Pootzko, On Wed, Oct 6, 2010 at 7:05 AM, pootzko <poot...@gmail.com> wrote: > hi, > > last one was yesterday =) > i'll get onto the problem, and try to make this http module. if I get stuck, > i'll ask.. > and probably seek you out on irc =)
Sure! Feel free to contact me over IRC. I'm pretty active there right now. Regards, > > > On Mon, Oct 4, 2010 at 5:47 PM, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> Pootzko, >> >> On Sun, Sep 12, 2010 at 11:15 PM, Andres Riancho >> <andres.rian...@gmail.com> wrote: >> > Pootzko, >> > >> > Welcome! Please read inline, >> > >> > On Wed, Sep 8, 2010 at 8:40 AM, pootzko <poot...@gmail.com> wrote: >> >> hey guys, >> >> >> >> sorry for not replying sooner, gmail put this into spam... and I check >> >> it >> >> every 1-2 weeks to make sure nothing important went into spam. I would >> >> be >> >> happy to try and make this module, but right now I'm in the middle of >> >> college exams so until I finish them off I don't want to even start >> >> doing >> >> anything because it will become so interesting to do that I'll >> >> eventualy >> >> stop studying for exams :D >> > >> > Stay in school :P >> > >> >> so if nobody does this int 3-4 weeks max, I'll do it then. if it's done >> >> by >> >> then, I'll just have to find some other taks =) >> > >> > I'll send you a reminder about this task in 3 weeks. >> >> How were your exams? Do you have time to help with this task? How >> can we help you become a successful w3af contributor? >> >> Thanks! >> >> >> thank you, and talk to you soon >> >> >> >> On Fri, Sep 3, 2010 at 8:59 AM, Aung Khant <aungkh...@yehg.net> wrote: >> >>> >> >>> Glad to hear that, pootzko. >> >>> >> >>> >> >>> 1. First learn existing modules and how they write. >> >>> 2. Tweak it to your wish, Play with it so that you can better >> >>> understand >> >>> about how they work >> >>> 3. After getting familiar with it, create a very simple module, test >> >>> it, >> >>> play with it >> >>> >> >>> Ok, for quick assignment, I wish you to write a simple module that >> >>> does >> >>> the HTTP Parameter Polution ( It seems that it was not >> >>> written/committed to >> >>> svn before - Check about this : >> >>> >> >>> http://www.mail-archive.com/w3af-develop@lists.sourceforge.net/msg00911.html >> >>> , Andres Riancho thought it is not usable for most cases). Whether >> >>> it's >> >>> worth or not, try it. >> >>> >> >>> >> >>> The Pseucode is as follows: >> >>> >> >>> >> >>> Take a URL with parameters (eg. http://site.com/test.php?a=1&b=2&c=3) >> >>> >> >>> For each parameter >> >>> >> >>> 1. Take note of original request response >> >>> (http://site.com/test.php?a=1&b=2&c=3) >> >>> >> >>> 2. Take note of request responses for these HPP urls: >> >>> http://site.com/test.php?a=1&b=2&a=yyyy&c=3 >> >>> http://site.com/test.php?a=1&b=2&c=3&a=zzz >> >>> >> >>> 3. Detect using the following criteria: >> >>> >> >>> a) Compare the length of these responses >> >>> Differences in length may indicate HPP >> >>> vulnerable. >> >>> >> >>> b) Are these Polluted parameters concatenated >> >>> together in >> >>> Response Body? >> >>> [ Risk: Possible bypass of web application >> >>> firewalls] >> >>> [ like: >> >>> a=id+UNION+SELECT&b=2&a=%201,2,3,@@version--&c=3 ] >> >>> >> >>> >> >>> >> >>> >> >>> End For >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> On Fri, Sep 3, 2010 at 4:48 AM, Taras <ox...@oxdef.info> wrote: >> >>>> >> >>>> -------- Forwarded Message -------- >> >>>> From: pootzko <poot...@gmail.com> >> >>>> Reply-to: poot...@gmail.com >> >>>> To: Taras <ox...