Re: [W3af-users] html output file incomplete

Adi Mutu Tue, 13 Mar 2012 10:49:17 -0700


Yeah, imagined.......thanks Andres.
I will tell also to the owtf author about this, perhaps he will want to change 
the defaults.



________________________________
 From: Andres Riancho <andres.rian...@gmail.com>
To: Adi Mutu <adi_mut...@yahoo.com> 
Cc: "w3af-users@lists.sourceforge.net" <w3af-users@lists.sourceforge.net> 
Sent: Tuesday, March 13, 2012 5:25 PM
Subject: Re: [W3af-users] html output file incomplete
 
Adi,

    In a form with ~10 inputs where some of those are <select> the
following setting: "set fuzzFormComboValues all" might make w3af run
for LOTS of time.

On Tue, Mar 13, 2012 at 5:26 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>
> Hi Andres,
>
> As i suspected by default the textFile output plugin is verbose, so it looks
> like it logs full reuquests.
> In addition i've also found that w3af was ran with:
>
> misc-settings
> set fuzzFileName True
> set fuzzCookie True
> set fuzzFormComboValues all
> set maxDiscoveryTime 240
>
> The framework was ran from inside owtf , so i guess pretty much explains the
> results, right?
>
> Regards,
> A.
>
> ________________________________
> From: Adi Mutu <adi_mut...@yahoo.com>
> To: Andres Riancho <andres.rian...@gmail.com>
> Cc: "w3af-users@lists.sourceforge.net" <w3af-users@lists.sourceforge.net>
> Sent: Monday, March 12, 2012 8:59 PM
>
> Subject: Re: [W3af-users] html output file incomplete
>
>
> Andres,
>
> Thanks for the help, but didn't had any time to work on this lately.
> When i'll find some free time , i'll retry  and if the problem will persist
> i'll get back to you.
>
> Regards,
> A.
>
> ________________________________
> From: Andres Riancho <andres.rian...@gmail.com>
> To: Adi Mutu <adi_mut...@yahoo.com>
> Cc: "w3af-users@lists.sourceforge.net" <w3af-users@lists.sourceforge.net>
> Sent: Monday, March 12, 2012 8:16 PM
> Subject: Re: [W3af-users] html output file incomplete
>
> Adi,
>
> If you're still having problems with this scan, please send me the
> scan log in private and I'll take a look. It bugs me to see that the
> scan is taking so much time and there are no obvious problems with the
> config.
>
> Regards,
>
> On Tue, Mar 6, 2012 at 5:12 PM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>>
>> So the discovery plugins i used were:
>>
>>
>> sharedHosting,allowedMethods,digitSum,content_negotiation,robotsReader,serverStatus,importResults
>>
>> From these plugins, i suspect only content_negotation could cause such a
>> large output file....?
>> The importResults includes a file of 1200 lines/requests.
>>
>> Anyway, i will have to redo the scan. I'll also redo the crawling and
>> after
>> importing the result i will also use the auth plugin, because i've missed
>> that fist time!
>>
>> ________________________________
>> From: Adi Mutu <adi_mut...@yahoo.com>
>> To: Andres Riancho <andres.rian...@gmail.com>
>> Cc: "w3af-users@lists.sourceforge.net" <w3af-users@lists.sourceforge.net>
>> Sent: Monday, March 5, 2012 6:39 PM
>>
>> Subject: Re: [W3af-users] html output file incomplete
>>
>> Andres,
>>
>> The site was crawled manually with Spiderman, exported and then imported
>> and
>> scanned.
>> I'm not sure if i have enabled other discovery plugins, but i'll check
>> later.
>>
>> Thanks,
>> A.
>>
>> ________________________________
>> From: Andres Riancho <andres.rian...@gmail.com>
>> To: Adi Mutu <adi_mut...@yahoo.com>
>> Cc: "w3af-users@lists.sourceforge.net" <w3af-users@lists.sourceforge.net>
>> Sent: Monday, March 5, 2012 6:25 PM
>> Subject: Re: [W3af-users] html output file incomplete
>>
>> Adi,
>>
>> On Sun, Mar 4, 2012 at 6:18 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>>>
>>>
>>> Hello,
>>>
>>> The html output file is incomplete. After <body> is empty. Do you think
>>> it's
>>> because i've deleted the .txt output because it was getting to large?
>>> over
>>> 1.5 Gb?
>>
>> No,
>>
>>> Now i'm thinking that probably the file was used and parse to generate
>>> the
>>> html file.....
>>
>> No it is NOT used for that.
>>
>> An output.txt file of 1.5GB shows that there is something wrong with
>> your scan, you're either scanning a massive site, hitted a w3af bug,
>> or have an incorrect configuration for the target domain. Try enabling
>> discovery.webSpider only, I bet you're using discovery.*
>>
>> Regards,
>>
>>> Cheers,
>>> A.
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Virtualization & Cloud Management Using Capacity Planning
>>> Cloud computing makes use of virtualization - but cloud computing
>>> also focuses on allowing computing to be delivered as a service.
>>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>>> _______________________________________________
>>> W3af-users mailing list
>>> W3af-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>>>
>>
>>
>>
>> --
>> Andrés Riancho
>> Director of Web Security at Rapid7 LLC
>> Founder at Bonsai Information Security
>> Project Leader at w3af
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Try before you buy = See our experts in action!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-dev2
>>
>> _______________________________________________
>> W3af-users mailing list
>> W3af-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>>
>>
>
>
>
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>



-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Re: [W3af-users] html output file incomplete

Reply via email to