Commit Graph

1337 Commits

Author SHA1 Message Date
Miroslav Stampar
c5138d4696 Minor refactoring 2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae Adding an option --safe-post 2015-04-20 23:55:59 +02:00
Miroslav Stampar
99c1cc9937 Fixes #1208 2015-03-26 17:17:46 +01:00
Miroslav Stampar
fc0186e029 Minor update 2015-03-26 12:39:44 +01:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e fix mandatorily depend of websocket #1198 2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6 remove Host header field and add cookie support #1198 2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2 modified error handle #1198 2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7 determine whether it's websocket when connect #1198 2015-03-24 17:19:37 +08:00
Miroslav Stampar
05a496c275 Fixes #1196 2015-03-20 00:56:52 +01:00
Christ van Willegen
80fb2e29cc Fix some spelling errors in help texts (through -> thorough) 2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca Fixes #1185 2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd Minor update (not overriding user given 'Accept-Encoding' header value) 2015-03-03 14:37:36 +01:00
Miroslav Stampar
dde400ab8f More suitable version of 6bcc95a (suggested by user) 2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z]) 2015-02-24 15:05:44 +01:00
Miroslav Stampar
1636088b75 Minor update 2015-02-16 11:48:53 +01:00
Miroslav Stampar
38011743bb Patch for an Issue #1157 2015-02-04 15:01:19 +01:00
Miroslav Stampar
59f0da369d Patch for a bug reported via ML (Accept header ignored in --headers) 2015-02-02 22:07:16 +01:00
Miroslav Stampar
9e90e357cf Patch for an Issue #1146 2015-01-30 21:59:03 +01:00
Miroslav Stampar
e73ac6c8e3 Minor patch on request of an user 2015-01-17 21:47:57 +01:00
Miroslav Stampar
c2b2ccd2b5 Minor bug fix 2015-01-17 17:31:00 +01:00
Miroslav Stampar
54e9a1fb2d Minor style update 2015-01-14 16:11:55 +01:00
Miroslav Stampar
8e03f4db0f Patch for an Issue #1062 2015-01-09 15:33:53 +01:00
Miroslav Stampar
450b3c93cb Potential patch for an Issue #1093 2015-01-07 11:40:11 +01:00
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
c474c16b4a Removing ML email address 2015-01-06 12:30:49 +01:00
Miroslav Stampar
41c2f889b2 Fix related to the SSLv3 disabling 2014-12-30 15:44:55 +01:00
Miroslav Stampar
1e014de6be Patch for an Issue #1066 2014-12-26 22:24:28 +01:00
Miroslav Stampar
6972020faf Bug fix for login-like SQLi (OR with 500 result) 2014-12-18 15:58:19 +01:00
Miroslav Stampar
180ede0cb3 Minor patch 2014-12-15 14:07:28 +01:00
Miroslav Stampar
20c272b77d More generic patch for an Issue #994 2014-12-07 16:14:48 +01:00
Miroslav Stampar
4e7f835eae Patch for an Issue #994 2014-12-07 16:11:07 +01:00
Miroslav Stampar
d3060f20d7 Minor improvement 2014-12-03 13:22:55 +01:00
Miroslav Stampar
17db587e2c Adding some friendly warning messages (regarding blocking) 2014-12-03 10:06:21 +01:00
Miroslav Stampar
7a04595f5e Added a reference url (http charset priority) 2014-12-01 11:15:45 +01:00
Miroslav Stampar
a0d95a8ec4 Refactoring of #952 2014-11-24 12:56:39 +01:00
Miroslav Stampar
27cd9e7064 Merge pull request #952 from Rexikon/patch-1
Update httpshandler.py, AttributeError PROTOCOL_SSLv3
2014-11-24 12:52:27 +01:00
Miroslav Stampar
05f7b1f121 Patch for an Issue #970 2014-11-24 10:55:19 +01:00
Miroslav Stampar
1fc4d0e3c4 Update for an Issue #431 2014-11-21 10:31:55 +01:00
Miroslav Stampar
cf2d5fd453 Update for an Issue #431 2014-11-21 09:41:49 +01:00
Miroslav Stampar
34ce774acd Patch for an Issue #956 2014-11-21 09:41:49 +01:00
Rexikon
4da20679ee Update httpshandler.py
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
