Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
24 lines (17 sloc) 907 Bytes

The /urls/ resource

Once a w3af scan starts the crawl plugins find new URLs which get stored in the knowledge base, this information is important for the user to understand which parts of the application were scanned and can be accessed using the REST API endpoint at /scans/<scan-id>/urls/.

The /fuzzable-requests/ resource

Advanced users will find the /urls/ information insufficient since it lacks the parameters (query string, post-data, json) and headers which were identified by w3af. The /scans/<scan-id>/fuzzable-requests/ endpoint returns a list with all the raw HTTP requests that the scanner will use during the audit phase.

Encoding

The fuzzable requests is encoded using base64 in order to allow the REST API to send special characters (null bytes, etc.) without encoding problems.