Hi Taras, sorry for the late answer. I'm just so busy at work these days.
Taras <ta...@securityaudit.ru> wrote: j > > What I'd like to have is a clean ORM to the database (SQLAlchemy[0]? + > > Elixir[1] > > maybe?) so there's no need to write your own code interacting with the > > database. > > I will research SQLAlchemy in the weekend, thanks =) Great. SQLAlchemy was the first ORM to come to my mind as it is very widespread, there may of course be other ORMs which better fit the task at hand. > > I also would like to save the requests and responses in the database in a > > way > > that makes the full, raw data accessible to me for searches. I love the > > idea of > > searching in the data with the search bar using SQL syntax. It gives me the > > power necessary to even do complex searches. So I would like to have > > unrestricted access to the underlying database with my search. I send the > > raw > > SQL query, w3af gets the results from the database and parses them for > > display > > in the proxy or results view. Perfect :). > > Not always =) Usually I don't want to thinking about SQL syntax when I want > to search something. > For example, I want to filter results by host. So I simply insert in search > field 'yahoo.com'. > Not 'url like '%yahoo.com%''. For Advanced search there are advanced options. Ok, if we can have both, than I'd be satisfied too, of course :). I just think that having the ability to do a search by using the powerful SQL syntax is a very nice thing to have. I always like to have as much control as possible over the applications I use, but that might just be me being a pentester ;). > > - Storing the requests and responses in an accessible way in the database > > may > > mean that we have to rebuild the FuzzableRequest objects everytime we > > want to > > use a request from the database. On the other hand, I'm not sure if the > > current > > pickling/unpickling is that efficient either, actually. > > By the way, it's very interesting point! What can you suggest? Hm, one possibility would be to use something similar to the layout Metasploit's WMAP plugin[0] uses: CREATE TABLE requests ( 'host' VARCHAR(20), 'port' INTEGER, 'ssl' INTEGER, 'meth' VARCHAR(20), 'path' BLOB, 'headers' BLOB, 'query' BLOB, 'body' BLOB, 'respcode' VARCHAR(5), 'resphead' BLOB, 'response' BLOB, 'created' TIMESTAMP ); [0] http://trac.metasploit.com/browser/framework3/trunk/documentation/wmap.txt > Any way thanks for good critique! It's always helpful =) Sure, I just want to help make w3af even better and exchange ideas how to achieve this. And get all the features in I would like to have for my daily work ;). Regards, Patrick -- The Plague: You wanted to know who I am, Zero Cool? Well, let me explain the New World Order. Governments and corporations need people like you and me. We are Samurai... the Keyboard Cowboys... and all those other people who have no idea what's going on are the cattle... Moooo. (Hackers) ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
