Miroslav Stampar
|
6448d3caf4
|
Implementing support for csrfcookie (Issue #2)
|
2014-10-24 09:37:51 +02:00 |
|
Miroslav Stampar
|
abbd352392
|
Support for X-CSRF-TOKEN header (Issue #2)
|
2014-10-23 14:33:22 +02:00 |
|
Miroslav Stampar
|
01f4b76817
|
Minor update for the Issue #2
|
2014-10-23 14:03:44 +02:00 |
|
Miroslav Stampar
|
7143e61619
|
Minor update
|
2014-10-23 14:00:53 +02:00 |
|
Miroslav Stampar
|
780dbd1c64
|
Update for an Issue #2
|
2014-10-23 11:42:30 +02:00 |
|
Miroslav Stampar
|
fc1b05bec9
|
Implementation for an Issue #2
|
2014-10-23 11:23:53 +02:00 |
|
Miroslav Stampar
|
a2f578dbf4
|
Patch to also include JSON array elements into automatic recognition
|
2014-10-22 10:28:10 +02:00 |
|
Miroslav Stampar
|
f94ac8c69d
|
Second patch related to the Issue #846
|
2014-10-09 15:21:26 +02:00 |
|
Miroslav Stampar
|
7e40890f32
|
Patch for an Issue #815
|
2014-09-01 16:16:12 +02:00 |
|
Miroslav Stampar
|
d5d01e91ad
|
Warning message
|
2014-08-30 22:15:14 +02:00 |
|
Miroslav Stampar
|
79a66ef22c
|
Minor patch
|
2014-07-06 09:09:44 +02:00 |
|
Miroslav Stampar
|
1eecabaea8
|
Patch for an Issue #746
|
2014-07-02 10:11:31 +02:00 |
|
Miroslav Stampar
|
54be398e83
|
Patch for an Issue #711
|
2014-06-04 16:35:07 +02:00 |
|
Miroslav Stampar
|
27ebc02535
|
Minor fix (user reported problem via email)
|
2014-05-29 09:33:14 +02:00 |
|
Miroslav Stampar
|
2a55f75f86
|
Using a more generic XML recognition regex
|
2014-04-30 21:25:45 +02:00 |
|
Miroslav Stampar
|
ef5ce7e66c
|
Fix for an Issue #670
|
2014-04-12 17:22:47 +02:00 |
|
Miroslav Stampar
|
106102bd3c
|
Fix for an Issue #648
|
2014-03-21 20:28:29 +01:00 |
|
Miroslav Stampar
|
6369a38ebc
|
Adding support for JSON-like data with single quote
|
2014-02-26 08:56:17 +01:00 |
|
Miroslav Stampar
|
465f968be6
|
Minor cosmetic update
|
2014-02-26 08:41:23 +01:00 |
|
Bernardo Damele
|
43a4e85749
|
updated copyright
|
2014-01-13 17:24:49 +00:00 |
|
Miroslav Stampar
|
d84ddf23bd
|
Replacing os.sep constructs with os.path.join
|
2013-11-12 14:08:41 +01:00 |
|
Miroslav Stampar
|
b8d49c2ea2
|
Minor usability patch
|
2013-10-12 20:41:25 +02:00 |
|
Miroslav Stampar
|
98d27ef200
|
Bug fix (missing permissions when creating dump directory)
|
2013-10-11 21:17:12 +02:00 |
|
Miroslav Stampar
|
4cf49bc0cc
|
Minor fix for an Issue #517
|
2013-09-05 09:22:11 +02:00 |
|
Miroslav Stampar
|
b17bb07301
|
Minor regex update
|
2013-09-04 19:28:59 +02:00 |
|
Miroslav Stampar
|
bf57f636a3
|
Fix for an Issue #517
|
2013-09-04 19:22:24 +02:00 |
|
stamparm
|
e28b056028
|
Dummy fix
|
2013-05-29 14:26:00 +02:00 |
|
Miroslav Stampar
|
f3f752d85c
|
Patch for an Issue #452
|
2013-05-25 18:52:59 +02:00 |
|
stamparm
|
3e65037a05
|
Introducing lib/utils/sqlalchemy.py (Issue #361)
|
2013-04-15 10:33:25 +02:00 |
|
Miroslav Stampar
|
0b449bb1d9
|
Fix for an Issue #433
|
2013-04-10 19:33:31 +02:00 |
|
stamparm
|
f67148a9a4
|
Update for an Issue #431
|
2013-04-10 16:43:57 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
Miroslav Stampar
|
7614c815ed
|
Minor update/patch
|
2013-04-07 21:32:03 +02:00 |
|
stamparm
|
0882fe0ce3
|
Minor update related to the last two
|
2013-03-26 16:04:56 +01:00 |
|
stamparm
|
eb1bfc20cb
|
Update related to the last commit
|
2013-03-26 15:36:44 +01:00 |
|
stamparm
|
2fe6aea0eb
|
Minor fix
|
