Floyd,
On Mon, Dec 21, 2009 at 9:04 AM, Floyd Fuh <floyd_...@yahoo.de> wrote:
> Hi Andres and list
>
>>> This time I have to disagree. I think that this is not an
>>> improvement, as we might find pages with text in German but parameter
>>> names in English; and the user would (with the best intentions) set
>>> the language to German and then the formFiller would fill the form in
>>> a wrong way.
> That's right, that's why i suggest that English should always be on and
> that's what the help info says on the side of the button.
>
> If you want we can disable the possibility to disable English.
>
>>> Another issue that I see is that maybe in a big application we
>>> have pages developed by different persons, one of them likes
>>> parameters in english and the other in german.
>
> That's correct. Then it should be set to German and English.
>
> The problem I see, is if we add a lot more languages, the form filler
> won't work anymore.
>
> An example:
>
> The word "address" in polish is "adres". Of course this field should be
> filled with an address, let's say "londonstreet 10".
> But in german, the recipient of something is called "adressat". So this
> field should be filled with a name, like "Andres".
>
> But if we add polish first, the formFiller will fill in a field named
> "addressat"
> with an address (because he found the polish "adres"), instead of
> a name.
>
> I'm sure there are better examples, but I hope you see what I mean.
>
> What do you think?
So... lets change the algorithm a little bit to something like this:
match = ''
for word in word_list:
for parameter in parameter_list:
if word in parameter and len(word) > len(match):
match = word
What do you think? With something like this we would be matching to
the longest match, thus the problems you mention would dissapear,
right?
Cheers,
> cheers
> floyd
>
>
> ________________________________
> Von: Andres Riancho <andres.rian...@gmail.com>
> An: Floyd Fuh <floyd_...@yahoo.de>
> CC: w3af-develop@lists.sourceforge.net
> Gesendet: Montag, den 21. Dezember 2009, 12:29:25 Uhr
> Betreff: Re: [W3af-develop] FormFiller
>
> Floyd,
>
> On Mon, Dec 21, 2009 at 5:26 AM, Floyd Fuh <floyd_...@yahoo.de> wrote:
>> Hi list
>>
>> I think I improved it again ;)
>>
>> I added a Language tab in configuration/miscellaneous, where you can
>> specify the language of the web application which is tested. This way the
>> form
>> filler will only look for the words in the given language(s). I added
>> German
>> and more languages should be added (we have english, german, spanish,
>> portuguese).
>
> This time I have to disagree. I think that this is not an
> improvement, as we might find pages with text in German but parameter
> names in English; and the user would (with the best intentions) set
> the language to German and then the formFiller would fill the form in
> a wrong way.
>
> Another issue that I see is that maybe in a big application we
> have pages developed by different persons, one of them likes
> parameters in english and the other in german.
>
> But your contribution was not useless! I added the parameter names
> in German to the SVN version of the formFiller. Thank you very much
> for your continious contributions! =)
>
> PS: Please read the private email I sent you the other day
>
>> ATM the language option is only used for the form filler, but maybe it
>> could
>> be used
>> somewhere else as well?
>>
>> See the attached files core.data.fuzzer.formFiller and
>> core.controllers.miscSettings
>>
>> cheers
>> floyd
>>
>>
>> ________________________________
>> Von: Andres Riancho <andres.rian...@gmail.com>
>> An: Floyd Fuh <floyd_...@yahoo.de>
>> CC: w3af-develop@lists.sourceforge.net
>> Gesendet: Donnerstag, den 17. Dezember 2009, 17:10:23 Uhr
>> Betreff: Re: [W3af-develop] FormFiller
>>
>> Floyd,
>>
>> On Thu, Dec 17, 2009 at 12:18 PM, Floyd Fuh <floyd_...@yahoo.de> wrote:
>>> Hi list
>>>
>>> I had a look at the core.data.fuzzer.formFiller. Wouldn't it be better if
>>> a password field is always filled with the same value (for example
>>> w3af-FrAmEW0rK.)?
>>> Because sometimes you have to fill in the same password twice (for
>>> example
>>> in a register
>>> form). I did it for my local version and it works fine.
>>
>> Thats a great idea! =)
>> I love these small modifications that make the framework a little
>> bit smarter =) If you have more of these, please let me know.
>>
>>> I attached the modified file
>>
>> I reviewed your code, and commited it without any modifications.
>> Thank you very much =)
>>
>>> cheers
>>> floyd
>>>
>>> __________________________________________________
>>> Do You Yahoo!?
>>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
>>> gegen Massenmails.
>>> http://mail..yahoo.com
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Verizon Developer Community
>>> Take advantage of Verizon's best-in-class app development support
>>> A streamlined, 14 day to market process makes app distribution fast and
>>> easy
>>> Join now and get one step closer to millions of Verizon customers
>>> http://p.sf.net/sfu/verizon-dev2dev
>>> _______________________________________________
>>> W3af-develop mailing list
>>> W3af-develop@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>
>>>
>>
>>
>>
>> --
>> Andrés Riancho
>> Founder, Bonsai - Information Security
>> http://www.bonsai-sec.com/
>> http://w3af.sf.net/
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf..net/sfu/verizon-dev2dev
>> _______________________________________________
>> W3af-develop mailing list
>> W3af-develop@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
>> gegen Massenmails.
>> http://mail.yahoo.com
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev
>> _______________________________________________
>> W3af-develop mailing list
>> W3af-develop@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
> __________________________________________________
> Do You Yahoo!?
> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
> gegen Massenmails.
> http://mail.yahoo.com
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
