Guys,
On Fri, Jan 29, 2010 at 8:59 AM, Andres Riancho
<andres.rian...@gmail.com> wrote:
> Adi, Taras,
>
> On Fri, Jan 29, 2010 at 7:54 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>> Hello,
>>
>> Taras, thanks for citing me, i feel proud:)
>> Now back to serious business. When I wrote that email about mod_rewrite and
>> variations I was thinking at Acunetix also, because that is where I got the
>> idea from (and the term 'variation').
>>
>> Now, I personally think that Andres is a little exagerating here, saying
>> that
>> id=1.....100 could be of a certain type and id=1 would be of a different
>> type, like command execution.
>> I think this is very, very little probability for that, but i can understand
>> him, trying to make w3af perfectly.
>>
>> If however he would like to cover such a case, I would do something like
>> this. A manual discovery of the application by the pentester(yes, manually
>> browsing of the website i mean) and if the pentestes notices something
>> intersting, he could somehow change the behaviour of w3af, telling it what
>> liks to follow and what not to follow........Yes, I know you're going to say
>> that how can he follow 100 links....?.....But it's still a probability that
>> something will catch his eye......
>> Anyway in the 'default' way I would do it like Acunetix and probably add
>> some adjustments like the one above......
>
> Ok, you guys convinced me. We're going to do it like acunetix, using
> the "variations" way. I added this to my personal TODO list, but its
> going to take some time, since I'm starting my vacations tomorrow at
> 18hs. I'll be in vacations until Monday 8.
I finished adding "variations" support for w3af a couple of days
ago. For now, its only integrated into the web spider, but I would
like to add it into the w3afCore. I'll do that some other day (it will
be easier after I make some other changes to the core that need to be
performed).
Cheers,
> Cheers,
>
>>
>> Thanks,
>>
>>
>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
