LinuxQuestions.org - Updating w3af to version 1.6.49 in SBo, need testers

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - Updating w3af to version 1.6.49 in SBo, need testers (https://www.linuxquestions.org/questions/slackware-14/updating-w3af-to-version-1-6-49-in-sbo-need-testers-4175559165/)

Updating w3af to version 1.6.49 in SBo, need testers

I would be very pleased if a few members of the community could help test w3af 1.6.49.

I plan to assume maintenance of w3af once it has been thoroughly tested. It's a big version bump from 1.0 to 1.6.49. I believe I already created SlackBuilds for all the missing dependencies. I've tested that w3af builds with the listed dependencies in w3af.info using slackrepo. If a dependency is missing, please post here and tell me about it.

I have not yet tried to install w3af. All my testing so far has been with slackrepo. Basically I have only tested to see if everything builds on a stock Slackware64 14.1 virtual machine.

Tomorrow I will generate a package repository, provision a new testing installation of Slackware 14.1 and install everything to begin testing the actual application.

Here is the GitHub repository I am using to track my progress: w3af-sbo

I created a ticket that lists dependencies required by w3af. I attached a slackrepo configuration file that works with this GitHub repository. It can be found here: https://github.com/BrentonEarl/w3af-sbo/issues/1

Any suggestions are welcome! :)

P.S. Many of the dependencies have not yet been around long enough to make it into official SBo and it's best to download them from my GitHub repository. Everything should be in SBo this weekend for the update.

Small update.

Looks like I will need to hold off on testing. I was missing the dependency mitmproxy. Cannot create mitmproxy just yet because of some difficulties with dependencies.

See: https://github.com/BrentonEarl/es1-s...stuff/issues/5
and: https://github.com/BrentonEarl/es1-s...stuff/issues/6

I did some preliminary testing for my mitmproxy SlackBuild. All dependencies are uploaded to SBo except for urwid. mitmproxy and urwid are pending upload. If anyone is interested to help test mitmproxy here are the relevant SlackBuilds.

python/urwid
python/mitmproxy EDIT: Be sure to read the README about utf-8

You can install the dependencies (except urwid, which is manual installation) like so:

Code:

sbopkg -i "netlib pyasn1 tornado python-configargparse pyperclip blinker pyparsing html2text construct six lxml python-pillow click pysetuptools"

To test you will need a gateway and two other computers. I used virtual machines. One computer needs to have mitmproxy and dependencies installed, we will call this the attacker. The second computer needs to have a working web browser that supports SSL, which is the victim machine. The easiest way to do a man-in-the-middle attack on the attacking machine is to install the dsniff package from SBo and use the arpspoof command. On a minimal installation of Slackware you can use "links" to test on the victim machine.

The -r switch will poison both directions automatically so there is no need to issue a second arpspoof command. I had the -r switch patched into arpspoof sometime in November.

Code:

sudo arpspoof -t <gateway_ip> <target_ip> -r

I have only tested mitmproxy in transparent host mode. The command for that is:

Code:

sudo mitmproxy -T --host

On the victim machine, fire up a web browser, log into a site with SSL, watch the requests on the screen fly by in the mitmproxy UI. Here is a blog post (not written by me) discussing how to use mitmproxy with a mobile device.

You can post back here or in the GitHub ticket I created for mitmproxy if there are any difficulties. (Preferably on the GitHub ticket.)

I did not realize that urwid was already in Slackware. Looks like mitmproxy and w3af will have to wait until Slackware 14.2.... pending update of urwid to > 1.3.0.