Devilzc0de Forum Follow @devilzc0de
  • Home
  • Hacking
  • Networking
  • Programming
  • O.S
  • Server
  • Tweets
  • Search
  • Member List
  • Calendar
Current time: 05-22-2013, 11:32 AM Hello There, Guest! (Login — Register)
Devilzc0de Forum › Information Technology › Programming › Python v
« Previous 1 2 3 4 Next »

[Tutor] Web Application Attack and Audit Framework

Home General Computer Multimedia Business Lounge

Pages (2): 1 2 Next »
Post Reply 
Tweet
Threaded Mode | Linear Mode
Tutor Web Application Attack and Audit Framework
11-18-2011, 08:42 PM
Post: #1
Wayc0de Offline
-= Sifu Makan Sonice =-
**
Moderators 		Posts: 2,980
Joined: Nov 2010
Reputation: 61
Bug Web Application Attack and Audit Framework
Assalamu'alaikum semuanya bangga

ketemu agy dech dengan ane yg newbie ini belajar

kali ini ane akan kcie sedikit maenan buat tmen2 DC

namanya Web Application Attack and Audit Framework (w3af)

dengan melihat judulnya saja,,mgkin tmen2 pada tau nie tool fungsinya buat apa

g ush banyak bacot,,langsung ke tekape

CEKIDOT !!!

1. download dulu softwarenya disini w3af

2. Proses Instalasi

Persyaratan Instalasi
Paket yang dibutuhkan untuk menjalankan w3af dapat dibagi dalam dua kelompok:

Code:
~# Core requirements:
Python 2.6
fpconst-0.7.2
nltk
SOAPpy
pyPdf
Python bindings for the libxml2 library
Python OpenSSL
json.py
scapy
pysvn
python sqlite3

Code:
~# Graphical user interface requirements:
graphviz
pygtk 2.0
gtk 2.12

perlu diingat proses installasi menggunakan akses root ea

Code:
cd w3af
cd extlib
cd fpconst-0.7.2
python setup.py install
cd ..
cd SOAPpy
python setup.py install
cd ..
cd pyPdf
python setup.py install

3. jalankan program w3af

Code:
~/Downloads/w3af$ ./w3af_console
w3af>>>

w3af>>> help

[Image: help.png]
Code:
w3af>>>
w3af>>> help target
Configure the target URL.
w3af>>>

Code:
w3af>>>http-settings
w3af/config:http-settings>>>
w3af/config:http-settings>>> help

[Image: http-settings.png]
Code:
w3af/config:http-settings>>> view

Code:
w3af/config:http-settings>>> help timeout
The timeout for connections to the HTTP server
Type: integer
Current value is: 15
w3af/config:http-settings>>>

4. memainkan Plugins

Code:
w3af>>> plugins
w3af/plugins>>> help

[Image: plugins.png]
Code:
w3af/plugins>>>

Semua plugin dapat dikonfigurasi sini kecuali plugin mengeksploitasi, Contoh di bawah menunjukkan bagaimana untuk menemukan sintaks untuk plugin:

Code:
w3af/plugins>>> help audit

[Image: help-audit.png]
Code:
w3af/plugins>>> help list
List available plugins.
Syntax: list {plugin type} [all | enabled | disabled]
By default all plugins are listed.

w3af/plugins>>>

Contoh di bawah ini menunjukkan penggunaan perintah list untuk melihat semua plugin yang tersedia.

Code:
w3af/plugins>>> list audit

[Image: list-audit.png]
Untuk mengaktifkan XSS dan plugin sqli, ketikkan command berikut ini :

Code:
w3af/plugins>>> audit xss, sqli
w3af/plugins>>> audit

Code:
w3af>>> plugins
w3af/plugins>>> audit desc fileUpload

[Image: file-upload.png]
sekarang kita tahu plugins yang dipakai,,mari kita check lagi :

Code:
w3af/plugins>>> audit config xss
w3af/plugins/audit/config:xss>>> view

[Image: config-xss.png]
Code:
w3af/plugin/xss>>> set checkStored False
w3af/plugin/xss>>> back
w3af/plugins>>> audit config sqli
w3af/plugins/audit/config:sqli>>> view

