Hi, all! Please read in line. > > >> > > >>>> - Is there a plugin that analyzes HTML code (like input length fields) > > >>>> and then generates injection strings out of it? > > >>>> Example: There is a <input name="name" type="text" maxlength="30">> > > >>>> tag and w3af tries to inject strings with lengths 29, 30 and 31 > > >> > > >>For now, the max length parameter is totally ignored. > > >> > > > > I'm planning to write a Fuzzer plugin, which has a configurable option how > > many tests should be > > done (exhaustiveness) on a scale from 0 to 100, chooses and mutates > > injection data in various ways > > by combining, repeating, deleting, reordering and encoding of different > > data. It should be able to > > analyze HTML tags as well. I'll start soon and it's part of my job. > > No, this shouldn't be done as a plugin. This should be done in the > core! I think that you should search for the place where the different > fuzzable requests are created now (see tmb, all, tb in misc settings) > and then work from there. I think that the tmb/t/b/all implementation > is great, but it should be moved to somewhere else; I think that the > best place would be the createMutants. > > @Taras: What do you think?
First of all I think that I don't really understand what more complex HTML analysis we need in W3AF and needing to take attention in such things (which are controlled on client side) like HTML tag attribute maxlength. Floyd could you please describe a bit more it? > Would this be possible? I think that the > parsers should generate one fuzzable request, and the createMutants > function should be the one that would create the different mutants > based on the configuration. It's very interesting question! And there is no such thing as impossible :) But what is wrong (in design context) in current state? That form has variants? Or that these variants are generated in createFuzzableRequests()? -- Taras - OSCP, OSWP ---- "Software is like sex: it's better when it's free." - Linus Torvalds
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
