sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-24 18:43:47 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	f41460f8d8	Better naming	2013-01-29 20:53:11 +01:00
Bernardo Damele	e8bd3c9c9f	cosmetics	2013-01-29 17:00:28 +00:00
Bernardo Damele	8f36f92dd3	minor fix	2013-01-29 16:23:30 +00:00
Bernardo Damele	c47b44e93f	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-29 15:38:16 +00:00
Bernardo Damele	9677e0f910	more data content types for API (issue #297 )	2013-01-29 15:36:19 +00:00
Bernardo Damele	92ae8145df	ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297 )	2013-01-29 15:35:51 +00:00
Bernardo Damele	bfce7210e6	improvements to the dump library to output to the API data fetched properly formatted (issue #297 )	2013-01-29 15:34:20 +00:00
Bernardo Damele	eeecb3fe2c	split init() into two separate functions for API purposes (issue #297 )	2013-01-29 15:33:16 +00:00
Miroslav Stampar	f4b7b3fd35	Minor cosmetics	2013-01-29 16:04:20 +01:00
Miroslav Stampar	9eca41bae2	Minor fix	2013-01-29 15:55:50 +01:00
Miroslav Stampar	a104de01d7	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-29 15:35:01 +01:00
Miroslav Stampar	7e73825ece	Minor cosmetics	2013-01-29 15:34:41 +01:00
Bernardo Damele	085495024f	minor adjustment	2013-01-29 01:44:57 +00:00
Bernardo Damele	f1ab887c55	major enhancement, code refactoring for issue #297	2013-01-29 01:39:27 +00:00
Bernardo Damele	cd4075f6a3	no raise, just pass at ctrl-c	2013-01-26 15:33:09 +00:00
Bernardo Damele	a0b9e0f1c5	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-25 17:11:38 +00:00
Bernardo Damele	195d17449e	first test of stdout/stderr redirect to a database when sqlmap is executed from restful API (#297 )	2013-01-25 17:11:31 +00:00
Miroslav Stampar	c06f94e2c8	Fix for an Issue #378	2013-01-25 16:38:41 +01:00
Miroslav Stampar	8c84a16cb7	Minor style update for an Issue #377	2013-01-25 12:52:31 +01:00
Miroslav Stampar	194a9e7b88	Implementation for an Issue #377	2013-01-25 12:34:57 +01:00
Bernardo Damele	5b3c8d8991	first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite	2013-01-24 12:57:24 +00:00
Miroslav Stampar	232f8d3585	Fix for an Issue #368	2013-01-23 13:36:17 +01:00
Bernardo Damele	5635776173	proper SQLite 2 library	2013-01-22 18:56:25 +00:00
Miroslav Stampar	719c7f622b	Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)	2013-01-22 15:51:06 +01:00
Miroslav Stampar	2ec828f1cb	Fix for an Issue #367	2013-01-22 14:27:17 +01:00
Miroslav Stampar	09c02c6c72	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-22 14:08:31 +01:00
Miroslav Stampar	15b0ab1b44	Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...'	2013-01-22 14:08:19 +01:00
Bernardo Damele	061aef57ba	missing import	2013-01-22 11:25:01 +00:00
Bernardo Damele	e558040810	minor fix to previous commit	2013-01-21 17:10:56 +00:00
Bernardo Damele	d43b04c582	better detection if vulnerable of not for regression test	2013-01-21 17:09:35 +00:00
Miroslav Stampar	b35a0810ef	Fix for an Issue #364	2013-01-21 17:01:52 +01:00
Miroslav Stampar	1e3f68c7ff	Rewriting some query crafting parts (especially those .find(' FROM '))	2013-01-21 16:15:38 +01:00
Miroslav Stampar	832d95984c	IFNULL-like mechanism now works on SQLite 2 too	2013-01-21 15:04:27 +01:00
Miroslav Stampar	c55a002f95	Language fix	2013-01-21 13:19:08 +01:00
Miroslav Stampar	80255433b0	Trivial style update	2013-01-21 13:18:34 +01:00
Miroslav Stampar	0e86175342	Adding new common function for further refactoring	2013-01-21 11:50:47 +01:00
Miroslav Stampar	3200134b3b	Fix for a regression test #30 test case fail (Firebird inline)	2013-01-21 10:12:54 +01:00
Bernardo Damele	3373e30808	minor fix for a bug introduced with commit `1ad9e26a21`	2013-01-20 02:40:40 +00:00
