Miroslav Stampar
6a01d2e430
Fixes #1366
2015-08-30 02:13:07 +02:00
Miroslav Stampar
1f5e6606a7
Fixes #1357
2015-08-25 02:03:56 +02:00
Miroslav Stampar
54d65328bc
Patch for negative logic (e.g. OR) cases (reported privately)
2015-08-18 03:09:01 +02:00
Miroslav Stampar
310d79b8f1
Adding special variable 'lastPage' to the eval code (by request from ML)
2015-08-14 23:29:31 +02:00
Miroslav Stampar
e5863d8b89
Minor patch
2015-08-12 21:43:13 +02:00
Miroslav Stampar
b0bc3149f9
Fixes #1315
2015-07-26 16:18:41 +02:00
Miroslav Stampar
314df093f1
Fixes #1314
2015-07-26 16:06:01 +02:00
Miroslav Stampar
21e8182ac6
Fixes #1305
2015-07-18 17:01:34 +02:00
Miroslav Stampar
16f8e4c8ba
Removing unused imports
2015-07-12 12:25:02 +02:00
Miroslav Stampar
10f8c6a0b6
Introducing --offline switch (to perform session only lookups)
2015-07-10 16:10:24 +02:00
Miroslav Stampar
e4b23c9beb
Minor fix regarding POST redirects (ML)
2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7
Minor patch for #1260
2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7
Minor patch for #1260
2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda
Adding a support for SNI (Issue #1256 )
2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028
Minor fix for (hidden) switch '--dummy'
2015-05-29 17:30:02 +02:00
Miroslav Stampar
e8f87bfa41
Minor patches related to the #1206
2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba
Fixes related to the #1206
2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9
Conflict fix
2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c
Minor update (for Windows-31j charset)
2015-05-09 14:32:55 +02:00
Miroslav Stampar
bb98894dc1
Adding option --safe-req
2015-04-22 16:28:54 +02:00
Miroslav Stampar
c5138d4696
Minor refactoring
2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae
Adding an option --safe-post
2015-04-20 23:55:59 +02:00
Miroslav Stampar
99c1cc9937
Fixes #1208
2015-03-26 17:17:46 +01:00
Miroslav Stampar
fc0186e029
Minor update
2015-03-26 12:39:44 +01:00
Miroslav Stampar
7587528ebd
Fixes #1202
2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e
fix mandatorily depend of websocket #1198
2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6
remove Host header field and add cookie support #1198
2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2
modified error handle #1198
2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7
determine whether it's websocket when connect #1198
2015-03-24 17:19:37 +08:00
Miroslav Stampar
05a496c275
Fixes #1196
2015-03-20 00:56:52 +01:00
Christ van Willegen
80fb2e29cc
Fix some spelling errors in help texts (through -> thorough)
2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca
Fixes #1185
2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd
Minor update (not overriding user given 'Accept-Encoding' header value)
2015-03-03 14:37:36 +01:00
Miroslav Stampar
dde400ab8f
More suitable version of 6bcc95a
(suggested by user)
2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d
Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z])
2015-02-24 15:05:44 +01:00
Miroslav Stampar
1636088b75
Minor update
2015-02-16 11:48:53 +01:00
Miroslav Stampar
38011743bb
Patch for an Issue #1157
2015-02-04 15:01:19 +01:00
Miroslav Stampar
59f0da369d
Patch for a bug reported via ML (Accept header ignored in --headers)
2015-02-02 22:07:16 +01:00
Miroslav Stampar
9e90e357cf
Patch for an Issue #1146
2015-01-30 21:59:03 +01:00
Miroslav Stampar
e73ac6c8e3
Minor patch on request of an user
2015-01-17 21:47:57 +01:00
Miroslav Stampar
c2b2ccd2b5
Minor bug fix
2015-01-17 17:31:00 +01:00
Miroslav Stampar
54e9a1fb2d
Minor style update
2015-01-14 16:11:55 +01:00
Miroslav Stampar
8e03f4db0f
Patch for an Issue #1062
2015-01-09 15:33:53 +01:00
Miroslav Stampar
450b3c93cb
Potential patch for an Issue #1093
2015-01-07 11:40:11 +01:00
Miroslav Stampar
45bdefd29b
Update of copyright
2015-01-06 15:02:16 +01:00
Miroslav Stampar
c474c16b4a
Removing ML email address
2015-01-06 12:30:49 +01:00
Miroslav Stampar
41c2f889b2
Fix related to the SSLv3 disabling
2014-12-30 15:44:55 +01:00
Miroslav Stampar
1e014de6be
Patch for an Issue #1066
2014-12-26 22:24:28 +01:00
Miroslav Stampar
6972020faf
Bug fix for login-like SQLi (OR with 500 result)
2014-12-18 15:58:19 +01:00
Miroslav Stampar
180ede0cb3
Minor patch
2014-12-15 14:07:28 +01:00
Miroslav Stampar
20c272b77d
More generic patch for an Issue #994
2014-12-07 16:14:48 +01:00
Miroslav Stampar
4e7f835eae
Patch for an Issue #994
2014-12-07 16:11:07 +01:00
Miroslav Stampar
d3060f20d7
Minor improvement
2014-12-03 13:22:55 +01:00
Miroslav Stampar
17db587e2c
Adding some friendly warning messages (regarding blocking)
2014-12-03 10:06:21 +01:00
Miroslav Stampar
7a04595f5e
Added a reference url (http charset priority)
2014-12-01 11:15:45 +01:00
Miroslav Stampar
a0d95a8ec4
Refactoring of #952
2014-11-24 12:56:39 +01:00
Miroslav Stampar
27cd9e7064
Merge pull request #952 from Rexikon/patch-1
...
Update httpshandler.py, AttributeError PROTOCOL_SSLv3
2014-11-24 12:52:27 +01:00
Miroslav Stampar
05f7b1f121
Patch for an Issue #970
2014-11-24 10:55:19 +01:00
Miroslav Stampar
1fc4d0e3c4
Update for an Issue #431
2014-11-21 10:31:55 +01:00
Miroslav Stampar
cf2d5fd453
Update for an Issue #431
2014-11-21 09:41:49 +01:00
Miroslav Stampar
34ce774acd
Patch for an Issue #956
2014-11-21 09:41:49 +01:00
Rexikon
4da20679ee
Update httpshandler.py
...