2014-11-19 16:36:30 +01:00
Miroslav Stampar
05d5342f20 Update and patch for an Issue #2 2014-11-17 11:50:05 +01:00
Miroslav Stampar
c5df45a14f Minor bug fix (skipping HTML decoding in heuristic mode) 2014-11-11 11:23:14 +01:00
Miroslav Stampar
71c43be53a Patch for an Issue #901 2014-11-05 10:03:19 +01:00
Miroslav Stampar
49d3860b1f Minor fix 2014-10-31 20:22:15 +01:00
Miroslav Stampar
df73be32f1 Fix for an Issue #876 2014-10-28 14:41:21 +01:00
Miroslav Stampar
3b3b8d4ef2 Potential bug fix (escaping formatted regular expressions) 2014-10-28 14:02:55 +01:00
Miroslav Stampar
268e774087 Minor refactoring 2014-10-28 13:44:55 +01:00
Miroslav Stampar
f89e94fb8c Minor refactoring 2014-10-28 13:42:13 +01:00
Miroslav Stampar
6448d3caf4 Implementing support for csrfcookie (Issue #2) 2014-10-24 09:37:51 +02:00
Miroslav Stampar
5e31229d48 Minor cosmetic update 2014-10-23 15:18:22 +02:00
Miroslav Stampar
abbd352392 Support for X-CSRF-TOKEN header (Issue #2) 2014-10-23 14:33:22 +02:00
Miroslav Stampar
fc1b05bec9 Implementation for an Issue #2 2014-10-23 11:23:53 +02:00
Miroslav Stampar
8dcad46805 Update basic.py 2014-10-22 23:16:46 +02:00
Miroslav Stampar
2f18df345e Minor patch 2014-10-22 13:41:36 +02:00
Miroslav Stampar
268095495e Minor patch 2014-10-22 13:32:49 +02:00
Miroslav Stampar
3ebc5faa34 Falling back to partial UNION if large dump connects out 2014-10-21 09:23:34 +02:00
Miroslav Stampar
1e636fb925 Minor patch regarding Issue #840 2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f Fix for an Issue #838 2014-09-26 17:00:50 +02:00
Miroslav Stampar
bfc8ab0e35 Language update 2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved) 2014-09-08 14:33:13 +02:00
Miroslav Stampar
bbf0be1f8d Bug fix (Issue #813) 2014-09-03 22:09:12 +02:00
Miroslav Stampar
9476359255 Bug fix 2014-08-28 12:50:39 +02:00
Miroslav Stampar
e68326c0fe expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work 2014-08-26 22:57:08 +02:00
Miroslav Stampar
dcaad75a1e Fix for an Issue #794 2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306 Minor patch 2014-08-22 14:45:23 +02:00
Miroslav Stampar
58d93ffb2b Fix for falling back to partial union (excluding scalar queries) 2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d Language update 2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692 Minor refactoring 2014-08-20 23:42:40 +02:00
Miroslav Stampar
b4fbb9cafe Minor upgrade 2014-08-20 13:52:48 +02:00
Miroslav Stampar
6caccc3d93 Bug fix for ultra-slow processing of binary data 2014-08-20 01:38:01 +02:00
Miroslav Stampar
3cfa63646b Minor bug fix 2014-07-19 23:17:23 +02:00
Miroslav Stampar
32af0b17b0 Update for an Issue #760 2014-07-10 08:49:20 +02:00
Miroslav Stampar
686fe4d0e9 Another patch for DNS exfiltration and boolean checks 2014-06-27 14:22:00 +02:00
Miroslav Stampar
2f8d17bcb7 Appendix to last commit 2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a Fix for DNS exfiltration of boolean checks 2014-06-27 13:07:34 +02:00
Miroslav Stampar
2a88436417 Patch for an Issue #724 2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac Patch for an Issue #719 2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6 Patch for an Issue #716 2014-06-10 21:57:54 +02:00
Miroslav Stampar
680ab10ca6 Patch for an Issue #703 2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250 Minor fix (related to the unknown encoding reported by ML) 2014-05-22 09:03:14 +02:00
Miroslav Stampar
c181e909b5 Minor fix 2014-05-16 23:47:00 +02:00
Miroslav Stampar
2e96e3c924 Adding a hidden switch --ignore-401 2014-04-29 23:26:45 +02:00
Miroslav Stampar
2d3a74a0fe Patch for an Issue #667 2014-04-07 21:01:40 +02:00