2013-03-26 15:07:14 +01:00 |
|
stamparm
|
7447773237
|
Update for consistency (all other enums are using _ in between words)
|
2013-03-20 11:10:24 +01:00 |
|
Bernardo Damele
|
4727589135
|
code consistency
|
2013-02-15 00:17:13 +00:00 |
|
Miroslav Stampar
|
368a2fd297
|
Fix for an Issue #393
|
2013-02-14 16:18:16 +01:00 |
|
Miroslav Stampar
|
f97f575018
|
Trivial restyling
|
2013-02-14 15:41:27 +01:00 |
|
Miroslav Stampar
|
605c5b089e
|
Minor style update
|
2013-02-14 15:38:44 +01:00 |
|
Miroslav Stampar
|
06d8547916
|
Implementation for an Issue #394
|
2013-02-14 15:38:44 +01:00 |
|
Miroslav Stampar
|
7944684ff2
|
This was supposed to be a separate commit (going to commit it in next one)
|
2013-02-14 15:38:44 +01:00 |
|
Miroslav Stampar
|
6c0054bc5f
|
Putting that ugly parameter xyz is not inside the Cookie into the debug messages
|
2013-02-14 15:38:44 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Miroslav Stampar
|
d78a3e977b
|
Update (allowing regular char * to be inside SOAP/JSON/XML)
|
2013-02-13 12:24:42 +01:00 |
|
Miroslav Stampar
|
7c802ed8cc
|
Minor fix
|
2013-02-13 11:14:45 +01:00 |
|
Miroslav Stampar
|
c2672e78fc
|
Support for multiple injection marks inside the same header value (Issue #48)
|
2013-02-12 12:06:13 +01:00 |
|
Miroslav Stampar
|
15b0ab1b44
|
Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...'
|
2013-01-22 14:08:19 +01:00 |
|
Miroslav Stampar
|
9ce2395405
|
Minor refactoring
|
2013-01-19 18:40:44 +01:00 |
|
Miroslav Stampar
|
bb6b89fe93
|
Patch for an Issue #360
|
2013-01-19 18:06:36 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Miroslav Stampar
|
a38b3e397c
|
Patch for an Issue #286
|
2013-01-17 14:17:39 +01:00 |
|
Miroslav Stampar
|
03dd958d96
|
Implementation for an Issue #48
|
2013-01-13 16:22:43 +01:00 |
|
Miroslav Stampar
|
ec4e49d771
|
Minor refactoring
|
2013-01-10 16:09:28 +01:00 |
|
Miroslav Stampar
|
acfeeb4f51
|
Restyling old form of urlparse
|
2013-01-10 15:41:07 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
0795760255
|
Minor fix
|
2012-12-30 11:22:23 +01:00 |
|
Miroslav Stampar
|
1f7644a691
|
Minor fix when user doesn't want custom injection char marker to be processed
|
2012-12-08 21:23:30 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
6f7f9dd8eb
|
Patch for an Issue #242
|
2012-11-13 10:41:13 +01:00 |
|
Miroslav Stampar
|
a52dbc575b
|
Patch for an Issue #246
|
2012-11-13 10:21:11 +01:00 |
|
Miroslav Stampar
|
181c3534f0
|
Patch for an Issue #237
|
2012-11-08 19:16:37 +01:00 |
|
Miroslav Stampar
|
1ee0d9ce5e
|
Fix for an Issue #229
|
2012-11-05 15:58:54 +01:00 |
|
Miroslav Stampar
|
a9094a35fe
|
Fix for an Issue #227
|
2012-10-30 00:20:49 +01:00 |
|
Miroslav Stampar
|
4365c48e83
|
Minor style update
|
2012-10-23 14:38:24 +02:00 |
|
Miroslav Stampar
|
06f226c494
|
Fix for an Issue #211
|
2012-10-23 14:37:45 +02:00 |
|
Miroslav Stampar
|
2cb1b054bb
|
Implementation for an Issue #79
|
2012-10-16 12:32:58 +02:00 |
|
Miroslav Stampar
|
098e446ca4
|
Adding support for generic XML POST data
|
2012-10-04 18:44:12 +02:00 |
|
Miroslav Stampar
|
d464678e10
|
Minor update for an Issue #49
|
2012-10-04 18:01:42 +02:00 |
|
Miroslav Stampar
|
84b05e2d18
|
Better treating of numeric values (Issue #49)
|
2012-10-04 16:08:37 +02:00 |
|
Miroslav Stampar
|
31aa9be1c7
|
Minor update