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
2014-11-19 16:36:30 +01:00
Miroslav Stampar
05d5342f20
Update and patch for an Issue #2
2014-11-17 11:50:05 +01:00
Miroslav Stampar
c5df45a14f
Minor bug fix (skipping HTML decoding in heuristic mode)
2014-11-11 11:23:14 +01:00
Miroslav Stampar
71c43be53a
Patch for an Issue #901
2014-11-05 10:03:19 +01:00
Miroslav Stampar
49d3860b1f
Minor fix
2014-10-31 20:22:15 +01:00
Miroslav Stampar
df73be32f1
Fix for an Issue #876
2014-10-28 14:41:21 +01:00
Miroslav Stampar
3b3b8d4ef2
Potential bug fix (escaping formatted regular expressions)
2014-10-28 14:02:55 +01:00
Miroslav Stampar
268e774087
Minor refactoring
2014-10-28 13:44:55 +01:00
Miroslav Stampar
f89e94fb8c
Minor refactoring
2014-10-28 13:42:13 +01:00
Miroslav Stampar
6448d3caf4
Implementing support for csrfcookie (Issue #2 )
2014-10-24 09:37:51 +02:00
Miroslav Stampar
5e31229d48
Minor cosmetic update
2014-10-23 15:18:22 +02:00
Miroslav Stampar
abbd352392
Support for X-CSRF-TOKEN header (Issue #2 )
2014-10-23 14:33:22 +02:00
Miroslav Stampar
fc1b05bec9
Implementation for an Issue #2
2014-10-23 11:23:53 +02:00
Miroslav Stampar
8dcad46805
Update basic.py
2014-10-22 23:16:46 +02:00
Miroslav Stampar
2f18df345e
Minor patch
2014-10-22 13:41:36 +02:00
Miroslav Stampar
268095495e
Minor patch
2014-10-22 13:32:49 +02:00
Miroslav Stampar
3ebc5faa34
Falling back to partial UNION if large dump connects out
2014-10-21 09:23:34 +02:00
Miroslav Stampar
1e636fb925
Minor patch regarding Issue #840
2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f
Fix for an Issue #838
2014-09-26 17:00:50 +02:00
Miroslav Stampar
bfc8ab0e35
Language update
2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b
Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)
2014-09-08 14:33:13 +02:00
Miroslav Stampar
bbf0be1f8d
Bug fix (Issue #813 )
2014-09-03 22:09:12 +02:00
Miroslav Stampar
9476359255
Bug fix
2014-08-28 12:50:39 +02:00
Miroslav Stampar
e68326c0fe
expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work
2014-08-26 22:57:08 +02:00
Miroslav Stampar
dcaad75a1e
Fix for an Issue #794
2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306
Minor patch
2014-08-22 14:45:23 +02:00
Miroslav Stampar
58d93ffb2b
Fix for falling back to partial union (excluding scalar queries)
2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d
Language update
2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692
Minor refactoring
2014-08-20 23:42:40 +02:00
Miroslav Stampar
b4fbb9cafe
Minor upgrade
2014-08-20 13:52:48 +02:00
Miroslav Stampar
6caccc3d93
Bug fix for ultra-slow processing of binary data
2014-08-20 01:38:01 +02:00
Miroslav Stampar
3cfa63646b
Minor bug fix
2014-07-19 23:17:23 +02:00
Miroslav Stampar
32af0b17b0
Update for an Issue #760
2014-07-10 08:49:20 +02:00
Miroslav Stampar
686fe4d0e9
Another patch for DNS exfiltration and boolean checks
2014-06-27 14:22:00 +02:00
Miroslav Stampar
2f8d17bcb7
Appendix to last commit
2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a
Fix for DNS exfiltration of boolean checks
2014-06-27 13:07:34 +02:00
Miroslav Stampar
2a88436417
Patch for an Issue #724
2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac
Patch for an Issue #719
2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6
Patch for an Issue #716
2014-06-10 21:57:54 +02:00
Miroslav Stampar
680ab10ca6
Patch for an Issue #703
2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250
Minor fix (related to the unknown encoding reported by ML)
2014-05-22 09:03:14 +02:00
Miroslav Stampar
c181e909b5
Minor fix
2014-05-16 23:47:00 +02:00
Miroslav Stampar
2e96e3c924
Adding a hidden switch --ignore-401
2014-04-29 23:26:45 +02:00
Miroslav Stampar
2d3a74a0fe
Patch for an Issue #667
2014-04-07 21:01:40 +02:00
Miroslav Stampar
bf18b025d6
Minor removal of redundant code
2014-04-06 18:09:54 +02:00
Miroslav Stampar
7cc4159316
Renaming conf.cDel to conf.cookieDel
2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e
Renaming conf.pDel to conf.paramDel
2014-04-06 16:48:46 +02:00
Miroslav Stampar
492a410bcc
Minor fix
2014-04-04 16:14:53 +02:00
Miroslav Stampar
e7e8a3965a
Minor fix
2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd
Patch related to the Issue #661
2014-04-02 22:34:37 +02:00
Miroslav Stampar
e8c1c90f2e
Whitespace was being double encoded in case of spaceplus (' '->%2B)
2014-03-25 22:02:14 +01:00
Miroslav Stampar
106102bd3c
Fix for an Issue #648
2014-03-21 20:28:29 +01:00
Miroslav Stampar
be3fd8bb29
Fix for an Issue #638
2014-03-14 16:44:56 +01:00
Miroslav Stampar
f1f53a5841
Minor cosmetic update
2014-03-06 21:08:31 +01:00
Miroslav Stampar
cc62a8adc9
Bug fix for JSON-like data (proper escaping of quotes)
2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc
Adding support for JSON-like data with single quote
2014-02-26 08:56:17 +01:00
Miroslav Stampar
fc02badf40
Minor update
2014-01-23 08:33:21 +01:00
Bernardo Damele
43a4e85749
updated copyright
2014-01-13 17:24:49 +00:00
Miroslav Stampar
36f3ab5798
Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True)
2014-01-09 15:46:55 +01:00
Miroslav Stampar
5437f8bf36
Fix for an Issue #85
2014-01-02 12:09:58 +01:00
Miroslav Stampar
4de83daf03
Minor style update
2014-01-02 11:06:19 +01:00
Miroslav Stampar
b0ca34ff27
Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None)
2013-12-04 10:09:54 +01:00
Bernardo Damele
59b6791faa
minor improvement
2013-11-19 00:24:47 +00:00
Miroslav Stampar
8dac47f7e5
Minor patch (for recognition of x-mac-turkish codec)
2013-10-21 20:04:48 +02:00
Miroslav Stampar
344d3f4b5f
Minor patch
2013-10-12 21:05:18 +02:00
Miroslav Stampar
18d9e1dbc3
Minor update due to reported (debug) problems with SSLv23
2013-10-04 10:53:49 +02:00
Miroslav Stampar
a3defc175d
Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself)
2013-09-11 23:17:18 +02:00
Miroslav Stampar
81409ce6da
Minor patch
2013-09-02 10:54:32 +02:00
Miroslav Stampar
dd39913cf6
Improvement for an --eval mechanism
2013-08-31 00:28:51 +02:00
Miroslav Stampar
3a57af1452
Minor fix
