Description
This plugin is a local proxy that can be used to give the framework knowledge about the web application when it has a lot of client side code like Flash or Java applets. Whenever a w3af needs to test an application with flash or javascript, the user should enable this plugin and use a web browser to navigate the site using spider_man proxy. The proxy will extract information from the user navigation and generate the necesary injection points for the audit plugins. Another feature of this plugin is to save the cookies that are sent by the web application, in order to be able to use them in other plugins. So if you have a web application that has a login with cookie session management you should enable this plugin, do the login through the browser and then let the other plugins spider the rest of the application for you. Important note: If you enable web_spider, you should ignore the “logout” link. Two configurable parameters exist:
- listen_address
- listen_port
Plugin type
Options
| Name | Type | Default Value | Description | Help |
| listen_address | string | 127.0.0.1 | IP address that the spider_man proxy will use to receive requests | No detailed help available |
| listen_port | integer | 44444 | Port that the spider_man HTTP proxy server will use to receive requests | No detailed help available |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.
