Shatter,
On Thu, Oct 22, 2009 at 10:13 AM, <shat...@shatter-blog.net> wrote:
> Hello Andres,
>
> You really did a good job with my code ^^ But I shall find normal that your
> name appears in the authors list with me and Raul Siles, no ?
I just made some minor modifications, you were the one that did most
of the job, and Raul performed the testing.
> I just have a question before writing others plugins : the BeautifulSoup
> library will not be present in the next versions of the framework ? Because
> I think it's the most practical library to parse HTML...
w3af uses BeautifulSoup, and BeautifulSoup is not in the plans to
dissapear from w3af, but you shouldn't call that library directly. Why
shouldn't you call the library directly? The question is easy :) What
if in the future, we change BeautifulSoup for other library that does
the same, but better? Then your plugin would stop working completely.
That is why you should use the framework tools to develop, and not
directly the python things. Another good example of this would be
using urllib2 directly to send the requests to the web server, which
would work, but would not respect the
proxy/authentication/logging/cookie features set by the user in the
framework configuration.
Instead of BeautifulSoup you should use this to get the links:
documentParser = dpCache.dpc.getDocumentParserFor(
response )
parsed_references, re_references =
documentParser.getReferences()
Which in the background uses BeautifulSoup.
> Thanks for your modifications, and for the link towards my website in your
> Twitter :)
You're welcome, and feel free to contribute with other plugins. The
only thing that I would advise you to do, is to send an email to this
mailing list, starting a new thread telling us on what you're going to
be working, so I can better coordinate efforts.
Thanks,
> Have a good day.
>
> Nicolas Crocfer
>
>
>
>> Shatter,
>
>>
>> On Wed, Oct 21, 2009 at 10:20 AM, <shat...@sh...> wrote:
>>> Hello,
>>>
>>> Thanks for the fix Raul, I had not pointed out this problem :s
>>
>> Please see this [0] commit. It includes a slightly modified version of
>> your plugin. The modifications I made were:
>>
>> - Removed the usage of BeautifulSoup
>> - Added the check to see if the xss was fixed or not (as reported by
>> xssed.com)
>> - Changed the messages a little bit
>> - Rewrote _decode_xssed_url in order to be read easily
>>
>> Thanks, and keep the cool plugins flowing ;)
>>
>> [0] http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=3096
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
