Hi
I have been getting to grips with W3af for the last month and a great
opportunity came about when a client I am currently working for asked me to
test there web application.
The client has their site on a shared (VPS) server and wanted to know if any
credit card number could be gleaned from the site. I setup W3af on a hard
drive install VMware image of Samurai (updated W3af via svn) and ran a high
risk scan.
The first problem I ran into was after an hour (or there about) the gui
interface would blank out and the process was running at around 90%, I let
the scan finish which it did but could not recover the gui interface from
its blank screen.
A quick side line here I saved my data to a txt output and an html output,
the html output did not record any data and was just blank, is this the norm
at the moment.
The good news was that before the GUI failed I was able to recover 15 credit
card numbers. I ran the scan again but with only the credit card number
plugin and recovered 85 credit card numbers.
Now my main question is how I manually verify the data I have collected is
indeed from my client’s server. There is not a great deal of information on
the plugin and I would like to understand the process a little better for my
report for my client.
Thanks in advance for any help
James
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