2013-08-30 15:26:03 +02:00
Miroslav Stampar
88b992ad83
Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly)
2013-08-23 11:54:08 +02:00
Miroslav Stampar
23f2c5f166
Finishing implementation for an Issue #58
2013-08-20 19:35:49 +02:00
Miroslav Stampar
4929cff0c0
Minor update
2013-08-13 06:42:49 +02:00
Miroslav Stampar
b2855e0281
Minor patch
2013-08-12 14:25:51 +02:00
Miroslav Stampar
a711c9ed36
Minor cleanup and initial work for #58
2013-08-09 14:13:48 +02:00
Miroslav Stampar
32c1cb20f5
Fix for an Issue #497
2013-08-01 19:48:20 +02:00
Miroslav Stampar
953b5815d8
Implementation for an Issue #496
2013-07-31 21:15:03 +02:00
Miroslav Stampar
6b826ef64d
Reintroducing option --cookie-del
2013-07-31 20:41:19 +02:00
Miroslav Stampar
ca44b23d20
Implementation for --eval to support cookies
2013-07-31 17:29:16 +02:00
Miroslav Stampar
eaacbe0b12
Minor language fix
2013-07-31 09:24:34 +02:00
Miroslav Stampar
f54082111d
Better way how to deal with required extensions
2013-07-13 19:25:49 +02:00
Miroslav Stampar
3f6d4083a7
Minor language update
2013-07-13 17:19:16 +02:00
Miroslav Stampar
31efabfca1
Appropriate error messaging when one of core libraries are missing due to erroneous Python build
2013-07-13 16:07:36 +02:00
Miroslav Stampar
4d9f8ad0dd
Commit related to the last one
2013-07-13 12:00:03 +02:00
stamparm
a53823f9b7
Minor refactoring
2013-06-19 10:59:26 +02:00
Miroslav Stampar
f185e5cdd5
Fix for an Issue #463
2013-06-10 22:26:34 +02:00
Miroslav Stampar
6f49b96a2d
Fix for an Issue #462
2013-06-10 12:20:58 +02:00
Miroslav Stampar
39612b5d87
Fix for an Issue #457
2013-06-04 23:46:39 +02:00
Miroslav Stampar
3e0f747fad
Minor fix
2013-06-04 00:05:25 +02:00
Miroslav Stampar
edc9da1226
Minor refactoring
2013-06-03 15:14:56 +02:00
stamparm
6b280d8da4
Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup)
2013-05-28 14:40:45 +02:00
stamparm
659c0bb418
Minor fix
2013-05-27 10:38:47 +02:00
stamparm
4b2cf07262
Minor style update
2013-05-20 16:15:35 +02:00
Miroslav Stampar
ea5c742595
Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled)
2013-05-18 21:30:21 +02:00
Miroslav Stampar
f24c8c6b6b
Changing logging type to warning for parsed error messages
2013-05-18 16:17:56 +02:00
stamparm
03732d2592
Minor fix
2013-05-17 16:04:05 +02:00
stamparm
76b4e1ccb9
Implementation for an Issue #450
2013-05-17 15:04:25 +02:00
stamparm
887109a12d
Minor bug fix (for not displaying heuristic detected page charset None)
2013-04-30 18:16:32 +02:00
stamparm
ebe8ee3500
Fix for crawler and redirection case
2013-04-30 18:08:26 +02:00
stamparm
09e7f4f697
Minor bug fix regarding traffic logging of redirected requests
2013-04-30 17:46:26 +02:00
stamparm
1035ee9c3d
Patch for an Issue #442
2013-04-26 14:49:24 +02:00
stamparm
e3a02f56e6
Just in case for --force-ssl (if url is returned in e.g. refresh toward the target)
2013-04-24 12:35:39 +02:00
stamparm
6fed1921ed
Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy)
2013-04-16 14:17:41 +02:00
stamparm
140cffbde2
Patch for an Issue #434
2013-04-15 15:57:28 +02:00
Miroslav Stampar
ed5599f489
In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority
2013-04-12 19:20:33 +02:00
stamparm
8c9da95343
Style and consistency update (url -> URL)
2013-04-09 11:48:42 +02:00
Miroslav Stampar
240e9f3f7e
Minor patch
2013-04-07 11:02:43 +02:00
Miroslav Stampar
df4fd82515
Minor update
2013-04-03 23:27:27 +02:00
Miroslav Stampar
c75a2d0c40
Minor patch
2013-04-03 21:31:37 +02:00
stamparm
e1ffdde532
Little cleaning a mess with url encoding and post hint types
2013-03-27 13:39:27 +01:00
Miroslav Stampar
c19a283434
Minor patch
2013-03-26 20:06:50 +01:00
stamparm
7accba4cf9
Minor update
2013-03-26 16:10:41 +01:00
stamparm
7447773237
Update for consistency (all other enums are using _ in between words)
2013-03-20 11:10:24 +01:00
Miroslav Stampar
8acf033715
Code refactoring
2013-03-19 19:24:14 +01:00
stamparm
6969874c02
Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values)
2013-03-19 10:52:37 +01:00
stamparm
e226006766
Trivial fix
2013-03-18 13:29:55 +01:00
stamparm
5e02bcbd58
Minor adjustment
2013-03-18 12:16:16 +01:00
Miroslav Stampar
eb08c8d752
Another update for an Issue #352
2013-03-13 19:42:22 +01:00
Miroslav Stampar
2f43c3eb9b
Minor fix (digest live test case) and some refactoring
2013-03-12 21:16:44 +01:00
Miroslav Stampar
84a5bdb9cf
Trivial cosmetics
2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9
Using binary data in dummy mode
2013-03-09 19:40:24 +01:00
Miroslav Stampar
62980d7d5a
Automatically decoding url encoded data in response
2013-03-05 17:32:10 +01:00
Miroslav Stampar
0e89cc62a2
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d
Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched)
2013-02-28 13:51:08 +01:00
stamparm
69063947b6
Debug message should go with logging.DEBUG
2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee
do not prompt constantly if the page is not found
2013-02-18 18:08:20 +00:00
Miroslav Stampar
11bcf28d86
Fix for an Issue #399
2013-02-15 10:04:13 +01:00
Bernardo Damele
4b9d8ed673
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f
make sure to use Python 2 interpreter when default system Python is version 3
2013-02-14 11:25:04 +00:00
Miroslav Stampar
a0b44da5d8
Minor fix for --threads>1 --binary-fields
2013-02-13 20:47:27 +01:00
Miroslav Stampar
d78a3e977b
Update (allowing regular char * to be inside SOAP/JSON/XML)
2013-02-13 12:24:42 +01:00
Miroslav Stampar
1d42aba01e
Minor update regarding 093a93938c
(for goStacked to work properly with stacked conditional payloads - e.g. proper suffix/prefix)
2013-02-12 17:35:14 +01:00
Miroslav Stampar
c34f6e25b2
Minor fix for --eval (urldecoded values should be used inside evaluation)
2013-02-12 17:01:47 +01:00
Bernardo Damele
2fa2f30d21
slighlty better, still not optimal
2013-02-06 17:45:52 +00:00
Bernardo Damele
b272b0574d
minor fix to reset partRun value - #297
2013-02-06 17:09:28 +00:00
Miroslav Stampar
62772125e3
Bug fix for HTTPSCertAuthHandler
2013-02-05 12:16:06 +01:00
Miroslav Stampar
6d942f92b5
Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))
2013-02-01 10:03:06 +01:00
Miroslav Stampar
f5844eabae
Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60
2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626
Update for an Issue #342 and #372
2013-01-31 10:01:52 +01:00
Miroslav Stampar
f41460f8d8
Better naming
2013-01-29 20:53:11 +01:00
Miroslav Stampar
a59ac8e27f
Trivial cosmetics
2013-01-29 16:30:38 +01:00
Miroslav Stampar
479f791112
Minor fix
2013-01-25 12:41:51 +01:00
Chris Frohoff
218a6a9695
fixed response header logging for header names with special chars
2013-01-23 11:10:25 -08:00
Miroslav Stampar
59b02539ca
More general approach regarding that last commit
2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07
Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query)
2013-01-22 11:29:51 +01:00
Miroslav Stampar
bb6b89fe93
Patch for an Issue #360
2013-01-19 18:06:36 +01:00
Miroslav Stampar
ac7709204a
Better fix for that page/headers/comparison --string candidate problem
2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985
Revert of previous commit (more care has to be done regarding headers dynamicity)
2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c
Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
2013-01-18 16:35:09 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Miroslav Stampar
17d36684b5
Removing obsolete proxy handling code (Python < 2.6)
2013-01-18 11:30:52 +01:00
Miroslav Stampar
e941e60b20
Minor just in place update for an Issue #348
2013-01-17 22:44:55 +01:00
Bernardo Damele
38eb4eb33e
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-17 21:03:11 +00:00
Bernardo Damele
b6e44ae64e
fix for #349 (compatible with all others DBMSes too)
2013-01-17 21:03:03 +00:00
Miroslav Stampar
a8e3fd58c5
Implementation for an Issue #348
2013-01-17 21:49:58 +01:00
Miroslav Stampar
8480ceddcb
Minor style update
2013-01-17 19:55:56 +01:00
Miroslav Stampar
f7eda07d92
Patch for an Issue #347
2013-01-17 15:30:14 +01:00
Miroslav Stampar
3ab4a5e36d
Fix for an Issue #345
2013-01-17 11:50:12 +01:00
Miroslav Stampar
14b7e655a9
Minor refactoring
2013-01-16 16:33:04 +01:00
Miroslav Stampar
fb7243c237
Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs
2013-01-16 16:04:00 +01:00
Bernardo Damele
e16ad38d3e
more work on #342
2013-01-15 18:15:07 +00:00
Bernardo Damele
329047fc12
restored fix for #210 to keep --hex work with --technique B
2013-01-15 17:51:40 +00:00
Bernardo Damele
2a751e075d
more work on #342
2013-01-15 17:14:44 +00:00
Bernardo Damele
4eaa0d17aa
Fix in forging query to calculate query output length - closes issue #342
2013-01-15 15:50:20 +00:00
Miroslav Stampar
5ee653dd89
Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson
2013-01-15 10:14:02 +01:00
Miroslav Stampar
03dd958d96
Implementation for an Issue #48
2013-01-13 16:22:43 +01:00
Miroslav Stampar
81848c723d
Minor cleanup (we officially support Python >= 2.6)
2013-01-11 16:01:48 +01:00
Miroslav Stampar
934d41dac2
Minor style update (PEP8)
2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Miroslav Stampar
5b77b20e2e
Removing trailing whitespaces (PEP8)
2013-01-03 23:57:07 +01:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Miroslav Stampar
127b880577
Minor update
2012-12-27 15:14:40 +01:00
Bernardo Damele
9149d77cc8
removed duplicate code - fixes issue #310
2012-12-19 12:17:56 +00:00
Bernardo Damele
dee56b17c3
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae
Debug message with declared page charset
2012-12-19 11:16:42 +01:00
Miroslav Stampar
2b64c10710
Patch for an Issue #304
2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922
Another implementation for an Issue #302
2012-12-17 15:08:54 +01:00
Miroslav Stampar
60baf5071e
Patch for an Issue #302
2012-12-17 00:40:01 +01:00
Miroslav Stampar
c41618416c
Removing trailing blanks
2012-12-14 12:00:45 +01:00
Miroslav Stampar
013dc8bc98
Another minor update for an Issue #267
2012-12-10 13:07:36 +01:00
Miroslav Stampar
8bd0080bf4
Minor update for an Issue #267
2012-12-10 13:05:41 +01:00
Miroslav Stampar
96df0ba061
Implemented support for plain , chars too (Issue #267 )
2012-12-10 12:58:17 +01:00
Miroslav Stampar
d0ea4c65c5
Minor styl eupdate for an Issue #267
2012-12-10 12:54:01 +01:00
Miroslav Stampar
5606a860ce
Oracle supports inline comments too (Issue #267 )
2012-12-10 12:00:15 +01:00
Miroslav Stampar
a024884ca7
Support for a HTTP parameter pollution (Issue #267 )
2012-12-10 11:55:31 +01:00
Miroslav Stampar
73968a448c
Minor update
2012-12-07 15:29:54 +01:00
Miroslav Stampar
e129a30e6b
Removing redundant code in redirect handler (related to an Issue #288 )
2012-12-07 12:40:19 +01:00
Miroslav Stampar
fccad15cfa
Minor update for an Issue #288
2012-12-07 12:14:33 +01:00
Miroslav Stampar
75e6d77fbc
Minor refactoring
2012-12-07 11:54:34 +01:00
Miroslav Stampar
fbaeecdaf9
Patch for an Issue #288
2012-12-07 11:52:21 +01:00
Miroslav Stampar
c0fc12beb2
Minor update for an Issue #288
2012-12-07 11:23:18 +01:00
Miroslav Stampar
974407396e
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448
Removed unused imports and variables (pyflake-ing)
2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46
Introducing 'new style classes' (idea from Pull request #284 )
2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c
Taking some goodies from Pull request #284
2012-12-06 10:21:53 +01:00
Miroslav Stampar
775e0df04b
Update for an Issue #278
2012-12-05 10:45:17 +01:00
Miroslav Stampar
79fca8e9d5
Fix for an Issue #268
2012-12-03 12:13:59 +01:00
Miroslav Stampar
605d73cc3d
Minor refactoring
2012-11-29 12:21:12 +01:00
Miroslav Stampar
c40dded28c
Fix for an Issue #250
2012-11-20 12:10:29 +01:00
Miroslav Stampar
5b3fe25211
Improving comparison engine (removing shared prelude part to further sharpen if pages are identical - especially noticable in small test pages)
2012-11-13 15:22:59 +01:00
Miroslav Stampar
a52dbc575b
Patch for an Issue #246
2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413
Patch for an Issue #235
2012-11-10 11:01:29 +01:00
