LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-18-2015, 01:31 AM   #1
mralk3
Senior Member
 
Registered: May 2015
Location: Utah, USA
Distribution: Slackware, OpenBSD, Linux From Scratch
Posts: 1,438

Rep: Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806
Updating w3af to version 1.6.49 in SBo, need testers


I would be very pleased if a few members of the community could help test w3af 1.6.49.

I plan to assume maintenance of w3af once it has been thoroughly tested. It's a big version bump from 1.0 to 1.6.49. I believe I already created SlackBuilds for all the missing dependencies. I've tested that w3af builds with the listed dependencies in w3af.info using slackrepo. If a dependency is missing, please post here and tell me about it.

I have not yet tried to install w3af. All my testing so far has been with slackrepo. Basically I have only tested to see if everything builds on a stock Slackware64 14.1 virtual machine.

Tomorrow I will generate a package repository, provision a new testing installation of Slackware 14.1 and install everything to begin testing the actual application.

Here is the GitHub repository I am using to track my progress: w3af-sbo

I created a ticket that lists dependencies required by w3af. I attached a slackrepo configuration file that works with this GitHub repository. It can be found here: https://github.com/BrentonEarl/w3af-sbo/issues/1

Any suggestions are welcome!

P.S. Many of the dependencies have not yet been around long enough to make it into official SBo and it's best to download them from my GitHub repository. Everything should be in SBo this weekend for the update.

Last edited by mralk3; 11-18-2015 at 05:49 PM.
 
Old 11-18-2015, 05:41 PM   #2
mralk3
Senior Member
 
Registered: May 2015
Location: Utah, USA
Distribution: Slackware, OpenBSD, Linux From Scratch
Posts: 1,438

Original Poster
Rep: Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806
Small update.

Looks like I will need to hold off on testing. I was missing the dependency mitmproxy. Cannot create mitmproxy just yet because of some difficulties with dependencies.

See: https://github.com/BrentonEarl/es1-s...stuff/issues/5
and: https://github.com/BrentonEarl/es1-s...stuff/issues/6
 
Old 12-12-2015, 01:08 PM   #3
mralk3
Senior Member
 
Registered: May 2015
Location: Utah, USA
Distribution: Slackware, OpenBSD, Linux From Scratch
Posts: 1,438

Original Poster
Rep: Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806
I did some preliminary testing for my mitmproxy SlackBuild. All dependencies are uploaded to SBo except for urwid. mitmproxy and urwid are pending upload. If anyone is interested to help test mitmproxy here are the relevant SlackBuilds.
You can install the dependencies (except urwid, which is manual installation) like so:

Code:
sbopkg -i "netlib pyasn1 tornado python-configargparse pyperclip blinker pyparsing html2text construct six lxml python-pillow click pysetuptools"
To test you will need a gateway and two other computers. I used virtual machines. One computer needs to have mitmproxy and dependencies installed, we will call this the attacker. The second computer needs to have a working web browser that supports SSL, which is the victim machine. The easiest way to do a man-in-the-middle attack on the attacking machine is to install the dsniff package from SBo and use the arpspoof command. On a minimal installation of Slackware you can use "links" to test on the victim machine.

The -r switch will poison both directions automatically so there is no need to issue a second arpspoof command. I had the -r switch patched into arpspoof sometime in November.

Code:
sudo arpspoof -t <gateway_ip> <target_ip> -r
I have only tested mitmproxy in transparent host mode. The command for that is:
Code:
sudo mitmproxy -T --host
On the victim machine, fire up a web browser, log into a site with SSL, watch the requests on the screen fly by in the mitmproxy UI. Here is a blog post (not written by me) discussing how to use mitmproxy with a mobile device.

You can post back here or in the GitHub ticket I created for mitmproxy if there are any difficulties. (Preferably on the GitHub ticket.)

Last edited by mralk3; 12-12-2015 at 01:20 PM.
 
Old 12-12-2015, 05:54 PM   #4
mralk3
Senior Member
 
Registered: May 2015
Location: Utah, USA
Distribution: Slackware, OpenBSD, Linux From Scratch
Posts: 1,438

Original Poster
Rep: Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806
I did not realize that urwid was already in Slackware. Looks like mitmproxy and w3af will have to wait until Slackware 14.2.... pending update of urwid to > 1.3.0.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Questions for Robby, ponce, or anyone from SBo about SBo submission requirements. ReaperX7 Slackware 4 06-07-2015 11:30 AM
LXer: Valve seeking testers for the beta version of Steam on Linux LXer Syndicated Linux News 1 09-07-2012 03:50 AM
Nvidia-driver.SlackBuild from SBo (or: I am a bad and sloppy SBo maintainer) kingbeowulf Slackware 8 08-31-2012 02:41 AM
[SOLVED] [SBo] xcdroast - Invalid cdda2wav version brooko Slackware 3 11-30-2010 10:09 PM
updating Kernel from version 2.6.9 to version 2.6.19 varala_kanth Linux - Kernel 1 01-18-2007 03:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration