Taras, On Thu, Feb 25, 2010 at 4:12 PM, Taras <naplan...@gmail.com> wrote: > Hi, all! > >> I finished adding "variations" support for w3af a couple of days >> ago. For now, its only integrated into the web spider, but I would >> like to add it into the w3afCore. I'll do that some other day (it will >> be easier after I make some other changes to the core that need to be >> performed). > I have tested new behaviour of webSpider. On page /news.php there are 10 > links to article.php with different news ids. > > W3AF result looks good!
:) > Found 3 URLs and 7 different points of injection. > The list of URLs is: > - http://localhost/ > - http://localhost/article.php > - http://localhost/news.php > The list of fuzzable requests is: > - http://localhost/ | Method: GET > - http://localhost/article.php | Method: GET | Parameters: (id="0") > - http://localhost/article.php | Method: GET | Parameters: (id="1") > - http://localhost/article.php | Method: GET | Parameters: (id="2") > - http://localhost/article.php | Method: GET | Parameters: (id="8") > - http://localhost/article.php | Method: GET | Parameters: (id="9") > - http://localhost/news.php | Method: GET > Finished scanning process. Nice, thats exactly the way we want that to work. > So we suggest webSpider will return original reference + MAX_VARIANTS > fuzzable requests? Yes, > I agree that such option should be moved to the core. Yes, I think I'll do that this week, > -- > Taras > -- > "Software is like sex: it's better when it's free.", - Linus Torvalds. > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
