Floyd, On Mon, Dec 21, 2009 at 11:58 AM, Floyd Fuh <floyd_...@yahoo.de> wrote: > Andres, > > Your suggestion will work alright as long as there is no > word with two different meanings. Means if > there is no word which means something in one language > and something completely different in another language. > And I think that won't happen very often.
Yep, you're right, this wont happen very often. > I have a suggestion for the new smartFill method. It will use > the longest one and if they are both the same length, it will use > the one that is first inside the string. So if we have "password" as field > name > we prefer the db name "pass" instead of "word". Excellent suggestion. > variable_name = variable_name.lower() > > handlers = [ (long_alpha, (createRandAlpha, 7)), > (short_alpha, (createRandAlpha, 3)), > (long_number, (createRandNum, 5)), > (short_number, (createRandNum, 2)), > (date, (createRandNum, 1)), > (password, (lambda x: 'w3af-FrAmEW0rK.', None)), > (mail, (lambda x: 'w...@email.com', None)), > (state, (lambda x: 'AK', None)) ] > > value = None > used_name_from_db = None > > for name_function, (custom_generator, length) in handlers: > > for name_in_db in name_function(): > if variable_name.count( name_in_db ) or name_in_db.count( > variable_name ): #new db name in variable > if value == None or len(name_in_db) > > len(used_name_from_db): #new db name longer > #use it > used_name_from_db = name_in_db > value = custom_generator( length ) > elif len(name_in_db) == len(used_name_from_db): #new db same > length as old db name > #When we have abcdefg we prefer bcd instead of def > used_index = max(variable_name.find(used_name_from_db), > used_name_from_db.find(variable_name)) # One of both is -1 > new_index = max(variable_name.find(name_in_db), > name_in_db.find(variable_name)) # One of both is -1 > if new_index < used_index: > used_name_from_db = name_in_db > value = custom_generator( length ) > > if value == None: > # Well... nothing was found (this is bad!) > # Its better to send numbers when nothing matches. > value = createRandNum( 4 ) > else: > dbg = 'SmartFilling parameter ' + variable_name + ' of form because > matching with ' > dbg += used_name_from_db +' value: ' + value > om.out.debug( dbg ) > > return value And I like the implementation also, so I commited it to the SVN. Thanks! If you have other ideas to improve the algorithm, please let me know. Something I've been thinking about, is that maybe instead of using the result of "createRandAlpha(7)", we should use the result of "createRandAlpha(7).lower()", I think that maybe there could be some applications that accept "anclshf" but not accept "ndGksnZ" (see the G and the Z); but all applications that accept "ndGksnZ" will also accept "anclshf". With these simple modifications, maybe we can get through some more filters, and find vulnerabilities that other fuzzers don't find. Something else that could be interesting, is to change the createRandAlpha function in order to seed it with some value, in order to make it return always the same results. The problem I see is that the implementation of such a feature could be really hard, given that w3af uses threads and maybe one thread runs in position 1 on run #1, but runs in position 3 on run #2. > > cheers > floyd > > PS: Andres, I'm still answering your other mail :) hehe, ok. > > > ________________________________ > Von: Andres Riancho <andres.rian...@gmail.com> > An: Floyd Fuh <floyd_...@yahoo.de> > CC: w3af-develop@lists.sourceforge.net > Gesendet: Montag, den 21. Dezember 2009, 13:09:13 Uhr > Betreff: Re: [W3af-develop] FormFiller > > Floyd, > > On Mon, Dec 21, 2009 at 9:04 AM, Floyd Fuh <floyd_...@yahoo.de> wrote: >> Hi Andres and list >> >>>> This time I have to disagree. I think that this is not an >>>> improvement, as we might find pages with text in German but parameter >>>> names in English; and the user would (with the best intentions) set >>>> the language to German and then the formFiller would fill the form in >>>> a wrong way. >> That's right, that's why i suggest that English should always be on and >> that's what the help info says on the side of the button.. >> >> If you want we can disable the possibility to disable English. >> >>>> Another issue that I see is that maybe in a big application we >>>> have pages developed by different persons, one of them likes >>>> parameters in english and the other in german. >> >> That's correct. Then it should be set to German and English. >> >> The problem I see, is if we add a lot more languages, the form filler >> won't work anymore. >> >> An example: >> >> The word "address" in polish is "adres". Of course this field should be >> filled with an address, let's say "londonstreet 10". >> But in german, the recipient of something is called "adressat". So this >> field should be filled with a name, like "Andres". >> >> But if we add polish first, the formFiller will fill in a field named >> "addressat" >> with an address (because he found the polish "adres"), instead of >> a name. >> >> I'm sure there are better examples, but I hope you see what I mean. >> >> What do you think? > > So... lets change the algorithm a little bit to something like this: > > match = '' > for word in word_list: > for parameter in parameter_list: > if word in parameter and len(word) > len(match): > match = word > > What do you think? With something like this we would be matching to > the longest match, thus the problems you mention would dissapear, > right? > > Cheers, > >> cheers >> floyd >> >> >> ________________________________ >> Von: Andres Riancho <andres.rian...