forked from codders/w3af-python3
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdvwa.w3af
More file actions
58 lines (50 loc) · 1.12 KB
/
dvwa.w3af
File metadata and controls
58 lines (50 loc) · 1.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Testing delay and timeout handling for w3af using tc and DVWA in a docker
# container. First we add the fake delay:
#
# sudo tc qdisc add dev lo root netem delay 320ms
#
# Then we download and start the container:
#
# docker pull infoslack/dvwa
# docker run -d -p 80:80 infoslack/dvwa
#
# Test the delay using curl, this should show the delay:
#
# time curl localhost
#
# Use a browser to login to DVWA and capture the cookies. Save the cookies in a file
# called `dvwa-headers.txt` in the current directory. The file should look like `Cookie: ...`
# Now run w3af against the target using this script.
#
# ./w3af_console -s scripts/dvwa.w3af
#
# Remove the fake delay:
#
# sudo tc qdisc del dev lo root netem
#
plugins
output console,text_file
output config text_file
set output_file output-w3af.txt
set http_output_file output-http.txt
set verbose True
back
output config console
set verbose False
back
audit xss
crawl web_spider
crawl config web_spider
set only_forward True
set ignore_regex .*logout.*
back
# from plugin config
back
http-settings
set headers_file dvwa-headers.txt
back
target
set target http://localhost/
back
start
exit