Bernardo Damele	115be9d7b5	minor fixes	2013-01-20 01:26:46 +00:00
Miroslav Stampar	0a4f5d2e51	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-19 19:08:18 +01:00
Miroslav Stampar	e9641e30db	This last commit was in haste :)	2013-01-19 19:07:38 +01:00
Miroslav Stampar	6a87dd9225	Minor update (just for consistency with the rest of code)	2013-01-19 19:07:06 +01:00
Miroslav Stampar	979e108c87	Minor update (just for consistency with the rest of code)	2013-01-19 19:06:51 +01:00
Bernardo Damele	f89b25fdb6	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-19 18:04:38 +00:00
Bernardo Damele	adf97e630f	add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL	2013-01-19 18:04:33 +00:00
Miroslav Stampar	9ce2395405	Minor refactoring	2013-01-19 18:40:44 +01:00
Miroslav Stampar	3f4c010370	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-19 18:28:52 +01:00
Miroslav Stampar	efe26ac3f8	In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value)	2013-01-19 18:28:37 +01:00
Bernardo Damele	6a62292a3f	layout adjustment	2013-01-19 17:11:16 +00:00
Miroslav Stampar	bb6b89fe93	Patch for an Issue #360	2013-01-19 18:06:36 +01:00
Bernardo Damele	dcf2dcd03d	all we need to debug failed test cases while regression test run..	2013-01-19 17:04:57 +00:00
Bernardo Damele	f22fd396ef	write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage	2013-01-19 16:41:19 +00:00
Bernardo Damele	1923ef691e	just in case, add also the test case name inside the temp folder for debug purposes	2013-01-19 16:06:46 +00:00
Bernardo Damele	0e78fbef56	correctly format SQLi payload for inline query technique	2013-01-19 00:28:03 +00:00
Bernardo Damele	6be7eee8d6	more fixes	2013-01-18 23:35:16 +00:00
Bernardo Damele	56eaa073ce	fixed test cases for Firebird - #312	2013-01-18 23:32:39 +00:00
Bernardo Damele	1f4c6a8371	avoid blank line if password hashes have not been fetched	2013-01-18 22:10:36 +00:00
Bernardo Damele	1ad9e26a21	bug fix for ORDER BY users provided statements (issue #354 )	2013-01-18 21:40:50 +00:00
Miroslav Stampar	ac7709204a	Better fix for that page/headers/comparison --string candidate problem	2013-01-18 17:00:11 +01:00
Miroslav Stampar	8141d17985	Revert of previous commit (more care has to be done regarding headers dynamicity)	2013-01-18 16:49:35 +01:00
Miroslav Stampar	33094a118c	Fix for an Issue where '--string' is being automatically picked not looking properly in headers too	2013-01-18 16:35:09 +01:00
Miroslav Stampar	601eb1e49a	Unescaping is renamed to escaping	2013-01-18 15:40:37 +01:00
Bernardo Damele	a43202f3c0	updated copyright	2013-01-18 14:07:51 +00:00
Bernardo Damele	1bb061f68c	improvements to --live-test	2013-01-18 13:02:35 +00:00
Bernardo Damele	738ccb643d	minor output adjustment	2013-01-18 11:41:09 +00:00
Miroslav Stampar	33ea811c6c	Removing some unused stuff (mainly imports)	2013-01-18 11:50:02 +01:00
Miroslav Stampar	aa467cb54c	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-18 11:31:25 +01:00
Miroslav Stampar	17d36684b5	Removing obsolete proxy handling code (Python < 2.6)	2013-01-18 11:30:52 +01:00
Miroslav Stampar	4d5bae7131	Removing some obsolete functions	2013-01-18 11:18:56 +01:00
Miroslav Stampar	bcc907ce09	Minor update	2013-01-18 11:00:21 +01:00
Miroslav Stampar	d1008b45b5	Minor removal of unused function	2013-01-18 10:46:06 +01:00
Miroslav Stampar	caae773b2d	Minor removal of redundant code	2013-01-18 10:44:57 +01:00
Bernardo Damele	d66f7e22b1	more fixes to test cases	2013-01-18 09:32:05 +00:00
Miroslav Stampar	e941e60b20	Minor just in place update for an Issue #348	2013-01-17 22:44:55 +01:00
Bernardo Damele	1d6e642d41	fixed url	2013-01-17 21:29:00 +00:00
