Description

This plugin is a local proxy that can be used to give the framework knowledge about the web application when it has a lot of client side code like Flash or Java applets. Whenever a w3af needs to test an application with flash or javascript, the user should enable this plugin and use a web browser to navigate the site using spider_man proxy. The proxy will extract information from the user navigation and generate the necesary injection points for the audit plugins. Another feature of this plugin is to save the cookies that are sent by the web application, in order to be able to use them in other plugins. So if you have a web application that has a login with cookie session management you should enable this plugin, do the login through the browser and then let the other plugins spider the rest of the application for you. Important note: If you enable web_spider, you should ignore the “logout” link. Two configurable parameters exist:

  • listen_address
  • listen_port

Plugin type

Crawl

Options

Name Type Default Value Description Help
listen_address string 127.0.0.1 IP address that the spider_man proxy will use to receive requests No detailed help available
listen_port integer 44444 Port that the spider_man HTTP proxy server will use to receive requests No detailed help available

Source

For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code

Dependencies

This plugin has no dependencies.