|
2012-10-04 15:40:11 +02:00 |
|
Miroslav Stampar
|
5d2b534908
|
Minor update (Issue #49)
|
2012-10-04 15:23:01 +02:00 |
|
Miroslav Stampar
|
5b59b6feb4
|
Removing junk part
|
2012-10-04 12:09:09 +02:00 |
|
Miroslav Stampar
|
d570e25b1b
|
Minor workflow update
|
2012-10-04 12:05:59 +02:00 |
|
Miroslav Stampar
|
eddc634ceb
|
Minor improvement (custom injection marks are now processed in order of appearance)
|
2012-10-04 11:52:40 +02:00 |
|
Miroslav Stampar
|
461e5ebc5f
|
Work for Issue #197 and Issue #49
|
2012-10-04 11:25:44 +02:00 |
|
Miroslav Stampar
|
bcbf0571a5
|
Implementation for an Issue #49
|
2012-10-02 14:23:58 +02:00 |
|
Miroslav Stampar
|
9a1fbb8941
|
Fix for an Issue #185
|
2012-09-13 14:22:26 +02:00 |
|
Miroslav Stampar
|
a64438fb5c
|
Minor language update
|
2012-09-11 19:45:40 +02:00 |
|
Miroslav Stampar
|
05dced5418
|
Minor language update
|
2012-09-11 19:43:03 +02:00 |
|
Miroslav Stampar
|
33980adaef
|
Another update for an Issue #79
|
2012-08-31 12:46:38 +02:00 |
|
Miroslav Stampar
|
2806185989
|
Minor refactoring
|
2012-08-31 10:43:06 +02:00 |
|
Miroslav Stampar
|
74a5d41272
|
Minor update for an Issue #79
|
2012-08-31 10:24:47 +02:00 |
|
Miroslav Stampar
|
59078bb1b8
|
Fix for an Issue #154
|
2012-08-20 10:05:13 +02:00 |
|
Miroslav Stampar
|
f358ab2e73
|
Implementation of an Issue #147
|
2012-08-15 16:37:18 +02:00 |
|
Miroslav Stampar
|
f797a6d813
|
Fix for an Issue #125
|
2012-07-31 13:06:45 +02:00 |
|
Miroslav Stampar
|
142fc887f1
|
Fix for an Issue #129
|
2012-07-31 11:03:44 +02:00 |
|
Miroslav Stampar
|
b3552494c4
|
Minor preparation for an Issue #48
|
2012-07-26 12:26:57 +02:00 |
|
Miroslav Stampar
|
805120ac52
|
Minor refactoring
|
2012-07-14 11:01:30 +02:00 |
|
Miroslav Stampar
|
3c81f74823
|
Minor style update
|
2012-07-13 12:22:37 +02:00 |
|
Miroslav Stampar
|
6ade007aec
|
Minor update of language
|
2012-07-13 12:13:04 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
a525dd4336
|
Fix for Issue #72
|
2012-07-07 19:02:46 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
ec44e88db8
|
lots of refactoring regarding removal of already obsolete session file mechanism
|
2012-06-21 10:09:10 +00:00 |
|
Miroslav Stampar
|
302d782a0f
|
minor style update
|
2012-06-19 08:33:51 +00:00 |
|
Miroslav Stampar
|
f94ebe3107
|
minor fix (credentials were only set for the first target)
|
2012-06-04 22:30:12 +00:00 |
|
Miroslav Stampar
|
6ebb621228
|
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
|
2012-04-17 14:23:00 +00:00 |
|
Miroslav Stampar
|
efd27d7ade
|
minor renaming
|
2012-04-17 08:41:19 +00:00 |
|
Miroslav Stampar
|
cbdcbdd786
|
minor minor update
|
2012-03-16 11:18:18 +00:00 |
|
Miroslav Stampar
|
cda8815634
|
introducing safe deprecation mechanism for HashDB versioning
|
2012-03-12 22:55:57 +00:00 |
|
Miroslav Stampar
|
11c7cc5224
|
minor temporary fix
|
2012-03-08 11:08:43 +00:00 |
|
Miroslav Stampar
|
cd28eb6544
|
minor update regarding --load-cookies
|
2012-03-08 10:19:34 +00:00 |
|
Miroslav Stampar
|
f142c0f782
|
minor update
|
2012-02-28 14:04:13 +00:00 |
|
Miroslav Stampar
|
a9bf0297f6
|
moving injection data to HashDB
|
2012-02-27 13:44:07 +00:00 |
|
Miroslav Stampar
|
85125018a1
|
minor bug fix
|
2012-02-25 22:54:32 +00:00 |
|
Miroslav Stampar
|
06ab3fa134
|
minor update
|
2012-02-25 10:53:38 +00:00 |