Miroslav Stampar
bf18b025d6 Minor removal of redundant code 2014-04-06 18:09:54 +02:00
Miroslav Stampar
7cc4159316 Renaming conf.cDel to conf.cookieDel 2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Miroslav Stampar
492a410bcc Minor fix 2014-04-04 16:14:53 +02:00
Miroslav Stampar
e7e8a3965a Minor fix 2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd Patch related to the Issue #661 2014-04-02 22:34:37 +02:00
Miroslav Stampar
e8c1c90f2e Whitespace was being double encoded in case of spaceplus (' '->%2B) 2014-03-25 22:02:14 +01:00
Miroslav Stampar
106102bd3c Fix for an Issue #648 2014-03-21 20:28:29 +01:00
Miroslav Stampar
be3fd8bb29 Fix for an Issue #638 2014-03-14 16:44:56 +01:00
Miroslav Stampar
f1f53a5841 Minor cosmetic update 2014-03-06 21:08:31 +01:00
Miroslav Stampar
cc62a8adc9 Bug fix for JSON-like data (proper escaping of quotes) 2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc Adding support for JSON-like data with single quote 2014-02-26 08:56:17 +01:00
Miroslav Stampar
fc02badf40 Minor update 2014-01-23 08:33:21 +01:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
36f3ab5798 Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True) 2014-01-09 15:46:55 +01:00
Miroslav Stampar
5437f8bf36 Fix for an Issue #85 2014-01-02 12:09:58 +01:00
Miroslav Stampar
4de83daf03 Minor style update 2014-01-02 11:06:19 +01:00
Miroslav Stampar
b0ca34ff27 Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None) 2013-12-04 10:09:54 +01:00
Bernardo Damele
59b6791faa minor improvement 2013-11-19 00:24:47 +00:00
Miroslav Stampar
8dac47f7e5 Minor patch (for recognition of x-mac-turkish codec) 2013-10-21 20:04:48 +02:00
Miroslav Stampar
344d3f4b5f Minor patch 2013-10-12 21:05:18 +02:00
Miroslav Stampar
18d9e1dbc3 Minor update due to reported (debug) problems with SSLv23 2013-10-04 10:53:49 +02:00
Miroslav Stampar
a3defc175d Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself) 2013-09-11 23:17:18 +02:00
Miroslav Stampar
81409ce6da Minor patch 2013-09-02 10:54:32 +02:00
Miroslav Stampar
dd39913cf6 Improvement for an --eval mechanism 2013-08-31 00:28:51 +02:00
Miroslav Stampar
3a57af1452 Minor fix 2013-08-30 15:26:03 +02:00
Miroslav Stampar
88b992ad83 Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly) 2013-08-23 11:54:08 +02:00
Miroslav Stampar
23f2c5f166 Finishing implementation for an Issue #58 2013-08-20 19:35:49 +02:00
Miroslav Stampar
4929cff0c0 Minor update 2013-08-13 06:42:49 +02:00
Miroslav Stampar
b2855e0281 Minor patch 2013-08-12 14:25:51 +02:00
Miroslav Stampar
a711c9ed36 Minor cleanup and initial work for #58 2013-08-09 14:13:48 +02:00
Miroslav Stampar
32c1cb20f5 Fix for an Issue #497 2013-08-01 19:48:20 +02:00
Miroslav Stampar
953b5815d8 Implementation for an Issue #496 2013-07-31 21:15:03 +02:00
Miroslav Stampar
6b826ef64d Reintroducing option --cookie-del 2013-07-31 20:41:19 +02:00
Miroslav Stampar
ca44b23d20 Implementation for --eval to support cookies 2013-07-31 17:29:16 +02:00
Miroslav Stampar
eaacbe0b12 Minor language fix 2013-07-31 09:24:34 +02:00
Miroslav Stampar
f54082111d Better way how to deal with required extensions 2013-07-13 19:25:49 +02:00
Miroslav Stampar
3f6d4083a7 Minor language update 2013-07-13 17:19:16 +02:00
Miroslav Stampar
31efabfca1 Appropriate error messaging when one of core libraries are missing due to erroneous Python build 2013-07-13 16:07:36 +02:00
Miroslav Stampar
4d9f8ad0dd Commit related to the last one 2013-07-13 12:00:03 +02:00
stamparm
a53823f9b7 Minor refactoring 2013-06-19 10:59:26 +02:00
Miroslav Stampar
f185e5cdd5 Fix for an Issue #463 2013-06-10 22:26:34 +02:00