Code:
w3af/plugins/audit/config:sqli>>>
w3af/plugins/audit/config:sqli>>> back
w3af/plugins>>>

Menu konfigurasi untuk plugin juga memiliki perintah set untuk mengubah nilai-nilai parameter, dan perintah tampilan untuk daftar nilai-nilai yang ada. Pada contoh sebelumnya kita cek dinonaktifkan scripting lintas situs gigih dalam plugin XSS, dan terdaftar pilihan dari plugin sqli (sebenarnya tidak memiliki parameter dapat dikonfigurasi).

5. Starting a scan

Setelah mengkonfigurasi semua plugin yang diinginkan pengguna telah untuk mengatur URL target dan akhirnya memulai scan. Pemilihan target dilakukan dengan cara ini:

Code:
w3af>>> target
w3af/config:target>>> set target http://localhost/
w3af/config:target>>> back
w3af>>>

Akhirnya, Anda menjalankan "mulai" dalam rangka untuk menjalankan semua plugin dikonfigurasi.

Code:
w3af>>> start

kemudian tekan "Enter"

disini ane mengetes situs pemerintah (cuman sekedar tes doank)

[Image: set-target.png]
==============================================

mungkin segitu dulu tutor cupu dari ane, untuk lebih jelasnya bisa diliat di file PDF yg sudah da ketika tmen2 download nie tools

semoga bisa bermanfaat bagi kita semua

akhir kata dari ane,,wassalamu'alakum wr wb
Visit this user's website Find all posts by this user
Quote this message in a reply
 Reputed by :  ketek(+1)
11-18-2011, 08:45 PM
Post: #2
KitiM Offline
./Devilz 1st Cadet
 		Posts: 37
Joined: May 2011
Reputation: 1
RE: Web Application Attack and Audit Framework
KitiM ijin buat nyoba ya kak??? mantap nih tutor,detail lagi
hmm..BTW kakak menerima jasa deface ya kak??? kok di SS nya ada tuh kak??? malu piss
Find all posts by this user
Quote this message in a reply
11-18-2011, 08:48 PM
Post: #3
Wayc0de Offline
-= Sifu Makan Sonice =-
**
Moderators 		Posts: 2,980
Joined: Nov 2010
Reputation: 61
RE: Web Application Attack and Audit Framework
(11-18-2011 08:45 PM)KitiM Wrote:  KitiM ijin buat nyoba ya kak??? mantap nih tutor,detail lagi
hmm..BTW kakak menerima jasa deface ya kak??? kok di SS nya ada tuh kak??? malu piss

silahkan om KitiM seneng

biar sama-sama belajar belajar

au ah dh OOT tuh pertanyaan terakhir ngakak
Visit this user's website Find all posts by this user
Quote this message in a reply
11-18-2011, 08:49 PM
Post: #4
74jTeZ Offline
./Junk3r 1st C4d3t
 		Posts: 284
Joined: Nov 2011
Reputation: 5
RE: Web Application Attack and Audit Framework
ini bisa gak omz dijlanin di ubuntu??? malu
soalnya ane cma ada ubuntu dan windows... malu
Find all posts by this user
Quote this message in a reply
11-18-2011, 08:51 PM
Post: #5
Wayc0de Offline
-= Sifu Makan Sonice =-
**
Moderators 		Posts: 2,980
Joined: Nov 2010
Reputation: 61
RE: Web Application Attack and Audit Framework
(11-18-2011 08:49 PM)74jTeZ Wrote:  ini bisa gak omz dijlanin di ubuntu??? malu
soalnya ane cma ada ubuntu dan windows... malu

lah ane nie make ubuntu 10.10 kok om seneng
Visit this user's website Find all posts by this user
Quote this message in a reply
11-18-2011, 08:55 PM
Post: #6
74jTeZ Offline
./Junk3r 1st C4d3t
 		Posts: 284
Joined: Nov 2011
Reputation: 5
RE: Web Application Attack and Audit Framework
(11-18-2011 08:51 PM)dZheNwaY Wrote:  
(11-18-2011 08:49 PM)74jTeZ Wrote:  ini bisa gak omz dijlanin di ubuntu??? malu
soalnya ane cma ada ubuntu dan windows... malu