Miroslav Stampar
359e734954
Minor refactoring
2012-10-29 10:48:49 +01:00
Miroslav Stampar
25a5073281
Bug fix for --hex/--technique=B (especially MsSQL)
2012-10-28 12:22:33 +01:00
Miroslav Stampar
c1b8226329
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863
Minor fix
2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b
Bug fix (in --dump mode if error/inband failed with None other techniques were ignored)
2012-10-27 23:42:52 +02:00
Miroslav Stampar
12fc9442b9
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)
2012-10-25 10:10:23 +02:00
Miroslav Stampar
b82eb3a1ae
Fix for an Issue #210
2012-10-23 13:58:25 +02:00
Miroslav Stampar
3f596cda85
Minor fix for --dump --technique=B when empty strings are returned
2012-10-22 11:49:23 +02:00
Miroslav Stampar
21481df239
Minor update for Issue #209
2012-10-21 19:00:37 +02:00
Miroslav Stampar
fb1497aa89
Minor update for Issue #209
2012-10-21 18:53:31 +02:00
Miroslav Stampar
261b286021
Fix for an Issue #209
2012-10-20 13:17:45 +02:00
Miroslav Stampar
6a271fe800
Update for an Issue #2
2012-10-19 11:29:03 +02:00
Miroslav Stampar
998eb70288
Minor update
2012-10-19 11:05:10 +02:00
Miroslav Stampar
987f167e12
Minor update
2012-10-19 11:03:54 +02:00
Miroslav Stampar
d65d9e25cd
Implementation for an Issue #2
2012-10-19 11:02:14 +02:00
Miroslav Stampar
688a2db27a
Fix for an Issue #208
2012-10-19 10:04:09 +02:00
Miroslav Stampar
b5060c0010
Fix for an Issue #205
2012-10-16 14:28:46 +02:00
Miroslav Stampar
2cb1b054bb
Implementation for an Issue #79
2012-10-16 12:32:58 +02:00
Miroslav Stampar
42b2c85517
Minor cosmetics
2012-10-15 18:45:13 +02:00
Miroslav Stampar
c7cf8b2e80
Minor refactoring of direct()
2012-10-15 18:41:41 +02:00
Miroslav Stampar
e440b096c5
Fix for an Issue #202
2012-10-15 12:24:30 +02:00
Miroslav Stampar
e61c4c22c9
Implementation for an Issue #200
2012-10-09 15:19:47 +02:00
Miroslav Stampar
5a91b6e622
Minor cleanup
2012-10-09 10:21:52 +02:00
Miroslav Stampar
8e7449ccd5
Minor update
2012-10-07 20:28:24 +02:00
Miroslav Stampar
ff205f088b
Minor update
2012-10-07 20:12:55 +02:00
Miroslav Stampar
098e446ca4
Adding support for generic XML POST data
2012-10-04 18:44:12 +02:00
Miroslav Stampar
f71b937add
Minor language cleanup
2012-10-04 18:28:36 +02:00
Miroslav Stampar
8865fe69d7
Minor cleanup
2012-10-04 18:26:07 +02:00
Miroslav Stampar
d464678e10
Minor update for an Issue #49
2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18
Better treating of numeric values (Issue #49 )
2012-10-04 16:08:37 +02:00
Miroslav Stampar
461e5ebc5f
Work for Issue #197 and Issue #49
2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5
Implementation for an Issue #49
2012-10-02 14:23:58 +02:00
Miroslav Stampar
763dc98311
Minor refactoring
2012-10-02 13:36:15 +02:00
Miroslav Stampar
a8aecaa036
Minor style update
2012-10-02 13:33:10 +02:00
Miroslav Stampar
687f3991de
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
2012-09-26 11:27:43 +02:00
Miroslav Stampar
ec43ceec40
Some more cleanup related to the last commit (unneeded manual crafting/unneeded closing with ;)
2012-09-25 14:29:22 +02:00
Miroslav Stampar
c9e7e71ea2
Implementation for an Issue #195
2012-09-25 10:17:25 +02:00
Miroslav Stampar
d175decdfc
Fix for an Issue #190
2012-09-22 20:59:40 +02:00
Miroslav Stampar
e570858db9
Implementation for an Issue #183
2012-09-12 11:50:38 +02:00
Miroslav Stampar
511c3b8dcc
Update and fix for an Issue #182
2012-09-11 14:58:52 +02:00
Miroslav Stampar
10b671d625
Update for an Issue #182
2012-09-11 12:08:34 +02:00
Miroslav Stampar
5d23d72ff5
Fix for an Issue #176
2012-09-08 17:58:03 +02:00
Miroslav Stampar
dbce417cdd
Potential fix for an Issue #171
2012-09-02 22:48:41 +02:00
Miroslav Stampar
b916db34a4
Another update for an Issue #79
2012-08-31 12:38:02 +02:00
Miroslav Stampar
47d162f391
Minor update (same but cleaner)
2012-08-31 12:27:40 +02:00
Miroslav Stampar
7286d89cb6
Few fixes for an Issue #79 (problem with case sensitivity of request get_header)
2012-08-31 12:15:09 +02:00
Miroslav Stampar
cdd3ed6abc
Minor bug fix
2012-08-30 14:22:18 +02:00
Miroslav Stampar
32a36f1ff3
El Cosmeticado
2012-08-22 09:58:39 +02:00
Miroslav Stampar
d421f9a618
Fix for an Issue #157
2012-08-21 14:34:19 +02:00
Miroslav Stampar
01f481c332
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Miroslav Stampar
b9c63eb908
Fix for an Issue #156
2012-08-21 10:46:29 +02:00
Miroslav Stampar
7a8ace78f9
Removing redundant newline char as logger already adds it's own
2012-08-21 09:58:40 +02:00
Miroslav Stampar
233b9a3815
Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those)
2012-08-20 22:17:39 +02:00
Miroslav Stampar
823dde73ab
Minor cleanup
2012-08-20 11:40:49 +02:00
Miroslav Stampar
76338add17
Fix for an Issue #152
2012-08-20 10:41:43 +02:00
Miroslav Stampar
fec8a5cc9d
Fix for an Issue #139
2012-08-07 00:50:58 +02:00
Miroslav Stampar
142fc887f1
Fix for an Issue #129
2012-07-31 11:03:44 +02:00
Miroslav Stampar
47073f4afd
Implementation of an Issue #131
2012-07-30 21:50:46 +02:00
Miroslav Stampar
a86f9798b2
Minor refactoring together with a wider support for html entities
2012-07-30 11:21:32 +02:00
Miroslav Stampar
07738004cc
Fix for an Issue #123
2012-07-27 10:02:47 +02:00
Miroslav Stampar
a5062c1e4f
Adding a warn message when --dns-domain is ignored (because of faster techniques)
2012-07-27 09:48:48 +02:00
Bernardo Damele
92c2b3bd4c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-26 23:11:11 +01:00
Bernardo Damele
d492291744
working on issue #12
2012-07-26 23:11:07 +01:00
Miroslav Stampar
efa99c4519
Implementation for an Issue #4
2012-07-26 14:07:05 +02:00
Miroslav Stampar
b3552494c4
Minor preparation for an Issue #48
2012-07-26 12:26:57 +02:00
Miroslav Stampar
30f8d09651
Implementation for an Issue #70
2012-07-26 12:06:02 +02:00
Miroslav Stampar
f8c9868cb6
Implementation for an Issue #118
2012-07-24 15:34:50 +02:00
Miroslav Stampar
1153b4563c
Minor update for an Issue #111
2012-07-23 18:44:50 +02:00
Miroslav Stampar
fccd69721e
Update for an Issue #111
2012-07-23 18:38:46 +02:00
