Re: [W3af-develop] web service api scans ( post method)

Mon, 27 Jul 2015 04:56:35 -0700 

On Mon, Jul 27, 2015 at 5:38 AM, 冠庭 羅 <btiffe...@yahoo.com.tw> wrote:
> Hi,
> I have tried it a day, if I write like this
> ---
> @POST
> @SuppressWarnings("unchecked")
> @Path("/ScanTarget")
> @Consumes(MediaType.APPLICATION_JSON)
> @Produces(MediaType.APPLICATION_JSON)
>
> public int ScanIt() throws IOException {
>     JSONObject jsonObject = new JSONObject();
>     jsonObject.put("scan_profile", "/home/tiff/w3af/profiles");
>
>     JSONArray jsonArray = new JSONArray();
>     jsonArray.add("http://testaspnet.vulnweb.com/";);
>
>     jsonObject.put("target_url", jsonArray);
>
>     System.out.println("output:" + jsonObject.toJSONString());
>
>     connect.set_response(
>     connect.get_service().
>     request().
>     header("Content-Type", "application/json").
>     post(Entity.json(jsonObject.toJSONString())));
>
>     return connect.get_status();
> }
> ---
> And system log is show like this:
>
> {"scan_profile":"\/home\/tiff\/w3af\/profiles","target_url":["http:\/\/testaspnet.vulnweb.com\/"]}
>
> I think that is quite match with
>
> data = {'scan_profile': file('/path/to/profile.pw3af').read(),
>         'target_urls': ['http://127.0.0.1:8000/audit/sql_injection/']}
>
> Need to put " file(' ... ').read() " into JSONObject?
> I think that is weird and of course I did it, but failure.
> I always get Http status 500...
>
> I don't really understand what happened and don't know how to do only by
> reading "starting a scan" information.
> Sorry about that I'm not good at this.
> Could you give me more details or suggestion about how to start it up?

You need to send the CONTENTS of the profile file, not the filename.

So, instead of "\/home\/tiff\/w3af\/profiles"  (which would be
incorrect anyways) send the result of reading the file
"/home/tiff/w3af/profiles/some_profile.pw3af"

> Thanks a lot.
>
> Tiff
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to