Miroslav Stampar	507f185b69	Revert of patch for an Issue #347	2013-01-17 18:38:37 +01:00
Miroslav Stampar	f7eda07d92	Patch for an Issue #347	2013-01-17 15:30:14 +01:00
Miroslav Stampar	a38b3e397c	Patch for an Issue #286	2013-01-17 14:17:39 +01:00
Miroslav Stampar	65273295e3	Implementing a check for an Issue #25	2013-01-17 13:56:04 +01:00
Miroslav Stampar	9428d1819e	Fix for an Issue #346	2013-01-17 12:03:02 +01:00
Miroslav Stampar	3ab4a5e36d	Fix for an Issue #345	2013-01-17 11:50:12 +01:00
Miroslav Stampar	51a77d1fe2	Minor update for an Issue #8	2013-01-17 11:37:45 +01:00
Miroslav Stampar	14b7e655a9	Minor refactoring	2013-01-16 16:33:04 +01:00
Miroslav Stampar	053b7d12b4	Minor language update	2013-01-16 16:07:12 +01:00
Miroslav Stampar	fb7243c237	Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs	2013-01-16 16:04:00 +01:00
Miroslav Stampar	c0a6e1c3a7	Finishing first usable prototype for an Issue #8	2013-01-16 14:54:37 +01:00
Miroslav Stampar	ff5ec48abd	Minor update for an Issue #8	2013-01-16 14:16:22 +01:00
Bernardo Damele	3464a70ac2	bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected	2013-01-16 01:53:33 +00:00
Bernardo Damele	542f6de72e	typo fix	2013-01-16 01:31:03 +00:00
Bernardo Damele	2a751e075d	more work on #342	2013-01-15 17:14:44 +00:00
Bernardo Damele	ec076f5f8a	write console output to temporary folder in any case the test case fails, even if no traceback is raised	2013-01-15 15:51:03 +00:00
Miroslav Stampar	7a1d484115	Implementation for an Issue #340	2013-01-15 16:05:33 +01:00
Bernardo Damele	c51358953a	add more Oracle system dbs	2013-01-15 14:51:29 +00:00
Bernardo Damele	3e2c3851f3	Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312 )	2013-01-14 13:42:50 +00:00
Bernardo Damele	515c1c6205	removed leftover	2013-01-14 10:26:22 +00:00
Bernardo Damele	83000de9e1	improved handling and storing of exceptions with --live-test (#312 )	2013-01-14 10:23:40 +00:00
Bernardo Damele	8125fe90a7	code refactoring	2013-01-14 10:22:38 +00:00
Bernardo Damele	036b612bcb	bug fix to be able to write unicode chars to debug file	2013-01-14 01:11:42 +00:00
Miroslav Stampar	fc560f2b75	Minor revert and proper fix	2013-01-14 00:47:29 +01:00
Bernardo Damele	b74cfbf336	minor enhancements for debug purposes (issue #312 )	2013-01-13 23:15:56 +00:00
Bernardo Damele	fdd6075859	temporary patch to fix UNION query enumeration	2013-01-13 23:08:23 +00:00
Miroslav Stampar	92ea8841f8	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-13 16:23:09 +01:00
Miroslav Stampar	03dd958d96	Implementation for an Issue #48	2013-01-13 16:22:43 +01:00
Bernardo Damele	675e4a026b	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-11 13:31:49 +00:00
Bernardo Damele	41834e7a5b	working on #8 - still not usable though	2013-01-11 13:31:44 +00:00
Miroslav Stampar	bc4d8d3e02	Implementation for an Issue #332	2013-01-11 11:17:41 +01:00
Miroslav Stampar	5571d09354	Minor revert	2013-01-11 11:13:55 +01:00
Miroslav Stampar	ec4e49d771	Minor refactoring	2013-01-10 16:09:28 +01:00
Miroslav Stampar	1363f26367	Minor refactoring	2013-01-10 15:59:02 +01:00
Miroslav Stampar	834be1eddc	Restyling redundant 'except Exception' form	2013-01-10 15:54:28 +01:00
Miroslav Stampar	acfeeb4f51	Restyling old form of urlparse	2013-01-10 15:41:07 +01:00
Miroslav Stampar	8686c20fa5	Removing one obsolete instantiation line	2013-01-10 15:27:35 +01:00
Miroslav Stampar	934d41dac2	Minor style update (PEP8)	2013-01-10 15:02:28 +01:00
Miroslav Stampar	ca3d35a878	Some PEP8 related style cleaning	2013-01-10 13:18:44 +01:00
Miroslav Stampar	6cfa9cb0b3	Removing unused imports	2013-01-10 12:15:12 +01:00
Miroslav Stampar	05705857a9	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-10 12:09:48 +01:00