lah ane nie make ubuntu 10.10 kok om seneng

sama dong.. asik
ane izin praktek bang.. malu
Find all posts by this user
Quote this message in a reply
11-18-2011, 08:58 PM
Post: #7
Wayc0de Offline
-= Sifu Makan Sonice =-
**
Moderators 		Posts: 2,980
Joined: Nov 2010
Reputation: 61
RE: Web Application Attack and Audit Framework
(11-18-2011 08:55 PM)74jTeZ Wrote:  
(11-18-2011 08:51 PM)dZheNwaY Wrote:  
(11-18-2011 08:49 PM)74jTeZ Wrote:  ini bisa gak omz dijlanin di ubuntu??? malu
soalnya ane cma ada ubuntu dan windows... malu

lah ane nie make ubuntu 10.10 kok om seneng

sama dong.. asik
ane izin praktek bang.. malu

silahkan om seneng
Visit this user's website Find all posts by this user
Quote this message in a reply
11-18-2011, 09:03 PM
Post: #8
ketek Offline
bocah ingusan
*******
Administrators 		Posts: 2,168
Joined: Jan 2010
Reputation: 369
RE: Web Application Attack and Audit Framework
w3af setau ane cross platform kok om.. di windows bisa, ubuntu juga bisa...

ini di ubuntu ane..
[Image: ejvtj4.png]
Find all posts by this user
Quote this message in a reply
11-18-2011, 09:04 PM
Post: #9
Wayc0de Offline
-= Sifu Makan Sonice =-
**
Moderators 		Posts: 2,980
Joined: Nov 2010
Reputation: 61
RE: Web Application Attack and Audit Framework
tu yg versi GUI ea om ketek??

emang bener kok kata om ketek

w3af has been successfully installed and used on Linux, Windows XP, Windows Vista, FreeBSD and OpenBSD.

tuh dh jalan di OS2 diatas seneng
Visit this user's website Find all posts by this user
Quote this message in a reply
11-18-2011, 09:26 PM
Post: #10
civo Offline
./Panah Nanggala\.
**
Moderators 		Posts: 2,075
Joined: Jan 2011
Reputation: 65
RE: Web Application Attack and Audit Framework
weh..guru ane 1 ini kalau buat thread pasti komplit...plit..plit...di kasih telur 2 karena selalu spesial,
dan selalu juelasss....
mantap nih omz...ijin arsipin untuk menhuin data dan buat bahan belajar yaa sifu hore
Find all posts by this user
Quote this message in a reply
« Next Oldest | Next Newest »
Pages (2): 1 2 Next »
Post Reply 


Topic Tools
Topic Link :
BBCode :
HTML Code :
View a Printable Version Send Thread to a Friend Subscribe to this thread
Submit Google Submit Face book Submit to Digg Submit to Reddit Submit to Furl Submit to Del.icio.us Submit to Jeqq

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  how to create login auth with django framework (python) 5ynL0rd 6 1,769 04-25-2013 08:06 AM
Last Post: dophponh
  New tool from indonesianbacktrack - simple phpmyadmin dictionary attack mywisdom 3 230 01-10-2013 08:16 PM
Last Post: haXna

Users Browsing
1 Guest(s)

  • Contact Us
  • devilzc0de
  • Return to Top
  • Mobile Version
  • RSS Syndication
  • Help
Current time: 05-22-2013, 11:32 AM Powered By MyBB, © 2002-2013 MyBB Group. Theme created by Justin S. | Mixed By Chaer.Newbie | Fixed By Aditya

USING THIS SITE INDICATES THAT YOU HAVE READ AND ACCEPT OUR TERMS. IF YOU DO NOT ACCEPT THESE TERMS, YOU ARE NOT AUTHORIZED TO USE THIS SITE