Taras,
On Sun, Oct 11, 2009 at 4:32 PM, Taras <ta...@securityaudit.ru> wrote:
> Hello!
>
> On Sun, 2009-10-11 at 16:08 -0300, Andres Riancho wrote:
>> Taras,
>>
>> How're you doing? As I'm going to be working with w3af full time
>> during the next weeks, one of the main tasks that I've in mind is to
>> finish the amazing work you've done in your branch.
> As I think it will be good to join my branch with trunk
>
>> I have a couple of
>> questions:
>>
>> - Could you please sum up what you've done in an email?
> Hmmm, for this moment:
> - a lot of GUI improvements (tabs, headers and params editable tables
> and so on)
> - new DB backend - HistoryItem (may be it will be replaced SQLachemy in
> future)
Hmmm, do we realllly need to add another dependency to the
project? What would SQLachemy give us in the long term if we compare
it to an ad-hoc persistence model like the one that is implemented
right now?
> - marks for req/res entries
This refers to the "B" column I'm seeing in the History tab? I'm
also seeing something interesting, the "Info" tab, which is there but
can't be written. Is the idea of the tab to be able to add comments to
a request/response? Something like tagging?
> - draft realization of audit plugins support
I'll finish this one next week (starting on Tuesday).
> - moved IMAGE_EXTENSIONS to option "Do not trap". Not it's regex
Nice,
>> - Could you please tell me what's in your TODO list for the branch, so
>> we can work together to finish it?
> As I think we need:
> - a lot of testing to make MITM Proxy as stable as possible
I'll do this, and try to fix most of the bugs I find.
> - support of tags for req/res entries (simple task)
Please read above, is this related to the "Info" tab?
> - parsing of POST request fields like for GET (simple task)
> - option "What methods to trap" like in WebScarab (simple task)
I'll work on these two also.
One thing that we need to fix, is that when port 8080 is already
in use, and you try to start the proxy, a little window pops-up saying
just that, and there is no option to actually change the port, or do
anything else, so if port 8080 is already in use, it is impossible to
start the proxy. Added bug:
https://sourceforge.net/tracker/?func=detail&aid=2876614&group_id=170274&atid=853652
> Also it will be good if we have:
> - full text search in whole req/res bodies
> - some scripting for req/res processing
> - may be some parameter to ./w3af_gui to start MITM proxy without main
> W3AF window?
>
> Do I forget something?
I think that a BIG feature that we're missing is to save all the
requests and responses in a place where afterwards the user is able to
read them using w3af, or just a simple python script. Just finished
adding all my tasks to this list:
https://sourceforge.net/pm/task.php?group_project_id=59979&group_id=170274&func=browse
> By the way I'm in vacations now for 2 weeks, so I can write more code in
> w3af :)
Nice, but you could also go to the beach and chase some girls... ;)
If you're staying at home, lets talk and work together in order to
get more things done =)
Cheers,
> --
> Taras - OSCP, OSWP
> ----
> "Software is like sex: it's better when it's free." - Linus Torvalds
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