Miroslav Stampar
ab9cb80602
Implementing Issue #111
2012-07-23 15:14:52 +02:00
Miroslav Stampar
63bf99ce77
Minor just in case update for an Issue #117
2012-07-23 14:46:43 +02:00
Miroslav Stampar
c6b724489b
Minor style update
2012-07-23 14:26:42 +02:00
Miroslav Stampar
a7d1a0c250
Implementation for an Issue #117
2012-07-23 14:14:22 +02:00
Miroslav Stampar
534eccc9aa
Fix for an Issue #115
2012-07-23 10:16:47 +02:00
Miroslav Stampar
f336afa913
Implementation for Issue #108
2012-07-20 09:48:09 +02:00
Miroslav Stampar
81d15e5051
Fix for an Issue #101
2012-07-17 00:19:33 +02:00
Miroslav Stampar
0e21cb54de
Minor fix related to Issue #94
2012-07-16 16:06:39 +02:00
Miroslav Stampar
87ecf205cb
More work for Issue #66
2012-07-14 17:01:04 +02:00
Miroslav Stampar
805120ac52
Minor refactoring
2012-07-14 11:01:30 +02:00
Miroslav Stampar
ddb9caeef1
Revert of the previous commit
2012-07-13 15:05:19 +02:00
Miroslav Stampar
d165d5d5fe
To not be confused with heuristic method in SQLi
2012-07-13 15:03:43 +02:00
Miroslav Stampar
3c81f74823
Minor style update
2012-07-13 12:22:37 +02:00
Miroslav Stampar
d834e8debf
Minor update
2012-07-13 10:28:03 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Bernardo Damele
ea9c66108e
cleanup for issue #68
2012-07-12 15:38:43 +01:00
Miroslav Stampar
65639cdda6
First update for Issue #75 (error-based dumping)
2012-07-12 14:31:28 +02:00
Bernardo Damele
33cbbed4a8
I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided
2012-07-12 01:39:15 +01:00
Bernardo Damele
3a94953ae2
leftover from previous commit
2012-07-12 01:15:34 +01:00
Bernardo Damele
31571e6e2d
minor refactoring
2012-07-11 11:55:05 +01:00
Miroslav Stampar
9c4a62f725
Some work on Issue #68
2012-07-11 11:58:47 +02:00
Miroslav Stampar
2669528b24
Language typo
2012-07-07 11:16:33 +02:00
Miroslav Stampar
e948e4d45b
Some more refactoring
2012-07-06 17:18:22 +02:00
Bernardo Damele
6697927098
initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap
2012-07-02 02:04:19 +01:00
Bernardo Damele
7b4ecd9df0
added skeleton code for issue #34 , still not usable
2012-07-02 00:22:34 +01:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
01be9381d5
minor update
2012-06-25 16:24:33 +00:00
Miroslav Stampar
ec44e88db8
lots of refactoring regarding removal of already obsolete session file mechanism
2012-06-21 10:09:10 +00:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Miroslav Stampar
3a90105fbb
minor refactoring
2012-06-14 13:38:53 +00:00
Miroslav Stampar
4ac3794e80
minor update
2012-06-12 14:22:14 +00:00
Miroslav Stampar
738073105e
minor updates
2012-06-04 19:52:51 +00:00
Miroslav Stampar
7b282b1d6c
adding support for newer SSL protocols
2012-06-04 19:46:28 +00:00
Miroslav Stampar
76a4aa19ac
some more fine tunning
2012-05-28 19:50:12 +00:00
Miroslav Stampar
efb406fbfc
minor revert
2012-05-28 19:13:50 +00:00
Miroslav Stampar
f7cba8d2cb
minor update
2012-05-28 18:05:15 +00:00
Miroslav Stampar
a72cb29c1f
taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server
2012-05-28 16:57:10 +00:00
Miroslav Stampar
89e90c3d84
revert of last commit
2012-05-28 15:01:56 +00:00
Miroslav Stampar
96c84e6e5b
minor update
2012-05-28 15:00:06 +00:00
Miroslav Stampar
a70a647aeb
few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)
2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
2012-05-28 14:15:04 +00:00
Miroslav Stampar
226547b7dc
minor fix for --skip-urlencode and custom post
2012-05-28 09:04:25 +00:00
Miroslav Stampar
e967bbd70f
minor patch
2012-05-27 21:44:42 +00:00
Miroslav Stampar
fed0212631
now working with recursive queries too
2012-05-27 10:03:02 +00:00
Miroslav Stampar
09f2144485
full page read is not needed in DNS exfiltration mode
2012-05-26 21:28:43 +00:00
Miroslav Stampar
c394610740
adding switch --skip-urlencode to skip URL encoding of POST data
2012-05-24 23:30:33 +00:00
Miroslav Stampar
2538e2d5b4
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
2012-05-22 09:33:22 +00:00
Miroslav Stampar
333f8057a5
minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces
2012-05-14 14:06:43 +00:00
Miroslav Stampar
12d32f58f2
fix for that SOAP reported bug
2012-05-10 13:39:54 +00:00
Miroslav Stampar
fdf61015ad
minor patch
2012-05-09 08:41:05 +00:00
Miroslav Stampar
6af110d631
avoiding --no-cast/--hex warning message before a DBMS is fingerprinted
2012-05-08 14:06:41 +00:00
Miroslav Stampar
775134639d
minor update
2012-04-20 20:33:15 +00:00
Miroslav Stampar
6ebb621228
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
2012-04-17 14:23:00 +00:00
Miroslav Stampar
052d9455fe
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
2012-04-12 09:44:54 +00:00
Miroslav Stampar
119eec3598
improving "boolean detection" by automatic recognition of convenient --string candidate
2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9
adding support for PgSQL DNS data exfiltration
2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5
minor refactoring
2012-04-05 12:55:26 +00:00
Miroslav Stampar
e0994947e2
minor update
2012-04-04 23:37:50 +00:00
Miroslav Stampar
b1dd03731a
minor cosmetics
2012-04-04 23:34:08 +00:00
Miroslav Stampar
c89a4162e2
bug fix for --dns-domain with --technique=TS
2012-04-04 18:01:39 +00:00
Miroslav Stampar
098c7c06dd
added few comments
2012-04-04 13:24:58 +00:00
Miroslav Stampar
a4b95ab7dd
works against MySQL/Windows
2012-04-04 12:49:45 +00:00
Bernardo Damele
c0946ce2c9
Minor refactoring
2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895
more cosmetics
2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184
layout adjustments
2012-04-04 12:27:24 +00:00
Miroslav Stampar
503988887c
minor update
2012-04-03 10:43:46 +00:00
Miroslav Stampar
2504f4edb8
minor fixes
2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f
minor improvements regarding data retrieval through DNS channel
2012-04-03 09:18:30 +00:00
Miroslav Stampar
1cd3c3f7af
further update of DNS data retrieval mechanism through SQLi
2012-04-02 14:05:30 +00:00
Miroslav Stampar
abffc39929
minor update regarding DNS data retrieval task
2012-04-02 12:22:40 +00:00
