+w3af-develop@

Hi, Dobin!
 
> >>> reqResViewer.patch: The actual split view implementation
> > About slit view. Could you please make some screenshots with your view?
> > I plan to add split (req/res) view as option.
> >>> craftedRequest.patch: remove unecessary additional button bar
> > Screenshots? I has made some improvements in my branch.
> 
> http://img812.imageshack.us/f/reqk.png/
It's ok, we already have some code for this (furthermore we have already 
discussed it in the list) 
and I plan a option for this purpose.
 
> >>> Fourth, i did some more digging into the w3af codebase, and what i've
> >>> seen wasnt pretty.
> > Could you please give some arguments?
> 
> Sure. All the UI code is in one directory. Multiple classes with
> meaningless names are in one file. 
I don't think that all our classes have meaningless names. 
By the way we begin to use code conventions and so on [0]
But I agree that we need to do a lot of work to make w3af better in core too.
So as open source project we are searching for new contributors ;)

> UI not based on MVC principle.
We have some separation in our code. GTK UI for V, core classes for C and e.g. 
history class for M.

> Imho there should be a directory for each "window", with helper classes
> in its own file in the same directory. 
Could you please describe more your idea?

> queryParams = getQueryString(self._obj.getURI())
> where it should be, if one is using OO programming:
> queryParams = self.httpObject.request.getGetParams()
Agree.

> For adding another tab with POST params, i needed to move around a lot
> of code because the authors didnt use encapsulation. 
I don't totally agree with it. But we can make some common class for "table 
things"
like headers, cookies, post params. Do you talk about such stuff?

> And thats just what i have seen the few hours i played with that thing,
> and i dont even know python :)
Python is nice readable language so to understand code you don't really need to 
know Python.

> I didnt had a look at the proxy feature of w3af, because i use webscarab
> for this sort of things. But first thing i see while trying it out are
> bugs, caused by my patches. It seems like proxywin.py is calling some UI
> code in reqResViewer.py, like "nb.next_page()", which of course does not
> exist anymore. /* no comment */
I can't find such code in this file in trunk and my branches, 
could you please give more information and we will fix it?

> Anyway, feedback for the w3af proxy ui. It's clean and tidy, i like it :)
> The gtksourceview2 thingy is a good feature, i like it too. BUT, it's
> still not a good solution. When attacking a web application, i dont want
> to scroll each request i've made through the whole header, changing
> chars in the middle of it. Imho, an attacker want to change:
> - header
> - get params
> - post params
> - cookies
Dobin, as I already has wrote in previous letter we want to make it for the 
first more stable and fast.
When I talk about stable and fast I mean we at least need to normally "scan" 
such web app like Gmail.
It is real problem. When we will have stable core we of course will can add 
more features.
I will be glad if you taste in some periods proxy in my brunch and w3af in 
common.

Anyway thanks for response! :)

[0] https://sourceforge.net/apps/trac/w3af/wiki/code-convention

-- 
Taras
http://oxdef.info

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to