search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.57k stars 1.22k forks source link

Start tag expected, '<' not found - _load_data_from_burp #5259

Closed 1d3df9903ad closed 9 years ago

1d3df9903ad commented 10 years ago

The user provided the following email address forcontact: klemensarro+w3af@gmail.com

Version Information

  Python version: 2.7.6 (default, Mar 22 2014, 22:59:56) [GCC 4.8.2]
  GTK version: 2.24.23
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.6.0.5
    Revision: fd37a1a528 - 08 Sep 2014 17:23
    Branch: master
    Local changes: No
    Author: Andres Riancho and the w3af team.

Traceback

A "XMLSyntaxError" exception was found while running crawl.import_results on "Method: GET | https://domain/". The exception was: "Start tag expected, '<' not found, line 1, column 1" at parser.pxi:lxml.etree._raiseParseError (src/lxml/lxml.etree.c:74696)():590.The full traceback is:
  File "/home/user/Software/w3af/w3af/core/controllers/core_helpers/consumers/crawl_infrastructure.py", line 402, in _discover_worker
    result = plugin.discover_wrapper(fuzzable_request)
  File "/home/user/Software/w3af/w3af/core/controllers/plugins/crawl_plugin.py", line 49, in crawl_wrapper
    return self.crawl(fuzzable_request_copy)
  File "/home/user/Software/w3af/w3af/core/controllers/misc/decorators.py", line 46, in inner_runonce_meth
    return meth(self, *args)
  File "/home/user/Software/w3af/w3af/plugins/crawl/import_results.py", line 68, in crawl
    self._load_data_from_burp()
  File "/home/user/Software/w3af/w3af/plugins/crawl/import_results.py", line 116, in _load_data_from_burp
    self._input_burp)
  File "/home/user/Software/w3af/w3af/plugins/crawl/import_results.py", line 209, in _objs_from_burp_log
    requests = etree.fromstring(file(burp_file).read(), parser)
  File "lxml.etree.pyx", line 2754, in lxml.etree.fromstring (src/lxml/lxml.etree.c:54631)
  File "parser.pxi", line 1578, in lxml.etree._parseMemoryDocument (src/lxml/lxml.etree.c:82748)
  File "parser.pxi", line 1457, in lxml.etree._parseDoc (src/lxml/lxml.etree.c:81546)
  File "parser.pxi", line 965, in lxml.etree._BaseParser._parseDoc (src/lxml/lxml.etree.c:78216)
  File "parsertarget.pxi", line 149, in lxml.etree._TargetParserContext._handleParseResultDoc (src/lxml/lxml.etree.c:89173)
  File "parser.pxi", line 590, in lxml.etree._raiseParseError (src/lxml/lxml.etree.c:74696)