Miroslav Stampar
6f49b96a2d Fix for an Issue #462 2013-06-10 12:20:58 +02:00
Miroslav Stampar
39612b5d87 Fix for an Issue #457 2013-06-04 23:46:39 +02:00
Miroslav Stampar
3e0f747fad Minor fix 2013-06-04 00:05:25 +02:00
Miroslav Stampar
edc9da1226 Minor refactoring 2013-06-03 15:14:56 +02:00
stamparm
6b280d8da4 Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup) 2013-05-28 14:40:45 +02:00
stamparm
659c0bb418 Minor fix 2013-05-27 10:38:47 +02:00
stamparm
4b2cf07262 Minor style update 2013-05-20 16:15:35 +02:00
Miroslav Stampar
ea5c742595 Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled) 2013-05-18 21:30:21 +02:00
Miroslav Stampar
f24c8c6b6b Changing logging type to warning for parsed error messages 2013-05-18 16:17:56 +02:00
stamparm
03732d2592 Minor fix 2013-05-17 16:04:05 +02:00
stamparm
76b4e1ccb9 Implementation for an Issue #450 2013-05-17 15:04:25 +02:00
stamparm
887109a12d Minor bug fix (for not displaying heuristic detected page charset None) 2013-04-30 18:16:32 +02:00
stamparm
ebe8ee3500 Fix for crawler and redirection case 2013-04-30 18:08:26 +02:00
stamparm
09e7f4f697 Minor bug fix regarding traffic logging of redirected requests 2013-04-30 17:46:26 +02:00
stamparm
1035ee9c3d Patch for an Issue #442 2013-04-26 14:49:24 +02:00
stamparm
e3a02f56e6 Just in case for --force-ssl (if url is returned in e.g. refresh toward the target) 2013-04-24 12:35:39 +02:00
stamparm
6fed1921ed Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy) 2013-04-16 14:17:41 +02:00
stamparm
140cffbde2 Patch for an Issue #434 2013-04-15 15:57:28 +02:00
Miroslav Stampar
ed5599f489 In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority 2013-04-12 19:20:33 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
Miroslav Stampar
240e9f3f7e Minor patch 2013-04-07 11:02:43 +02:00
Miroslav Stampar
df4fd82515 Minor update 2013-04-03 23:27:27 +02:00
Miroslav Stampar
c75a2d0c40 Minor patch 2013-04-03 21:31:37 +02:00
stamparm
e1ffdde532 Little cleaning a mess with url encoding and post hint types 2013-03-27 13:39:27 +01:00
Miroslav Stampar
c19a283434 Minor patch 2013-03-26 20:06:50 +01:00
stamparm
7accba4cf9 Minor update 2013-03-26 16:10:41 +01:00
stamparm
7447773237 Update for consistency (all other enums are using _ in between words) 2013-03-20 11:10:24 +01:00
Miroslav Stampar
8acf033715 Code refactoring 2013-03-19 19:24:14 +01:00
stamparm
6969874c02 Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values) 2013-03-19 10:52:37 +01:00
stamparm
e226006766 Trivial fix 2013-03-18 13:29:55 +01:00
stamparm
5e02bcbd58 Minor adjustment 2013-03-18 12:16:16 +01:00
Miroslav Stampar
eb08c8d752 Another update for an Issue #352 2013-03-13 19:42:22 +01:00
Miroslav Stampar
2f43c3eb9b Minor fix (digest live test case) and some refactoring 2013-03-12 21:16:44 +01:00
Miroslav Stampar
84a5bdb9cf Trivial cosmetics 2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9 Using binary data in dummy mode 2013-03-09 19:40:24 +01:00
Miroslav Stampar
62980d7d5a Automatically decoding url encoded data in response 2013-03-05 17:32:10 +01:00
Miroslav Stampar
0e89cc62a2 Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections 2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 13:51:08 +01:00
stamparm
69063947b6 Debug message should go with logging.DEBUG 2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee do not prompt constantly if the page is not found 2013-02-18 18:08:20 +00:00
Miroslav Stampar
11bcf28d86 Fix for an Issue #399 2013-02-15 10:04:13 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
a0b44da5d8 Minor fix for --threads>1 --binary-fields 2013-02-13 20:47:27 +01:00
