[Owasp-board] OWASP Project/Summer of Code

dinis cruz dinis.cruz at owasp.org
Wed Jun 4 15:51:14 UTC 2008


Hi Achim & Christopher
What I propose is that :

  - we move CAL9000 to an 'inactive projects' section of
https://www.owasp.org/index.php/Category:OWASP_Project (Paulo will create
it), Christopher are you ok with that?
  - create a new project for the new code
  - make a reference on the new project pages of CAL9000 and make note of
the differences of the two tools

Dinis



On Wed, Jun 4, 2008 at 4:36 PM, Achim Hoffmann <ah at securenet.de> wrote:

>
> Hi Paulo,
> Hi Dinis,
>
> see inline below.
>
> Cheers
> Achim
>
> !! Next, I've talked about your project with Dinis Cruz (
> dinis.cruz at owasp.org)
> !! and we concluded that your project appears to have large similarities
> with
> !! the OWASP <
> http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project>
> !! CAL9000 Project.
>
> yes, for sure.
> As I explained in Gent, it was initially based on the code of CAL9000 in
> which I also participated.
> But it's much more complete now according the en-/decodings (including
> some eastereggs:). A lot of bugs fixed also.
>
> As the XHR functionality in the CAL9000 project seems to be a dead end
> currently, unfortunatelly, I decided to make a split and concentrate on
> the other parts.
>
> ----
> Sitenote:
>  is someone out there to implement the functionality of JavaScript's
>  XHR in java, so it works in a browser?
>  IMHO it's still worth to build a fuzzing tool inside the browser, but
>  that requires something better (for testers, not users) than XHR.
>  Dinis, what do you think?
> ----
>
> !! We would like to hear your opinion about this. However, if you agree
> with
> !! us, I suggest contacting Project
> !! <
> http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project#Project_Contr
> !! ibutors>  Contributors to discuss further developments.
>
> I have been in deep contact with Christopher Loomis, the author of CAL9000,
> while we added some of the en-/decoding functions.
>
> !! Nevertheless, be aware that this project seems to be a bit stagnant - as
> you
> !! will see, the project's page hasn't been changed since December 2006.
>
> Christopher Loomis told me in mid 2006 that he will no longer develop
> CAL9000
> due to personal reasons.
> (if you like, I'll grep for the original email ...)
> That's the second reason why I started a new tool.
>
> !! Therefore, it's possible that project has lost its leadership. If so,
> please
> !! consider assuming the referred role. Otherwise, please negotiate
> directly
> !! what kind of contribution will you provide and what paths should be
> !! followed. In any case, please keep us informed.
>
> I'm willing to make my code (well, some parts are shameless copied:)
> public. But I'd like to hear some opinions from others if it's worth and
> if it is useful. I don't want to waste resources (my time for example)
> just for something "nice to have" but not really useful.
> There is still a lot of to do, improvements, bugfixes, etc.. I'd also
> like to discuss further development with others as I have some more
> ideas. For example I can think of integrating parts of my code into BeEF,
> hackvertor or similar. Unfortunatelly the authors didn't respond to my
> ideas.
>
> Making my code part of CAL9000 again will be hard work. I would not do
> that as some parts of CAL9000 are no longer (in modern browsers) working
> propper. This means that we improve the en-/decoding there, leaving the
> rest more or less unusable. Additional there is the risk of making the
> original tool unstable due to the changes.
> Hence I prefer a new tool/project, leaving CAL9000 as is.
>
> !! Please, don't hesitate to get back to me whenever you think that I can
> help
> !! with.
>
> Here I'm.
> Again, my idea is that the en-/decoding functionality (at least those
> according web applications) might be useful in other tools too. It would
> be great if someone else concludes to this. Then there is some challange
> to continue on my work.
> Do you think it's worth that you -as OWASP project leader- contact some
> other authors?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080604/ca75081a/attachment-0002.html>


More information about the Owasp-board mailing list