Hey Andres
Exactly. The framework locks, no requests will be sent anymore and the GUI
is still usable.
I tried to find the bug with winpdb (on a Ubuntu machine). I wasn't able to
find it,
but at the end, a thread was busy waiting in the
/usr/lib/python2.6/threading.py on
line 248 (there is a "while True:" loop) and wasn't able to get out of there.
I hope that helps, because my python skills are too poor to monitor multiple
threads
and then draw a correct conclusion :(
cheers
floyd
PS: Here the verbose console output:
some...@computer:~/Desktop/Dropbox/w3af$ ./w3af_gui
Starting w3af, running on:
Python version:
2.6..4 (r264:75706, Dec 7 2009, 18:43:55)
[GCC 4.4.1]
GTK version: 2.18.3
PyGTK version: 2.16.0
w3af - Web Application Attack and Audit Framework
Version: 1.1 (from SVN server)
Revision: 3259
Author: Andres Riancho and the w3af team.
Exiting setOutputPlugins()
Auto-enabling plugin: grep.httpAuthDetect
Called w3afCore.start()
Called buildOpeners
keepalive: The connection manager has 0 active connections.
keepalive: added one connection, len(self._hostmap["www.example.com"]): 1
DNS response from DNS server for domain: www.example.com
GET http://www.example.com returned HTTP code "200" - id: 1
Assigning function object with id: "56409776" to a thread in the thread pool.
Called _discoverWorker()
Starting plugin: webSpider
webSpider plugin is testing: http://www.example.com
keepalive: The connection manager has 1 active connections.
Starting grepWorker for response: < httpResponse | 200 | http://www.example.com
| id:1 >
GET http://www.example.com returned HTTP code "200" - id: 2
Assigning function object with id: "64743056" to a thread in the thread pool.
Assigning function object with id: "64814128" to a thread in the thread pool.
Assigning function object with id: "64814208" to a thread in the thread pool.
Assigning function object with id: "64814928" to a thread in the thread pool.
Assigning function object with id: "64814368" to a thread in the thread pool.
Assigning function object with id: "64814688" to a thread in the thread pool.
Assigning function object with id: "64814528" to a thread in the thread pool.
Assigning function object with id: "64815008" to a thread in the thread pool.
Assigning function object with id: "64814288" to a thread in the thread pool.
Assigning function object with id: "64814848" to a thread in the thread pool.
Assigning function object with id: "64814608" to a thread in the thread pool.
Assigning function object with id: "64856144" to a thread in the thread pool.
Assigning function object with id: "64856224" to a thread in the thread pool.
Assigning function object with id: "64856304" to a thread in the thread pool.
Assigning function object with id: "64856384" to a thread in the thread pool.
Assigning function object with id: "64856464" to a thread in the thread pool.
Assigning function object with id: "64856544" to a thread in the thread pool.
Assigning function object with id: "64858624" to a thread in the thread pool.
Assigning function object with id: "64859904" to a thread in the thread pool.
Assigning function object with id: "64859984" to a thread in the thread pool.
Assigning function object with id: "64860064" to a thread in the thread pool.
Assigning function object with id: "69324880" to a thread in the thread pool.
Assigning function object with id: "69324960" to a thread in the thread pool.
Assigning function object with id: "69325040" to a thread in the thread pool.
Assigning function object with id: "69325120" to a thread in the thread pool.
Assigning function object with id: "69325200" to a thread in the thread pool.
Assigning function object with id: "69325280" to a thread in the thread pool.
Assigning function object with id: "69325360" to a thread in the thread pool.
Assigning function object with id: "69325440" to a thread in the thread pool.
Assigning function object with id: "69325520" to a thread in the thread pool.
Assigning function object with id: "69325600" to a thread in the thread pool.
Assigning function object with id: "69325680" to a thread in the thread pool.
Assigning function object with id: "69325760" to a thread in the thread pool.
Assigning function object with id: "69325840" to a thread in the thread pool.
Assigning function object with id: "69325920" to a thread in the thread pool.
Starting grepWorker for response: < httpResponse | 200 | http://www.example.com
| id:2 >
keepalive: The connection manager has 1 active connections.
keepalive: The connection manager has 1 active connections.
keepalive: The connection manager has 1 active connections.
keepalive: added one connection, len(self._hostmap["www.example.com"]): 2
Cached DNS response for domain: www.example.com
keepalive: The connection manager has 2 active connections.
keepalive: added one connection, len(self._hostmap["www.example.com"]): 3
Finished grepWorker for response: < httpResponse | 200 | http://www.example.com
| id:2 >
keepalive: The connection manager has 3 active connections.
keepalive: The connection manager has 3 active connections.
keepalive: The connection manager has 3 active connections.
keepalive: The connection manager has 3 active connections.
keepalive: The connection manager has 3 active connections.
keepalive: The connection manager has 3 active connections.
keepalive: The connection manager has 3 active connections.
keepalive: The connection manager has 3 active connections.
Finished grepWorker for response: < httpResponse | 200 | http://www.example.com
| id:1 >
keepalive: The connection manager has 3 active connections.
Cached DNS response for domain: www.example.com
keepalive: The connection manager has 3 active connections.
keepalive: added one connection, len(self._hostmap["www.example.com"]): 4
keepalive: The connection manager has 4 active connections.
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self.._hostmap["www.example.com"]): 5
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 6
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 7
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 8
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 9
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 10
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 11
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 12
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 13
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 14
Cached DNS response for domain: www.example.com
keepalive: added one connection, len(self._hostmap["www.example.com"]): 15
Cached DNS response for domain: www.example.com
GET http://www.example.com/img/logo-klein.jpg returned HTTP code "200" - id: 3
Assigning function object with id: "69326480" to a thread in the thread pool.