|
Miroslav Stampar
|
74b19a0386
|
minor update
|
2012-02-25 10:43:10 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
22c3fe49bb
|
some refactoring
|
2011-12-28 13:50:03 +00:00 |
|
Miroslav Stampar
|
f622995a29
|
compatibility with partial union and error technique resumed data
|
2011-12-22 12:20:21 +00:00 |
|
Miroslav Stampar
|
95cd9e2af3
|
adding support for scanning Host header values (-p host)
|
2011-12-20 12:52:41 +00:00 |
|
Miroslav Stampar
|
5f7dbec41f
|
minor patch
|
2011-12-03 12:11:46 +00:00 |
|
Miroslav Stampar
|
2ed3efba12
|
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
|
2011-11-22 08:39:13 +00:00 |
|
Miroslav Stampar
|
440b7efe55
|
minor optimization
|
2011-11-20 20:14:47 +00:00 |
|
Miroslav Stampar
|
c1486ed4be
|
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
|
2011-10-25 09:53:44 +00:00 |
|
Miroslav Stampar
|
25f0ec3597
|
some minor range to xrange conversion (where safe to do)
|
2011-10-21 22:34:27 +00:00 |
|
Miroslav Stampar
|
b3b4459c72
|
minor fix
|
2011-09-26 13:01:43 +00:00 |
|
Miroslav Stampar
|
744636a8c1
|
switching to SQLite resume support (on error and union techniques this moment)
|
2011-09-25 20:36:32 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Miroslav Stampar
|
faa74cd2bc
|
introducing results file for multiple target mode
|
2011-05-15 22:21:38 +00:00 |
|
Miroslav Stampar
|
ec4d9178f8
|
minor update related to the previous commit
|
2011-05-08 06:28:58 +00:00 |
|
Miroslav Stampar
|
4d6e7c738c
|
minor update
|
2011-05-08 06:17:43 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Bernardo Damele
|
edc2d75702
|
Cosmetics and major bug fix
|
2011-04-21 21:15:23 +00:00 |
|
Miroslav Stampar
|
6fab44d635
|
minor refactoring and improving of used regex
|
2011-04-17 22:37:00 +00:00 |
|
Miroslav Stampar
|
9aae447553
|
minor update for matching SOAP messages
|
2011-04-17 22:21:32 +00:00 |
|
Miroslav Stampar
|
a7366bf710
|
SOAP refactoring
|
2011-04-17 21:39:00 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
139448eeb9
|
little stabilization regarding POST url(de/en)coding
|
2011-03-19 16:53:14 +00:00 |
|
Bernardo Damele
|
6e8ebd35f4
|
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
|
2011-02-27 12:17:41 +00:00 |
|
Miroslav Stampar
|
417b311475
|
minor update
|
2011-02-13 22:02:47 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Miroslav Stampar
|
f83f1a1e06
|
minor just in case update
|
2011-02-04 13:08:54 +00:00 |
|
Miroslav Stampar
|
c69b76776e
|
minor refactoring
|
2011-02-04 13:04:19 +00:00 |
|
Miroslav Stampar
|
c19d481bb1
|
little clean up
|
2011-02-04 12:25:14 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
81722b6881
|
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
|
2011-01-27 18:36:28 +00:00 |
|
Miroslav Stampar
|
dd7262d9e6
|
we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode
|
2011-01-20 17:53:49 +00:00 |
|
Miroslav Stampar
|
fb9d7cdfaa
|
refactoring, code clearing and removal of obsolete switch --longest-common
|
2011-01-14 14:37:03 +00:00 |
|
Miroslav Stampar
|
dce9a762f1
|
important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode
|
2011-01-02 10:37:32 +00:00 |
|
Miroslav Stampar
|
e355f92f22
|
bug fix
|
2010-12-18 10:02:01 +00:00 |
|
Miroslav Stampar
|
ec5c08ca7a
|
cosmetics
|
2010-12-09 09:24:20 +00:00 |
|