Hey Andres and list
>> Floyd,
>>
>> On Mon, Dec 21, 2009 at 11:58 AM, Floyd Fuh <floyd_...@yahoo.de> wrote:
>> > Andres,
>> >
>> > Your suggestion will work alright as long as there is no
>> > word with two different meanings. Means if
>> > there is no word which means something in one language
>> > and something completely different in another language.
>> > And I think that won't happen very often.
>>
>> Yep, you're right, this wont happen very often.
>>
>> > I have a suggestion for the new smartFill method. It will use
>> > the longest one and if they are both the same length, it will use
>> > the one that is first inside the string. So if we have "password" as field
>> > name
>> > we prefer the db name "pass" instead of "word".
>>
>> Excellent suggestion.
>>
>> > variable_name = variable_name.lower()
>> >
>> > handlers = [ (long_alpha, (createRandAlpha, 7)),
>> > (short_alpha, (createRandAlpha, 3)),
>> > (long_number, (createRandNum, 5)),
>> > (short_number, (createRandNum, 2)),
>> > (date, (createRandNum, 1)),
>> > (password, (lambda x: 'w3af-FrAmEW0rK.', None)),
>> > (mail, (lambda x: 'w...@email.com', None)),
>> > (state, (lambda x: 'AK', None)) ]
>> >
>> > value = None
>> > used_name_from_db = None
>> >
>> > for name_function, (custom_generator, length) in handlers:
>> >
>> > for name_in_db in name_function():
>> > if variable_name.count( name_in_db ) or name_in_db.count(
>> > variable_name ): #new db name in variable
>> > if value == None or len(name_in_db) >
>> > len(used_name_from_db): #new db name longer
>> > #use it
>> > used_name_from_db = name_in_db
>> > value = custom_generator( length )
>> > elif len(name_in_db) == len(used_name_from_db): #new db
>> > same
>> > length as old db name
>> > #When we have abcdefg we prefer bcd instead of def
>> > used_index = max(variable_name.find(used_name_from_db),
>> > used_name_from_db.find(variable_name)) # One of both is -1
>> > new_index = max(variable_name.find(name_in_db),
>> > name_in_db.find(variable_name)) # One of both is -1
>> > if new_index < used_index:
>> > used_name_from_db = name_in_db
>> > value = custom_generator( length )
>> >
>> > if value == None:
>> > # Well... nothing was found (this is bad!)
>> > # Its better to send numbers when nothing matches.
>> > value = createRandNum( 4 )
>> > else:
>> > dbg = 'SmartFilling parameter ' + variable_name + ' of form because
>> > matching with '
>> > dbg += used_name_from_db +' value: ' + value
>> > om.out.debug( dbg )
>> >
>> > return value
>>
>> And I like the implementation also, so I commited it to the SVN. Thanks!
>>
Great :)
>> If you have other ideas to improve the algorithm, please let me know.
>> Something I've been thinking about, is that maybe instead of using the
>> result of "createRandAlpha(7)", we should use the result of
>> "createRandAlpha(7).lower()", I think that maybe there could be some
>> applications that accept "anclshf" but not accept "ndGksnZ" (see the G
>> and the Z); but all applications that accept "ndGksnZ" will also
>> accept "anclshf". With these simple modifications, maybe we can get
>> through some more filters, and find vulnerabilities that other fuzzers
>> don't find.
>>
Hmm, I'm not sure. Normally they only check for alphabetic or numeric values
and are not case sensitive. I think both will work most of the time.
>> Something else that could be interesting, is to change the
>> createRandAlpha function in order to seed it with some value, in order
>> to make it return always the same results. The problem I see is that
>> the implementation of such a feature could be really hard, given that
>> w3af uses threads and maybe one thread runs in position 1 on run #1,
>> but runs in position 3 on run #2..
>>
That would be great. Maybe the threads have unique identifier? Then we could
maybe do something like this:
def initialize(seedValue):
randomGenerator1 = random()
randomGenerator1.seed(seedValue)
randomGenerator2 = random()
randomGenerator2.seed(seedValue+20)
#and then
if thread.id == 1:
randomGenerator1.choice(x)
elif thread.id == 2:
randomGenerator2.choice(x)
Of course we will have to do that in a seperate object, so we would only do
wrapperObject.seed(seedValue)
wrapperObject.setThread(thread)
#and then
wrapperObject.choice(x)
>> >
>> > cheers
>> > floyd
>> >
>> > PS: Andres, I'm still answering your other mail :)
>>
>> hehe, ok.
>>
Did you get my answer? :)
Merry christmas everybody
floyd
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen
Massenmails.
http://mail.yahoo.com ------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