Miroslav Stampar
429b8396e9
minor update for DNSServer support
2012-03-30 13:20:29 +00:00
Miroslav Stampar
6acf6b193a
minor update regarding boolean logic comparison mechanism
2012-03-30 09:42:58 +00:00
Miroslav Stampar
5469186540
minor comment update
2012-03-29 14:35:47 +00:00
Miroslav Stampar
637a8d8273
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd
disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code
2012-03-29 13:39:12 +00:00
Miroslav Stampar
60146481af
bug fix(es) (flags were used in place of count parameter in re.sub() calls)
2012-03-28 19:33:00 +00:00
Miroslav Stampar
7d131d1fb1
minor update
2012-03-28 13:46:31 +00:00
Miroslav Stampar
769b0d0ae7
more minor updates regarding data retrieval through DNS channel
2012-03-27 19:29:24 +00:00
Miroslav Stampar
1b072f6415
laying foundation for DNS based data retrieval
2012-03-27 18:59:12 +00:00
Miroslav Stampar
e88687b1f0
revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection)
2012-03-21 23:15:59 +00:00
Miroslav Stampar
524c1d38ad
making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message)
2012-03-21 23:03:57 +00:00
Miroslav Stampar
037db9b3b8
minor removal of older stuff
2012-03-19 09:38:27 +00:00
Miroslav Stampar
da7f4eeffd
removing left over
2012-03-18 17:33:14 +00:00
Miroslav Stampar
0fc4288a7c
modifying redirection code for only two choices
2012-03-18 17:27:08 +00:00
Bernardo Damele
c03d0e24fb
it must stay as is
2012-03-16 17:42:00 +00:00
Bernardo Damele
3505503a08
no need to return here
2012-03-16 17:30:16 +00:00
Bernardo Damele
942d9e4fa8
code cleanup
2012-03-16 17:27:24 +00:00
Bernardo Damele
a1c943fc79
Major bug fix to comparison algorithm with OR based boolean-based injections
2012-03-16 17:22:55 +00:00
Miroslav Stampar
577caac4de
putting kb.negativeLogic setting to the safe place
2012-03-16 09:17:11 +00:00
Miroslav Stampar
209e795369
minor just in case update
2012-03-16 09:02:17 +00:00
Miroslav Stampar
adb5fff6b2
one more update related to the redirection mechanism
2012-03-15 20:17:40 +00:00
Miroslav Stampar
7d313ac911
few more fixes for proper redirecting mechanism
2012-03-15 19:47:59 +00:00
Bernardo Damele
86c4650058
Minor bug fix - revert
2012-03-15 17:12:24 +00:00
Bernardo Damele
cc15373769
More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later)
2012-03-15 16:29:28 +00:00
Bernardo Damele
4520744b4d
second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now
2012-03-15 16:25:26 +00:00
Miroslav Stampar
ddd92476a8
minor fix
2012-03-15 15:58:25 +00:00
Miroslav Stampar
19beb912fa
first step toward negative logic support
2012-03-15 15:52:12 +00:00
Miroslav Stampar
8dd570057b
minor fix (double traffic log for -t in case of HTTP error)
2012-03-15 14:51:16 +00:00
Miroslav Stampar
f7df755f37
minor update
2012-03-15 12:55:22 +00:00
Miroslav Stampar
3d39c6cb3b
some fixes here and there
2012-03-15 12:14:50 +00:00
Miroslav Stampar
91f1d6141f
minor fix
2012-03-15 11:24:55 +00:00
Miroslav Stampar
a8c9a47092
redirect logic rewritten from scratch
2012-03-15 11:10:58 +00:00
Miroslav Stampar
52a8b25ff4
minor fix
2012-03-14 14:31:41 +00:00
Miroslav Stampar
a7fbc55748
grammar fix
2012-03-13 22:03:23 +00:00
Miroslav Stampar
edfcddd3c3
minor fix for logging only cookies used by request (e.g. --load-cookies case)
2012-03-13 10:58:15 +00:00
Miroslav Stampar
34b0935cb3
refactoring "echo 1" quick test for xp_cmdshell console output
2012-03-13 10:36:49 +00:00
Miroslav Stampar
e6c610abab
minor fix
2012-03-13 09:14:56 +00:00
Miroslav Stampar
48bcde478e
more general update
2012-03-12 15:29:55 +00:00
Miroslav Stampar
1d0c8a7f44
minor update
2012-03-12 15:19:02 +00:00
Miroslav Stampar
5a83f1c5f7
minor update
2012-03-08 15:43:22 +00:00
Miroslav Stampar
cd28eb6544
minor update regarding --load-cookies
2012-03-08 10:19:34 +00:00
Miroslav Stampar
1ec56f93ec
minor update
2012-03-01 10:10:19 +00:00
Miroslav Stampar
a424de3102
minor fix
2012-02-27 12:55:28 +00:00
Miroslav Stampar
1e82405bb9
HashDB is now supported in -d too
2012-02-27 12:14:01 +00:00
Miroslav Stampar
f94b91ad87
added helper function for HashDB data storing/retrieval
2012-02-24 13:07:20 +00:00
Miroslav Stampar
0478e4166a
minor justin case fix
2012-02-23 15:19:20 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
dcf7277a0f
some more refactorings
2012-02-16 14:42:28 +00:00
Miroslav Stampar
e1f86c97c4
minor refactoring
2012-02-16 09:46:41 +00:00
Bernardo Damele
1c44d6d3c7
Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d
2012-02-14 17:29:00 +00:00
Miroslav Stampar
85a4ef6593
minor update
2012-02-08 12:00:03 +00:00
Miroslav Stampar
e50d64546f
minor fix
2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3
just a makeup
2012-02-07 12:05:23 +00:00
Miroslav Stampar
f7bf1fbe94
upgrade/fixes for direct DBMS access
2012-02-07 10:46:55 +00:00
Miroslav Stampar
af71e3c563
minor update
2012-02-06 09:48:44 +00:00
Miroslav Stampar
a7970d094a
minor update
2012-02-01 15:10:06 +00:00
Miroslav Stampar
8405ef59ac
some estetic updates
2012-02-01 14:49:42 +00:00
Miroslav Stampar
594579bef4
fix for a bug regarding --cookie and --crawl
2012-01-30 09:17:22 +00:00
Miroslav Stampar
2094c715db
minor update
2012-01-23 09:44:17 +00:00
Miroslav Stampar
527ce070a3
minor fix
2012-01-16 10:04:18 +00:00
Miroslav Stampar
e5fe029a78
minor beautification
2012-01-13 21:03:50 +00:00
Miroslav Stampar
6634c4ac20
minor update
2012-01-13 21:01:58 +00:00
Bernardo Damele
e59ace5409
minor bug fix
2012-01-13 16:57:45 +00:00
Miroslav Stampar
dd295bbd4a
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2
implemented mechanism for merging cookies by request
2012-01-11 14:28:08 +00:00
Miroslav Stampar
18930539cd
more concise language
2012-01-07 17:45:45 +00:00
Miroslav Stampar
40398f358c
minor update
2012-01-05 14:55:23 +00:00
Miroslav Stampar
1f085a0241
now [SLEEPTIME] is changeable properly in vivo
2012-01-05 14:45:05 +00:00
Miroslav Stampar
ea87c89c25
minor fix
2012-01-03 23:44:56 +00:00
Miroslav Stampar
63bc4ce116
minor patch
2011-12-30 14:11:02 +00:00
Miroslav Stampar
c20546dcaa