Assigning function object with id: "69354192" to a thread in the thread pool.
Assigning function object with id: "69355552" to a thread in the thread pool.
Assigning function object with id: "69355952" to a thread in the thread pool.
Assigning function object with id: "69356352" to a thread in the thread pool.
Assigning function object with id: "69356432" to a thread in the thread pool.
Assigning function object with id: "69356912" to a thread in the thread pool.
Assigning function object with id: "69356512" to a thread in the thread pool.
Assigning function object with id: "69357232" to a thread in the thread pool.
Assigning function object with id: "69357472" to a thread in the thread pool.
Assigning function object with id: "69390496" to a thread in the thread pool.
Assigning function object with id: "69390816" to a thread in the thread pool.
Assigning function object with id: "69391056" to a thread in the thread pool.
Assigning function object with id: "69357072" to a thread in the thread pool..
Assigning function object with id: "69356992" to a thread in the thread pool.
GET http://www.example.com/img/design/logo.jpg returned HTTP code "200" - id: 4
Assigning function object with id: "69326000" to a thread in the thread pool.
GET http://www.example.com/google-analytics.com/ga.js returned HTTP code "404"
- id: 5
Assigning function object with id: "69390656" to a thread in the thread pool.
keepalive: The connection manager has 15 active connections.
keepalive: The connection manager has 15 active connections.
keepalive: The connection manager has 15 active connections..
keepalive: The connection manager has 15 active connections.
GET http://www.example.com/profil.php?anfragen=1 returned HTTP code "200" - id:
9
Assigning function object with id: "64814768" to a thread in the thread pool.
GET http://www.example.com/inserate.php returned HTTP code "200" - id: 10
Assigning function object with id: "69328320" to a thread in the thread pool.
GET http://www.example.com/myangebote.php returned HTTP code "200" - id: 11
Assigning function object with id: "69354432" to a thread in the thread pool.
keepalive: The connection manager has 15 active connections.
GET http://www.example.com/anfrageeinstellen.php returned HTTP code "200" - id:
13
Assigning function object with id: "69327280" to a thread in the thread pool.
GET http://www.example.com/logic.php?page=login returned HTTP code "200" - id:
14
Assigning function object with id: "64814368" to a thread in the thread pool.
GET http://www.example.com/anfragesuche.php?searched=true returned HTTP code
"200" - id: 15
Assigning function object with id: "69353792" to a thread in the thread pool.
GET http://www.example.com/img/design/anmeldebutton.jpg returned HTTP code
"200" - id: 16
Assigning function object with id: "69328080" to a thread in the thread pool.
GET http://www.example.com/css/ie.css returned HTTP code "200" - id: 17
Assigning function object with id: "69328800" to a thread in the thread pool.
GET http://www.example.com/anleitung.php returned HTTP code "200" - id: 18
Assigning function object with id: "69327840" to a thread in the thread pool.
GET http://www.example.com/sponsoren.php returned HTTP code "200" - id: 19
Assigning function object with id: "69327600" to a thread in the thread pool.
GET http://www.example.com/impressum.php returned HTTP code "200" - id: 20
Assigning function object with id: "69353712" to a thread in the thread pool.
GET http://www.example.com/kontakt.php returned HTTP code "200" - id: 21
Assigning function object with id: "69326240" to a thread in the thread pool.
GET http://www.example.com/index.php returned HTTP code "200" - id: 22
Assigning function object with id: "69328560" to a thread in the thread pool.
________________________________
Von: Andres Riancho <andres.rian...@gmail.com>
An: Floyd Fuh <floyd_...@yahoo.de>
CC: w3af-develop@lists.sourceforge.net
Gesendet: Montag, den 28. Dezember 2009, 23:26:46 Uhr
Betreff: Re: [W3af-develop] Profile maxThreads
Floyd,
On Mon, Dec 28, 2009 at 11:34 AM, Floyd Fuh <floyd_...@yahoo.de> wrote:
> Hi everybody
>
> I spent the hole day to find out, why the webSpider stopped working (for
> me).
> The webSpider just stuck after a few seconds. I have an Ubuntu Karmic
> machine and I
> always had to "Force Quit" it.
>
> What didn't work:
> 1. Delete w3af completely and ".w3af" folder in home directory
> 2. svn checkout newest version
> 3. start w3af_gui
> 4. In empty_profile enable webSpider
> 5. Type in an URL
> 6. Start
> 7. --> webSpider stuck and I had to "Force Quit" it
>
> What did work:
> 1. Delete w3af completely and ".w3af" folder in home directory
> 2. svn checkout (for example) revision 3200 (svn co -r 3200)
> 3. start w3af_gui
> 4. In empty_profile enable webSpider
> 5. Type in an URL
> 6. Start (everything works correctly)
> 7. Close w3af_gui
> 8. svn update (to newest revision)
> 9. start w3af_gui
> 10. In empty_profile enable webSpider
> 11. Type in an URL
> 12. Start
>
> In all profiles inside the ".w3af" folder in the home directory
> "maxThreads = 0" was changed to "maxThreads = 15".
> However, that won't work at least for my Ubuntu machine.
>
> I had to change all profiles to "maxThreads = 0"
>
> Any ideas why "maxThreads = 15" doesn't work?
Damn... I don't know why this could be a problem. I just read the
webSpider plugin source code again, and failed to find anything. The
issue that you experience is that the framework simply locks, right?
No HTTP requests are sent, and the GUI is still usable?
Cheers,
> best wishes
> floyd
>
> __________________________________________________
> Do You Yahoo!?
> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
> gegen Massenmails.
> http://mail.yahoo.com
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen
Massenmails.
http://mail.yahoo.com ------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
