if we agree that this would be nice to have? E.g., performance
issues?
- How's the general development of the database persistence feature coming
along? The code tells me for example that I will be able to set the database
name, but the feature doesn't seem to be activated in the (gtk)UI. Along the
same lines, I see that there's already code to load a database on startup, but
that doesn't seem to be activated, too.
Patrick
--
The Plague: You wanted to know who I am, Zero Cool? Well, let me explain
the New World Order. Governments and corporations need people
like you and me. We are Samurai... the Keyboard Cowboys... and
all those other people who have no idea what's going on are
the cattle... Moooo.
(Hackers)
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
