Taras, On Tue, Jul 3, 2012 at 9:13 AM, Taras <ox...@oxdef.info> wrote: > Andres, some more comments ... > > >> Will review and send comments when you tell me "Please review" > > I need 2 or 3 days to fully work PoC w3af + PhantomJS. > > >>>> * For each state in which the automated browser is in, be able to >>>> return a list with all the custom events available (ie. if there is >>>> a tag with<div onmouseover="..." this should return something like >>>> [(<div object at 0x...>, 'onmouseover')] ) >>> >>> >>> I'm not sure about it. Such thing even difficult with FireBug as I know. >> >> >> If we don't have that, how can we know which events to trigger? > > I can suggest existing of the event for the object like a regular user. > In same time if such list can be grabbed with JS then we have such > possibility. >
With the same idea, this is very wrong: """ In an automatic mode, the crawler examines all elements of the type A, DIV, INPUT, and IMG since these elements are often used to attach event listeners. If the user wishes to define their own criteria for selection, this list can be extended or adapted. The candidate clickables can be labeled as such based on their HTML tag element name and attribute constraints. For instance, all elements with a tag SPAN having an attribute class=“menuitem” can be set to be considered as candidate clickable. For each detected candidate element on the DOM tree, the crawler fires an event on the element in the browser to analyze the effect. A candidate clickable becomes an actual clickable if the event fired on the element causes a DOM change in the browser """ Quoting [0] because they are assuming that no other tag might have an event listener. The real solution is to have a good browser engine emulator that will return a list of all event listeners [0] http://www.ece.ubc.ca/~amesbah/docs/tse11.pdf >>>> * Send an event, for example (<div object at 0x...>, 'onmouseover'), >>>> to the current DOM >>> >>> >>> Yes, it can >> >> >> How do you know which events to send to which tag? > > For same cases we can determine it with object properties or with help of > JQuery. > > >>>> * We need to be able to store events like (<div object at 0x...>, >>>> 'onmouseover') in order to store a path and replay it if wanted >>> >>> >>> Currently I store not events paths but CSS selectors of interesting >>> objects like links and images. But it's discussable. >> >> >> Hmm... what if there is an onmouseover="..." in a div tag? How are we >> going to trigger that JS code? > > Of course it is not ideal solution but do you know one that can do it? > > >> Sure, we always need to take a first step, and usually it's not the >> best thing we can do; but it is better than not taking it :) The only >> point we need to take into account is that maybe we could work a lot >> phantomjs and then in 6 months have to throw it away because it >> doesn't provide us with the basic features we need > > I don't thing that we will need 6 months to throw away phantomjs. > Furthermore I don't sure that we will find better solution (I will also see > on alternative solutions like Spynner). Basic idea will be the same: w3af > proxy + in-built browser. > > -- > Taras > http://oxdef.info > GPG: C8D1F510 -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