Miroslav Stampar
d78a3e977b Update (allowing regular char * to be inside SOAP/JSON/XML) 2013-02-13 12:24:42 +01:00
Miroslav Stampar
1d42aba01e Minor update regarding 093a93938c (for goStacked to work properly with stacked conditional payloads - e.g. proper suffix/prefix) 2013-02-12 17:35:14 +01:00
Miroslav Stampar
c34f6e25b2 Minor fix for --eval (urldecoded values should be used inside evaluation) 2013-02-12 17:01:47 +01:00
Bernardo Damele
2fa2f30d21 slighlty better, still not optimal 2013-02-06 17:45:52 +00:00
Bernardo Damele
b272b0574d minor fix to reset partRun value - #297 2013-02-06 17:09:28 +00:00
Miroslav Stampar
62772125e3 Bug fix for HTTPSCertAuthHandler 2013-02-05 12:16:06 +01:00
Miroslav Stampar
6d942f92b5 Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.)) 2013-02-01 10:03:06 +01:00
Miroslav Stampar
f5844eabae Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60 2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626 Update for an Issue #342 and #372 2013-01-31 10:01:52 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
a59ac8e27f Trivial cosmetics 2013-01-29 16:30:38 +01:00
Miroslav Stampar
479f791112 Minor fix 2013-01-25 12:41:51 +01:00
Chris Frohoff
218a6a9695 fixed response header logging for header names with special chars 2013-01-23 11:10:25 -08:00
Miroslav Stampar
59b02539ca More general approach regarding that last commit 2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07 Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query) 2013-01-22 11:29:51 +01:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Miroslav Stampar
ac7709204a Better fix for that page/headers/comparison --string candidate problem 2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985 Revert of previous commit (more care has to be done regarding headers dynamicity) 2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c Fix for an Issue where '--string' is being automatically picked not looking properly in headers too 2013-01-18 16:35:09 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
17d36684b5 Removing obsolete proxy handling code (Python < 2.6) 2013-01-18 11:30:52 +01:00
Miroslav Stampar
e941e60b20 Minor just in place update for an Issue #348 2013-01-17 22:44:55 +01:00
Bernardo Damele
38eb4eb33e Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-17 21:03:11 +00:00
Bernardo Damele
b6e44ae64e fix for #349 (compatible with all others DBMSes too) 2013-01-17 21:03:03 +00:00
Miroslav Stampar
a8e3fd58c5 Implementation for an Issue #348 2013-01-17 21:49:58 +01:00
Miroslav Stampar
8480ceddcb Minor style update 2013-01-17 19:55:56 +01:00
Miroslav Stampar
f7eda07d92 Patch for an Issue #347 2013-01-17 15:30:14 +01:00
Miroslav Stampar
3ab4a5e36d Fix for an Issue #345 2013-01-17 11:50:12 +01:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Miroslav Stampar
fb7243c237 Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs 2013-01-16 16:04:00 +01:00
Bernardo Damele
e16ad38d3e more work on #342 2013-01-15 18:15:07 +00:00
Bernardo Damele
329047fc12 restored fix for #210 to keep --hex work with --technique B 2013-01-15 17:51:40 +00:00
Bernardo Damele
2a751e075d more work on #342 2013-01-15 17:14:44 +00:00
Bernardo Damele
4eaa0d17aa Fix in forging query to calculate query output length - closes issue #342 2013-01-15 15:50:20 +00:00
Miroslav Stampar
5ee653dd89 Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson 2013-01-15 10:14:02 +01:00
Miroslav Stampar
03dd958d96 Implementation for an Issue #48 2013-01-13 16:22:43 +01:00
Miroslav Stampar
81848c723d Minor cleanup (we officially support Python >= 2.6) 2013-01-11 16:01:48 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
