Andres, sorry for delay. Great job! How can we do QA here? Simply run w3af as usual and wait for some exceptions?
By the way: > w3af is officially supported under Python 2.6 for a long time I use w3af with Python 2.7 and there is no problems with it. May be we could increase supported version of Python to 2.7? On 06/07/2012 04:03 PM, Andres Riancho wrote: > List, > > Just wanted to show you the progress I'm making with the new error > handling method in w3af :) Please see the following console UI dump > and note that before w3af simply crashed on the first "An exception > was found while..." , now we /gracefully handle those exceptions/ and > continue. Let me know what you think! Code can be downloaded from the > error_handling branch. > > andres@foobar:~/workspace/error_handling$ ./w3af_console -s > scripts/script-web_spider.w3af > w3af is officially supported under Python 2.6 > w3af>>> plugins > w3af/plugins>>> output console,textFile > w3af/plugins>>> output config textFile > w3af/plugins/output/config:textFile>>> set fileName output-w3af.txt > w3af/plugins/output/config:textFile>>> set verbose True > w3af/plugins/output/config:textFile>>> back > w3af/plugins>>> output config console > w3af/plugins/output/config:console>>> set verbose False > w3af/plugins/output/config:console>>> back > w3af/plugins>>> discovery webSpider > w3af/plugins>>> discovery config webSpider > w3af/plugins/discovery/config:webSpider>>> set onlyForward True > w3af/plugins/discovery/config:webSpider>>> back > w3af/plugins>>> back > w3af>>> target > w3af/config:target>>> set target > http://moth/w3af/discovery/web_spider/follow_links/1.html > w3af/config:target>>> back > w3af>>> start > Auto-enabling plugin: grep.httpAuthDetect > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/ > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/2.html > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/a b.html > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/a.gif > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/d f/index.html > An exception was found while running discovery.webSpider on > "http://domain/w3af/discovery/web_spider/follow_links/a b.html | > Method: GET". The exception was: "Test" at webSpider.py:420. The scan > will continue but some vulnerabilities might not be identified. > An exception was found while running discovery.webSpider on > "http://domain/w3af/discovery/web_spider/follow_links/a.gif | Method: > GET". The exception was: "Test" at webSpider.py:420. The scan will > continue but some vulnerabilities might not be identified. > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/3.html > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/4.html > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/d f/ > New URL found by webSpider plugin: > http://moth/w3af/discovery/web_spider/follow_links/1.html > An exception was found while running discovery.webSpider on > "http://domain/path/foo | Method: GET". The exception was: "Test" at > webSpider.py:420. The scan will continue but some vulnerabilities > might not be identified. > The following is a list of broken links that were found by the webSpider > plugin: > - http://moth/w3af/discovery/web_spider/follow_links/11.html [ > referenced from: > http://moth/w3af/discovery/web_spider/follow_links/3.html ] > - http://moth/w3af/discovery/web_spider/follow_links/7.html [ > referenced from: > http://moth/w3af/discovery/web_spider/follow_links/4.html ] > - http://moth/w3af/discovery/web_spider/follow_links/9.html [ > referenced from: > http://moth/w3af/discovery/web_spider/follow_links/4.html ] > Found 9 URLs and 9 different points of injection. > The list of URLs is: > - http://moth/w3af/discovery/web_spider/follow_links/ > - http://moth/w3af/discovery/web_spider/follow_links/a b.html > - http://moth/w3af/discovery/web_spider/follow_links/d f/index.html > - http://moth/w3af/discovery/web_spider/follow_links/1.html > - http://moth/w3af/discovery/web_spider/follow_links/2.html > - http://moth/w3af/discovery/web_spider/follow_links/a.gif > - http://moth/w3af/discovery/web_spider/follow_links/4.html > - http://moth/w3af/discovery/web_spider/follow_links/3.html > - http://moth/w3af/discovery/web_spider/follow_links/d f/ > The list of fuzzable requests is: > - http://moth/w3af/discovery/web_spider/follow_links/ | Method: GET > - http://moth/w3af/discovery/web_spider/follow_links/1.html | Method: GET > - http://moth/w3af/discovery/web_spider/follow_links/2.html | Method: GET > - http://moth/w3af/discovery/web_spider/follow_links/3.html | Method: GET > - http://moth/w3af/discovery/web_spider/follow_links/4.html | Method: GET > - http://moth/w3af/discovery/web_spider/follow_links/a b.html | Method: GET > - http://moth/w3af/discovery/web_spider/follow_links/a.gif | Method: GET > - http://moth/w3af/discovery/web_spider/follow_links/d f/ | Method: GET > - http://moth/w3af/discovery/web_spider/follow_links/d f/index.html | > Method: GET > Scan finished in 0 seconds. > w3af>>> bug-report > w3af/bug-report>>> summary > During the current scan (with id: 3b83b2d3fb) w3af caught 3 exceptions > in it's plugins. The scan was able to continue by ignoring those > failures but the scan result is most likely incomplete. > > These are the phases and plugins that raised exceptions: > - discovery.webSpider > - discovery.webSpider > - discovery.webSpider > > We recommend you report these vulnerabilities to the developers in > order to help increase the project's stability. > w3af/bug-report>>> list > |---------------------------------------------------------------------------------------------------------------------------------------------------------------------| > | ID | Phase | > Plugin | Exception > | > |---------------------------------------------------------------------------------------------------------------------------------------------------------------------| > | 0 | discovery | > webSpider | Test > | > | 1 | discovery | > webSpider | Test > | > | 2 | discovery | > webSpider | Test > | > |---------------------------------------------------------------------------------------------------------------------------------------------------------------------| > w3af/bug-report>>> details 0 > An exception was found while running discovery.webSpider on > "http://domain/w3af/discovery/web_spider/follow_links/a b.html | > Method: GET". The exception was: "Test" at webSpider.py:420.The full > traceback is: > File > "/home/user/workspace/error_handling/core/controllers/coreHelpers/strategy.py", > line 420, in _discover_worker > plugin_result = plugin.discover_wrapper(fr) > File > "/home/user/workspace/error_handling/core/controllers/basePlugin/baseDiscoveryPlugin.py", > line 48, in discover_wrapper > return self.discover( fuzzable_request_copy ) > File "/home/user/workspace/error_handling/plugins/discovery/webSpider.py", > line 84, in discover > raise Exception('Test') > > w3af/bug-report>>> report > [1/3] Bug with id 0 reported at > http://sourceforge.net/apps/trac/w3af/ticket/172301 > [2/3] Bug with id 1 reported at > http://sourceforge.net/apps/trac/w3af/ticket/172302 > [3/3] Bug with id 2 reported at > http://sourceforge.net/apps/trac/w3af/ticket/172303 > w3af/bug-report>>> > > > Regards, -- Taras http://oxdef.info ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
