Andres, 2009/11/23 Andres Riancho <andres.rian...@gmail.com>: > Guys, > > Anybody has time to code a new audit plugin, that will find > session fixation vulnerabilities?
I have 2 Saturdays....will this be enough? =) > > Basically the plugin needs to: > > - Read if there is a current cookie parameter names (PHPSESSID=... ; > FOOBAR=...) > > - Append the cookie parameter to the URL: > * /the/url/?id=1&PHPSESSID=w3af-session-fixation > * /the/url/?id=1&FOOBAR=w3af-session-fixation > > - Analyze the response of each request, and see if there is a > set-cookie header in the response with the w3af-session-fixation > string. > > I could do it, but I would rather delegate this task, as it is > simple, and someone that is starting to develop in w3af can learn a > lot by giving it a try. > If possible... I will try to develop this plugin > Thanks! > > Cheers, > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Martin Tartarelli Linux User #476492 http://owasp.org/index.php/Argentina -- ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
