Hi, all!
Recent days I thought about usage of w3af in enterprise level.
What things do I need for the current moment and think that it can be
good base for the future:
1. web based UI to schedule scans and profile management with
multiuser support
2. support for custom URL formats of web applications (at least URL
rewrite)
3. more convenient login sequences feature
4. convenient way to test AJAX heavy usage applications (e.g.
GMail)
My technical suggestions:
1. very simple web UI with LDAP support and notifications. We can
use Django for it
2. we can implement support for URL patterns like
'/app/controller/action/%d' so w3af will understand which part
of URL can be fuzzed and understand that such URL in modern web
world is not file system path.
3. we can add login files (auth requests + special URL/pattern to
check session) and we can generate such sequences with our MITM
proxy tool. IMHO, it is most clear task from my list.
4. we can integrate into web UI proxy management (tester use this
proxy to navigate through testing app so w3af will collect all
requests for this app) and make special output plugin which will
store in file all requests. Then we can use this file with
already existing importResults plugin plus auth seq to test even
such web applications like GMail automatically.
These are my common points to discuss :)
P.S. I has made separate branch for experiments.
On Tue, 2011-03-22 at 14:47 -0300, Andres Riancho wrote:
> I think that before even starting a massive project like this one, we
> should have a discussion in w3af-develop about technology, objectives,
> etc. Would you mind starting the discussion?
>
> On Mon, Mar 21, 2011 at 1:45 PM, <[email protected]> wrote:
> > Revision: 4087
> > http://w3af.svn.sourceforge.net/w3af/?rev=4087&view=rev
> > Author: oxdef
> > Date: 2011-03-21 16:45:13 +0000 (Mon, 21 Mar 2011)
> >
> > Log Message:
> > -----------
> > Lets think about web UI for w3af
> >
> > Added Paths:
> > -----------
> > branches/webui/
--
Taras
http://oxdef.info
----
"Software is like sex: it's better when it's free." - Linus Torvalds
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