minor refactoring
2011-12-26 12:24:39 +00:00
Miroslav Stampar
9f68e54fff
minor cleanup
2011-12-22 10:59:28 +00:00
Miroslav Stampar
4a1a0773b7
speedup of UNION dumping
2011-12-22 10:44:14 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
95cd9e2af3
adding support for scanning Host header values (-p host)
2011-12-20 12:52:41 +00:00
Miroslav Stampar
1b16b5e0f1
minor fix
2011-12-20 09:10:44 +00:00
Miroslav Stampar
c57941c102
minor beautification
2011-12-15 23:33:44 +00:00
Miroslav Stampar
563c0c1066
adding switch --tor-type
2011-12-15 23:19:55 +00:00
Miroslav Stampar
c98f5f6f94
minor fix
2011-12-15 09:28:58 +00:00
Miroslav Stampar
e6820ebbd2
minor update
2011-12-14 10:26:03 +00:00
Miroslav Stampar
364113441b
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
2011-12-14 10:19:45 +00:00
Miroslav Stampar
73a500833d
minor bug fix
2011-12-12 14:38:06 +00:00
Miroslav Stampar
0f5d48ff20
minor update
2011-12-05 09:25:56 +00:00
Miroslav Stampar
9bc735963b
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))
2011-12-04 22:42:19 +00:00
Miroslav Stampar
b03a5e8928
people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value
2011-12-01 13:30:47 +00:00
Miroslav Stampar
872a73f631
minor refactoring
2011-11-29 19:17:07 +00:00
Miroslav Stampar
3cd8f47686
minor bug fix
2011-11-29 17:17:06 +00:00
Miroslav Stampar
d958c2fe48
minor fix
2011-11-28 11:21:39 +00:00
Miroslav Stampar
ba4234dc42
switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)
2011-11-23 21:17:08 +00:00
Miroslav Stampar
2e10de8921
minor update
2011-11-22 12:18:24 +00:00
Miroslav Stampar
2ed3efba12
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
2011-11-22 08:39:13 +00:00
Miroslav Stampar
4fa24ec704
minor improvement
2011-11-21 17:39:18 +00:00
Miroslav Stampar
65b2b0ad87
adding switch --eval
2011-11-21 16:41:02 +00:00
Miroslav Stampar
df0b451389
minor update
2011-11-20 23:17:57 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
b888829d12
minor update
2011-11-14 11:39:18 +00:00
Miroslav Stampar
ccbd93cc2e
fix for redirect/HOST header bug
2011-11-11 11:28:27 +00:00
Miroslav Stampar
1061c06617
improvement of redirecting code
2011-11-11 11:07:49 +00:00
Miroslav Stampar
e183437f0b
minor typo
2011-11-10 10:30:53 +00:00
Miroslav Stampar
62f8f8d36c
bug fix (thanks to zhen zhou)
2011-11-10 10:22:35 +00:00
Miroslav Stampar
c1486ed4be
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
2011-10-25 09:53:44 +00:00
Miroslav Stampar
6d64f87190
minor update
2011-10-24 00:46:54 +00:00
Miroslav Stampar
1f7d87c6a4
bug fix for --code (previously redirecting codes where not considered)
2011-10-23 20:48:37 +00:00
Miroslav Stampar
77e630d89e
replaced longer CHAR form of escaped MySQL strings with more compact hex form
2011-10-23 20:19:42 +00:00
Miroslav Stampar
3f0517d3f3
support for non-latin (e.g. cyrillic) URLs
2011-10-23 17:02:48 +00:00
Miroslav Stampar
0db0571f35
minor patch
2011-10-21 09:06:00 +00:00
Miroslav Stampar
dd0ed5f5da
adding redirect response to the traffic file
2011-09-28 08:13:46 +00:00
Miroslav Stampar
34738129c9
minor update
2011-09-25 21:27:58 +00:00
Miroslav Stampar
e0f521cf9d
minor update regarding --randomize
2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a
implemented --randomize switch by request
2011-08-29 12:50:52 +00:00
Miroslav Stampar
75ec146224
minor beautification
2011-08-17 21:17:02 +00:00
Miroslav Stampar
600ef3eace
minor patch
2011-08-16 06:22:04 +00:00
Bernardo Damele
702ed73a65
Added --code switch to match in boolean-based tests against the HTTP response code
2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33
Search for --string and --regexp matches also in HTTP response headers
2011-08-12 15:33:37 +00:00
Bernardo Damele
5e5133b8e7
Should be fixed now
2011-08-12 15:00:11 +00:00
Bernardo Damele
1505cb2a80
typo
2011-08-12 14:51:39 +00:00
Bernardo Damele
702ca22d54
Minor bug fix for URI injections
2011-08-12 14:48:44 +00:00
Bernardo Damele
28bba9f5e6
More verbose warning message
2011-08-12 13:47:38 +00:00
Miroslav Stampar
10bdd90e60
minor speed optimizations (as a result of profiling)
2011-08-12 13:40:37 +00:00
Miroslav Stampar
0643ced651
minor update
2011-08-02 08:12:43 +00:00
Miroslav Stampar
6bbb8139a0
update (smaller memory footprint in postprocessing phase because of safecharencode part)
2011-07-25 20:40:31 +00:00
Miroslav Stampar
2033a28ae7
minor update regarding last commit (cleaner code)
2011-07-24 20:44:17 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Miroslav Stampar
a46b5230f5
minor "patch"
2011-07-11 20:33:16 +00:00
Miroslav Stampar
98958f8808
minor minor update
2011-07-10 15:41:45 +00:00
Miroslav Stampar
02bfd05b20
more general approach
2011-07-08 10:03:14 +00:00
Miroslav Stampar
ba2c06c9dc
quick fix
2011-07-08 09:01:32 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
93b296e02c
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
2011-07-06 05:44:47 +00:00
Miroslav Stampar
75524c283d
minor update
2011-06-27 21:59:31 +00:00
Miroslav Stampar
831f083223
minor update
2011-06-27 21:38:12 +00:00
Miroslav Stampar
e9286ddd5b
fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
...
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
e76cb19e35
minor patch
2011-06-22 09:11:12 +00:00
Miroslav Stampar
b16b92fe46
minor update
2011-06-21 20:59:34 +00:00
Miroslav Stampar
2220afbdf5
fix by request
2011-06-21 20:50:16 +00:00
Miroslav Stampar
bdb530da1f
minor update
2011-06-19 10:11:27 +00:00
Miroslav Stampar
d5bc149636
made changes by buawig request (504 is treated as a classical timeout)
2011-06-19 09:57:41 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Miroslav Stampar
0c9fa5c550
fix
2011-06-17 17:12:47 +00:00
Miroslav Stampar
043f2f92c1
minor update
2011-06-17 17:10:52 +00:00
Miroslav Stampar
c9a6aad5c3
minor fix by request
2011-06-17 16:58:50 +00:00
Miroslav Stampar
0990f16f7f
minor update for invalid cases like 'iso-8859-1 (western europe)'
2011-06-12 08:36:21 +00:00
Miroslav Stampar
f8dde2c23b
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
2011-06-10 23:18:43 +00:00