Hi, all! > I finished adding "variations" support for w3af a couple of days > ago. For now, its only integrated into the web spider, but I would > like to add it into the w3afCore. I'll do that some other day (it will > be easier after I make some other changes to the core that need to be > performed). I have tested new behaviour of webSpider. On page /news.php there are 10 links to article.php with different news ids.
W3AF result looks good! Found 3 URLs and 7 different points of injection. The list of URLs is: - http://localhost/ - http://localhost/article.php - http://localhost/news.php The list of fuzzable requests is: - http://localhost/ | Method: GET - http://localhost/article.php | Method: GET | Parameters: (id="0") - http://localhost/article.php | Method: GET | Parameters: (id="1") - http://localhost/article.php | Method: GET | Parameters: (id="2") - http://localhost/article.php | Method: GET | Parameters: (id="8") - http://localhost/article.php | Method: GET | Parameters: (id="9") - http://localhost/news.php | Method: GET Finished scanning process. So we suggest webSpider will return original reference + MAX_VARIANTS fuzzable requests? I agree that such option should be moved to the core. -- Taras -- "Software is like sex: it's better when it's free.", - Linus Torvalds.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