127b880577 Minor update 2012-12-27 15:14:40 +01:00
Bernardo Damele
9149d77cc8 removed duplicate code - fixes issue #310 2012-12-19 12:17:56 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae Debug message with declared page charset 2012-12-19 11:16:42 +01:00
Miroslav Stampar
2b64c10710 Patch for an Issue #304 2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922 Another implementation for an Issue #302 2012-12-17 15:08:54 +01:00
Miroslav Stampar
60baf5071e Patch for an Issue #302 2012-12-17 00:40:01 +01:00
Miroslav Stampar
c41618416c Removing trailing blanks 2012-12-14 12:00:45 +01:00
Miroslav Stampar
013dc8bc98 Another minor update for an Issue #267 2012-12-10 13:07:36 +01:00
Miroslav Stampar
8bd0080bf4 Minor update for an Issue #267 2012-12-10 13:05:41 +01:00
Miroslav Stampar
96df0ba061 Implemented support for plain , chars too (Issue #267) 2012-12-10 12:58:17 +01:00
Miroslav Stampar
d0ea4c65c5 Minor styl eupdate for an Issue #267 2012-12-10 12:54:01 +01:00
Miroslav Stampar
5606a860ce Oracle supports inline comments too (Issue #267) 2012-12-10 12:00:15 +01:00
Miroslav Stampar
a024884ca7 Support for a HTTP parameter pollution (Issue #267) 2012-12-10 11:55:31 +01:00
Miroslav Stampar
73968a448c Minor update 2012-12-07 15:29:54 +01:00
Miroslav Stampar
e129a30e6b Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 12:40:19 +01:00
Miroslav Stampar
fccad15cfa Minor update for an Issue #288 2012-12-07 12:14:33 +01:00
Miroslav Stampar
75e6d77fbc Minor refactoring 2012-12-07 11:54:34 +01:00
Miroslav Stampar
fbaeecdaf9 Patch for an Issue #288 2012-12-07 11:52:21 +01:00
Miroslav Stampar
c0fc12beb2 Minor update for an Issue #288 2012-12-07 11:23:18 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46 Introducing 'new style classes' (idea from Pull request #284) 2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c Taking some goodies from Pull request #284 2012-12-06 10:21:53 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
79fca8e9d5 Fix for an Issue #268 2012-12-03 12:13:59 +01:00
Miroslav Stampar
605d73cc3d Minor refactoring 2012-11-29 12:21:12 +01:00
Miroslav Stampar
c40dded28c Fix for an Issue #250 2012-11-20 12:10:29 +01:00
Miroslav Stampar
5b3fe25211 Improving comparison engine (removing shared prelude part to further sharpen if pages are identical - especially noticable in small test pages) 2012-11-13 15:22:59 +01:00
Miroslav Stampar
a52dbc575b Patch for an Issue #246 2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413 Patch for an Issue #235 2012-11-10 11:01:29 +01:00
Miroslav Stampar
359e734954 Minor refactoring 2012-10-29 10:48:49 +01:00
Miroslav Stampar
25a5073281 Bug fix for --hex/--technique=B (especially MsSQL) 2012-10-28 12:22:33 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863 Minor fix 2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b Bug fix (in --dump mode if error/inband failed with None other techniques were ignored) 2012-10-27 23:42:52 +02:00
Miroslav Stampar
12fc9442b9 Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 10:10:23 +02:00
Miroslav Stampar
b82eb3a1ae Fix for an Issue #210 2012-10-23 13:58:25 +02:00
Miroslav Stampar
3f596cda85 Minor fix for --dump --technique=B when empty strings are returned 2012-10-22 11:49:23 +02:00
Miroslav Stampar
21481df239 Minor update for Issue #209 2012-10-21 19:00:37 +02:00
Miroslav Stampar
fb1497aa89 Minor update for Issue #209 2012-10-21 18:53:31 +02:00
Miroslav Stampar
261b286021 Fix for an Issue #209 2012-10-20 13:17:45 +02:00
Miroslav Stampar
6a271fe800 Update for an Issue #2 2012-10-19 11:29:03 +02:00
Miroslav Stampar