Enabled Plugins

{'attack': {},
 'audit': {u'blind_sqli': <OptionList: eq_limit>,
           u'buffer_overflow': <OptionList: >,
           u'cors_origin': <OptionList: origin_header_value>,
           u'csrf': <OptionList: >,
           u'dav': <OptionList: >,
           u'eval': <OptionList: use_time_delay|use_echo>,
           u'file_upload': <OptionList: extensions>,
           u'format_string': <OptionList: >,
           u'frontpage': <OptionList: >,
           u'generic': <OptionList: diff_ratio>,
           u'global_redirect': <OptionList: >,
           u'htaccess_methods': <OptionList: >,
           u'ldapi': <OptionList: >,
           u'lfi': <OptionList: >,
           u'mx_injection': <OptionList: >,
           u'os_commanding': <OptionList: >,
           u'phishing_vector': <OptionList: >,
           u'preg_replace': <OptionList: >,
           u'redos': <OptionList: >,
           u'response_splitting': <OptionList: >,
           u'rfi': <OptionList: listen_address|listen_port|use_w3af_site>,
           u'sqli': <OptionList: >,
           u'ssi': <OptionList: >,
           u'ssl_certificate': <OptionList: minExpireDays|caFileName>,
           u'un_ssl': <OptionList: >,
           u'xpath': <OptionList: >,
           u'xss': <OptionList: persistent_xss>,
           u'xst': <OptionList: >},
 'auth': {u'generic': <OptionList: username|password|username_field|password_field|auth_url|check_url|check_string>},
 'bruteforce': {},
 'crawl': {u'content_negotiation': <OptionList: wordlist>,
           u'digit_sum': <OptionList: fuzzImages|maxDigitSections>,
           u'dir_file_bruter': <OptionList: dir_wordlist|file_wordlist|bf_directories|bf_files|be_recursive>,
           u'dot_listing': <OptionList: >,
           u'find_backdoors': <OptionList: >,
           u'find_captchas': <OptionList: >,
           u'find_dvcs': <OptionList: >,
           u'genexus_xml': <OptionList: >,
           u'import_results': <OptionList: input_csv|input_burp>,
           u'phishtank': <OptionList: >,
           u'phpinfo': <OptionList: >,
           u'ria_enumerator': <OptionList: wordlist|manifestExtensions>,
           u'robots_txt': <OptionList: >,
           u'sitemap_xml': <OptionList: >,
           u'url_fuzzer': <OptionList: fuzz_images>,
           u'urllist_txt': <OptionList: >,
           u'web_spider': <OptionList: only_forward|follow_regex|ignore_regex>,
           u'wordnet': <OptionList: wn_results>,
           u'wsdl_finder': <OptionList: >},
 'evasion': {},
 'grep': {u'ajax': <OptionList: >,
          u'analyze_cookies': <OptionList: >,
          u'blank_body': <OptionList: >,
          u'cache_control': <OptionList: >,
          u'click_jacking': <OptionList: >,
          u'code_disclosure': <OptionList: >,
          u'credit_cards': <OptionList: >,
          u'cross_domain_js': <OptionList: >,
          u'csp': <OptionList: >,
          u'directory_indexing': <OptionList: >,
          u'dom_xss': <OptionList: >,
          u'error_500': <OptionList: >,
          u'error_pages': <OptionList: >,
          u'feeds': <OptionList: >,
          u'file_upload': <OptionList: >,
          u'form_autocomplete': <OptionList: >,
          u'get_emails': <OptionList: only_target_domain>,
          u'hash_analysis': <OptionList: >,
          u'html_comments': <OptionList: >,
          u'http_auth_detect': <OptionList: >,
          u'http_in_body': <OptionList: >,
          u'lang': <OptionList: >,
          u'meta_tags': <OptionList: >,
          u'motw': <OptionList: >,
          u'objects': <OptionList: >,
          u'oracle': <OptionList: >,
          u'password_profiling': <OptionList: >,
          u'path_disclosure': <OptionList: >,
          u'private_ip': <OptionList: >,
          u'strange_headers': <OptionList: >,
          u'strange_http_codes': <OptionList: >,
          u'strange_parameters': <OptionList: >,
          u'strange_reason': <OptionList: >,
          u'svn_users': <OptionList: >,
          u'url_session': <OptionList: >,
          u'wsdl_greper': <OptionList: >,
          u'xss_protection_header': <OptionList: >},
 'infrastructure': {u'afd': <OptionList: >,
                    u'allowed_methods': <OptionList: execOneTime|reportDavOnly>,
                    u'dns_wildcard': <OptionList: >,
                    u'domain_dot': <OptionList: >,
                    u'favicon_identification': <OptionList: >,
                    u'find_vhosts': <OptionList: >,
                    u'finger_pks': <OptionList: >,
                    u'fingerprint_WAF': <OptionList: >,
                    u'fingerprint_os': <OptionList: >,
                    u'frontpage_version': <OptionList: >,
                    u'halberd': <OptionList: >,
                    u'hmap': <OptionList: gen_fingerprint>,
                    u'http_vs_https_dist': <OptionList: httpPort|httpsPort>,
                    u'php_eggs': <OptionList: >,
                    u'server_header': <OptionList: >,
                    u'server_status': <OptionList: >,
                    u'shared_hosting': <OptionList: result_limit>},
 'mangle': {},
 'output': {u'console': <OptionList: verbose>,
            u'html_file': <OptionList: output_file|verbose>,
            u'text_file': <OptionList: verbose|output_file|http_output_file>}}
andresriancho commented 9 years ago

Sent email to klemensarro+w3af@gmail.com to get the input file for final testing, but this should be fixed. Closing.