Floyd, On Tue, Oct 20, 2009 at 11:29 AM, Floyd Fuh <fu.her...@yahoo.de> wrote: > > Dear w3af developers > > - Is there a plugin where I can just specify a list of strings, which is used > for every found parameter (GET, POST)? > Example: Crawler finds http://www.example.com/index.html?id=5 and fuzzes > the id parameter with values of the list
You should use the fuzzy request editor tool, which you can find in the GUI menu. > - Is there a plugin that analyzes HTML code (like input length fields) and > then generates injection strings out of it? > Example: There is a <input name="name" type="text" maxlength="30"> tag and > w3af tries to inject strings with lengths 29, 30 and 31 For now, the max length parameter is totally ignored. > - Is there a mechanism that measures the response delay for the different > requests? hmmm, there is something, but I think it is not working, because on every request it says 0.2sec.Take a look at xUrllib, just search for time.time() or something like that, and you'll find what you need. > - Is there a command to disable plugins on the w3af command line? > Example: After "discovery MSNSpider" disable the plugin? discovery !plugin > - Is there a time slot when somone is on the #w3af IRC channel on freenode? hehe, no, at least for me, IRC is a privilege that I don't have everyday. > For every question where the answer is "no", I'm thinking about to implement > it. If my boss is willing to support that. Great! You should start with the time bug, which can be (i think) easily fixed if you read the code carefully =) Cheers, > cheers > floyd > __________________________________________________ > Do You Yahoo!? > Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz > gegen Massenmails. > http://mail.yahoo.com > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