998eb70288 Minor update 2012-10-19 11:05:10 +02:00
Miroslav Stampar
987f167e12 Minor update 2012-10-19 11:03:54 +02:00
Miroslav Stampar
d65d9e25cd Implementation for an Issue #2 2012-10-19 11:02:14 +02:00
Miroslav Stampar
688a2db27a Fix for an Issue #208 2012-10-19 10:04:09 +02:00
Miroslav Stampar
b5060c0010 Fix for an Issue #205 2012-10-16 14:28:46 +02:00
Miroslav Stampar
2cb1b054bb Implementation for an Issue #79 2012-10-16 12:32:58 +02:00
Miroslav Stampar
42b2c85517 Minor cosmetics 2012-10-15 18:45:13 +02:00
Miroslav Stampar
c7cf8b2e80 Minor refactoring of direct() 2012-10-15 18:41:41 +02:00
Miroslav Stampar
e440b096c5 Fix for an Issue #202 2012-10-15 12:24:30 +02:00
Miroslav Stampar
e61c4c22c9 Implementation for an Issue #200 2012-10-09 15:19:47 +02:00
Miroslav Stampar
5a91b6e622 Minor cleanup 2012-10-09 10:21:52 +02:00
Miroslav Stampar
8e7449ccd5 Minor update 2012-10-07 20:28:24 +02:00
Miroslav Stampar
ff205f088b Minor update 2012-10-07 20:12:55 +02:00
Miroslav Stampar
098e446ca4 Adding support for generic XML POST data 2012-10-04 18:44:12 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
8865fe69d7 Minor cleanup 2012-10-04 18:26:07 +02:00
Miroslav Stampar
d464678e10 Minor update for an Issue #49 2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18 Better treating of numeric values (Issue #49) 2012-10-04 16:08:37 +02:00
Miroslav Stampar
461e5ebc5f Work for Issue #197 and Issue #49 2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5 Implementation for an Issue #49 2012-10-02 14:23:58 +02:00
Miroslav Stampar
763dc98311 Minor refactoring 2012-10-02 13:36:15 +02:00
Miroslav Stampar
a8aecaa036 Minor style update 2012-10-02 13:33:10 +02:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
ec43ceec40 Some more cleanup related to the last commit (unneeded manual crafting/unneeded closing with ;) 2012-09-25 14:29:22 +02:00
Miroslav Stampar
c9e7e71ea2 Implementation for an Issue #195 2012-09-25 10:17:25 +02:00
Miroslav Stampar
d175decdfc Fix for an Issue #190 2012-09-22 20:59:40 +02:00
Miroslav Stampar
e570858db9 Implementation for an Issue #183 2012-09-12 11:50:38 +02:00
Miroslav Stampar
511c3b8dcc Update and fix for an Issue #182 2012-09-11 14:58:52 +02:00
Miroslav Stampar
10b671d625 Update for an Issue #182 2012-09-11 12:08:34 +02:00
Miroslav Stampar
5d23d72ff5 Fix for an Issue #176 2012-09-08 17:58:03 +02:00
Miroslav Stampar
dbce417cdd Potential fix for an Issue #171 2012-09-02 22:48:41 +02:00
Miroslav Stampar
b916db34a4 Another update for an Issue #79 2012-08-31 12:38:02 +02:00
Miroslav Stampar
47d162f391 Minor update (same but cleaner) 2012-08-31 12:27:40 +02:00
Miroslav Stampar
7286d89cb6 Few fixes for an Issue #79 (problem with case sensitivity of request get_header) 2012-08-31 12:15:09 +02:00
Miroslav Stampar
cdd3ed6abc Minor bug fix 2012-08-30 14:22:18 +02:00
Miroslav Stampar
32a36f1ff3 El Cosmeticado 2012-08-22 09:58:39 +02:00
Miroslav Stampar
d421f9a618 Fix for an Issue #157 2012-08-21 14:34:19 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
b9c63eb908 Fix for an Issue #156 2012-08-21 10:46:29 +02:00
Miroslav Stampar
7a8ace78f9 Removing redundant newline char as logger already adds it's own 2012-08-21 09:58:40 +02:00
Miroslav Stampar
233b9a3815 Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those) 2012-08-20 22:17:39 +02:00
Miroslav Stampar
823dde73ab Minor cleanup 2012-08-20 11:40:49 +02:00
Miroslav Stampar
76338add17 Fix for an Issue #152 2012-08-20 10:41:43 +02:00
Miroslav Stampar
fec8a5cc9d Fix for an Issue #139 2012-08-07 00:50:58 +02:00
Miroslav Stampar
142fc887f1 Fix for an Issue #129 2012-07-31 11:03:44 +02:00