w3af scan starts the plugins send HTTP requests which get stored in
an internal database. HTTP requests and responses associated with a vulnerability
can be accessed using the REST API at
The most common flow is to access the vulnerability details at
/scans/<scan-id>/kb/<vulnerability-id> and use the
attribute to perform requests to the traffic resources.
The HTTP request and response is encoded using base64 in order to allow the REST API to send special characters (null bytes, etc.) without encoding problems.