@oxdef.info> >> >>>> Subject: Re: [W3af-develop] Searching for new contributors? >> >>>> Date: Sun, 25 Jul 2010 14:37:50 +0200 >> >>>> >> >>>> Hi everyone! >> >>>> >> >>>> I just wanted to write an email here on the list about wanting to >> >>>> contribute to w3af =) >> >>>> Started playing with it 2 weeks ago, and also started learning python >> >>>> not so long ago so I was thinking to ask you guys to give me some >> >>>> simple >> >>>> task for start (saw your "Why are you doing this: "I want to learn >> >>>> Python"" in w3af FAQ hehe). Later I could move on to some more >> >>>> complex >> >>>> stuff as I find my way around python and w3af more. >> >>>> >> >>>> Currently I'm a computer science student (from this autumn I'll be at >> >>>> my >> >>>> fifth, final year) and I come mostly from c/c++ and php background. >> >>>> I've >> >>>> of course used some other languages during my studies and playing >> >>>> around >> >>>> but not so extensively. I'm just saying this to say that I don't >> >>>> consider myself some kind of a developer (yet) but I'm eager to >> >>>> learn. >> >>>> One other reason I decided to ask to contribute to this project is >> >>>> because I would like to profile myself in computer security... So I >> >>>> consider this a good starting point. =) >> >>>> >> >>>> What do you propose? >> >>>> >> >>>> thanks =) >> >>>> >> >>>> On Sat, Jul 24, 2010 at 4:43 PM, Taras <ox...@oxdef.info> wrote: >> >>>> Hi, all! >> >>>> >> >>>> >> >>>> What do you think about searching for new contributors for >> >>>> w3af? >> >>>> It looks like we need more people :) >> >>>> >> >>>> What I suggest: >> >>>> - write letters to popular mail lists >> >>>> - write messages to popular forums and boards >> >>>> >> >>>> >> >>>> -- >> >>>> Taras >> >>>> http://oxdef.info >> >>>> ---- >> >>>> "Software is like sex: it's better when it's free." - Linus >> >>>> Torvalds >> >>>> >> >>>> >> >>>> >> >>>> ------------------------------------------------------------------------------ >> >>>> This SF.net email is sponsored by Sprint >> >>>> What will you do first with EVO, the first 4G phone? >> >>>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >> >>>> _______________________________________________ >> >>>> W3af-develop mailing list >> >>>> w3af-deve...@lists.sourceforge.net >> >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >>>> >> >>>> >> >>>> >> >>>> -- >> >>>> Kit Tihomir >> >>>> http://www.cmikavac.net/ >> >>>> >> >>>> -- >> >>>> Taras >> >>>> http://oxdef.info >> >>>> ---- >> >>>> "Software is like sex: it's better when it's free." - Linus Torvalds >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> ------------------------------------------------------------------------------ >> >>>> This SF.net Dev2Dev email is sponsored by: >> >>>> >> >>>> Show off your parallel programming skills. >> >>>> Enter the Intel(R) Threading Challenge 2010. >> >>>> http://p.sf.net/sfu/intel-thread-sfd >> >>>> _______________________________________________ >> >>>> W3af-develop mailing list >> >>>> W3af-develop@lists.sourceforge.net >> >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >>> >> >> >> >> >> >> >> >> -- >> >> Kit Tihomir >> >> http://www.cmikavac.net/ >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> This SF.net Dev2Dev email is sponsored by: >> >> >> >> Show off your parallel programming skills. >> >> Enter the Intel(R) Threading Challenge 2010. >> >> http://p.sf.net/sfu/intel-thread-sfd >> >> _______________________________________________ >> >> W3af-develop mailing list >> >> W3af-develop@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> >> >> >> > >> > >> > >> > -- >> > Andrés Riancho >> > Founder, Bonsai - Information Security >> > http://www.bonsai-sec.com/ >> > http://w3af.sf.net/ >> > >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ > > > > -- > Kit Tihomir > http://www.cmikavac.net/ > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