@gmail.com> >> An: Floyd Fuh <floyd_...@yahoo.de> >> CC: w3af-develop@lists.sourceforge.net >> Gesendet: Montag, den 21. Dezember 2009, 12:29:25 Uhr >> Betreff: Re: [W3af-develop] FormFiller >> >> Floyd, >> >> On Mon, Dec 21, 2009 at 5:26 AM, Floyd Fuh <floyd_...@yahoo.de> wrote: >>> Hi list >>> >>> I think I improved it again ;) >>> >>> I added a Language tab in configuration/miscellaneous, where you can >>> specify the language of the web application which is tested. This way the >>> form >>> filler will only look for the words in the given language(s). I added >>> German >>> and more languages should be added (we have english, german, spanish, >>> portuguese). >> >> This time I have to disagree.. I think that this is not an >> improvement, as we might find pages with text in German but parameter >> names in English; and the user would (with the best intentions) set >> the language to German and then the formFiller would fill the form in >> a wrong way. >> >> Another issue that I see is that maybe in a big application we >> have pages developed by different persons, one of them likes >> parameters in english and the other in german. >> >> But your contribution was not useless! I added the parameter names >> in German to the SVN version of the formFiller. Thank you very much >> for your continious contributions! =) >> >> PS: Please read the private email I sent you the other day >> >>> ATM the language option is only used for the form filler, but maybe it >>> could >>> be used >>> somewhere else as well? >>> >>> See the attached files core.data.fuzzer.formFiller and >>> core.controllers.miscSettings >>> >>> cheers >>> floyd >>> >>> >>> ________________________________ >>> Von: Andres Riancho <andres.rian...@gmail.com> >>> An: Floyd Fuh <floyd_...@yahoo.de> >>> CC: w3af-develop@lists.sourceforge.net >>> Gesendet: Donnerstag, den 17. Dezember 2009, 17:10:23 Uhr >>> Betreff: Re: [W3af-develop] FormFiller >>> >>> Floyd, >>> >>> On Thu, Dec 17, 2009 at 12:18 PM, Floyd Fuh <floyd_...@yahoo.de> wrote: >>>> Hi list >>>> >>>> I had a look at the core.data.fuzzer.formFiller. Wouldn't it be better >>>> if >>>> a password field is always filled with the same value (for example >>>> w3af-FrAmEW0rK.)? >>>> Because sometimes you have to fill in the same password twice (for >>>> example >>>> in a register >>>> form). I did it for my local version and it works fine. >>> >>> Thats a great idea! =) >>> I love these small modifications that make the framework a little >>> bit smarter =) If you have more of these, please let me know. >>> >>>> I attached the modified file >>> >>> I reviewed your code, and commited it without any modifications. >>> Thank you very much =) >>> >>>> cheers >>>> floyd >>>> >>>> __________________________________________________ >>>> Do You Yahoo!? >>>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz >>>> gegen Massenmails. >>>> http://mail..yahoo.com >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF.Net email is sponsored by the Verizon Developer Community >>>> Take advantage of Verizon's best-in-class app development support >>>> A streamlined, 14 day to market process makes app distribution fast and >>>> easy >>>> Join now and get one step closer to millions of Verizon customers >>>> http://p.sf.net/sfu/verizon-dev2dev >>>> _______________________________________________ >>>> W3af-develop mailing list >>>> W3af-develop@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>> >>>> >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.Net email is sponsored by the Verizon Developer Community >>> Take advantage of Verizon's best-in-class app development support >>> A streamlined, 14 day to market process makes app distribution fast and >>> easy >>> Join now and get one step closer to millions of Verizon customers >>> http://p.sf..net/sfu/verizon-dev2dev >>> _______________________________________________ >>> W3af-develop mailing list >>> W3af-develop@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>> >>> __________________________________________________ >>> Do You Yahoo!? >>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz >>> gegen Massenmails. >>> http://mail.yahoo.com >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.Net email is sponsored by the Verizon Developer Community >>> Take advantage of Verizon's best-in-class app development support >>> A streamlined, 14 day to market process makes app distribution fast and >>> easy >>> Join now and get one step closer to millions of Verizon customers >>> http://p.sf.net/sfu/verizon-dev2dev >>> _______________________________________________ >>> W3af-develop mailing list >>> w3af-deve...@lists..sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>> >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ >> >> __________________________________________________ >> Do You Yahoo!? >> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz >> gegen Massenmails. >> http://mail.yahoo.com > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > __________________________________________________ > Do You Yahoo!? > Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz > gegen Massenmails. > http://mail.yahoo..com -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