Miroslav Stampar	ca1c0c2a1d	Minor style update	2013-01-10 11:54:07 +01:00
Bernardo Damele	ca337159f5	added reminder TODO	2013-01-10 01:11:22 +00:00
Bernardo Damele	10f1099944	remove logging handler that shows logging messages to stdout - issue #297	2013-01-10 00:51:56 +00:00
Bernardo Damele	ccc3c3d1a3	minor fix to distinguish stdout from stderr	2013-01-10 00:51:05 +00:00
Bernardo Damele	2126a5ba12	minor index fix	2013-01-10 00:00:00 +00:00
Bernardo Damele	794700eb37	preparing to handle logging calls by a separate file descriptor when sqlmap is executed by the REST API - issue #297	2013-01-09 22:08:50 +00:00
Bernardo Damele	d120dc18d1	cleanup	2013-01-09 22:06:27 +00:00
Bernardo Damele	58a60562ac	avoid exiting with a traceback for missing dependency, handle properly at some point	2013-01-09 16:05:55 +00:00
Bernardo Damele	7f4ce4afbb	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-09 16:04:29 +00:00
Bernardo Damele	510ceb6e19	first attempt to have --os-pwn and other takeover switches work across Windows and Linux - issue #28	2013-01-09 16:04:23 +00:00
Miroslav Stampar	bf5544903b	Minor style update	2013-01-09 16:10:26 +01:00
Miroslav Stampar	9bdcb1176d	Update for an Issue #169	2013-01-09 15:58:13 +01:00
Miroslav Stampar	25f01a419f	Minor style update (for the sake of consistency over the code and our PEP8 adaptation)	2013-01-09 15:38:41 +01:00
Miroslav Stampar	bdd2592848	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-09 15:22:30 +01:00
Miroslav Stampar	3d4f381ab5	Patch for an Issue #169	2013-01-09 15:22:21 +01:00
Bernardo Damele	c44a829b9b	pass a pickled options object to sqlmap engine when called from API	2013-01-09 12:34:45 +00:00
Bernardo Damele	8457cff278	added variable to store the live test traceback if any	2013-01-09 12:33:18 +00:00
Bernardo Damele	f11747732e	added missing command line options	2013-01-09 12:30:13 +00:00
Miroslav Stampar	55a552ddc4	Update for an Issue #24	2013-01-08 10:55:25 +01:00
Miroslav Stampar	ad85c4c964	Minor refactoring for an Issue #295	2013-01-08 10:23:02 +01:00
Bernardo Damele	1e35b3c8c9	proper link	2013-01-07 16:59:59 +00:00
Miroslav Stampar	74552bea87	Cleaning some garbage (hard coded paths with linux native slashes)	2013-01-07 16:51:00 +01:00
Bernardo Damele	7fa75792dd	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2013-01-07 11:10:08 +00:00
Bernardo Damele	a30d7014b9	removed unused var	2013-01-07 11:05:33 +00:00
Miroslav Stampar	5b77b20e2e	Removing trailing whitespaces (PEP8)	2013-01-03 23:57:07 +01:00
Miroslav Stampar	82b468211d	Minor update	2013-01-03 23:38:29 +01:00
Miroslav Stampar	f340ce8b4b	Minor style update	2013-01-03 23:35:29 +01:00
Miroslav Stampar	1712603dce	Replacing deprecated has_key() with operator in (PEP8)	2013-01-03 23:28:07 +01:00
Miroslav Stampar	e4a3c015e5	Replacing old and deprecated raise Exception style (PEP8)	2013-01-03 23:20:55 +01:00
Miroslav Stampar	304e52cb4d	Minor language update	2013-01-02 22:11:59 +01:00
Miroslav Stampar	09f1cdd8e1	Minor style update	2013-01-02 21:52:50 +01:00
Miroslav Stampar	0795760255	Minor fix	2012-12-30 11:22:23 +01:00
Miroslav Stampar	648d91d790	Distinguishing invalid unicode from safe encoded characters (for proper potential decoding)	2012-12-27 22:43:39 +01:00
Miroslav Stampar	3d01890147	Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode)	2012-12-27 21:15:44 +01:00
Miroslav Stampar	6ae4590edc	Removing problematic per-MySQL LIMIT prefix	2012-12-26 19:48:01 +01:00
Miroslav Stampar	77625e5af7	Minor revert	2012-12-21 19:31:05 +01:00
Miroslav Stampar	00e55828e4	Minor style update	2012-12-21 15:06:03 +01:00
Miroslav Stampar	8b3e17ed4d	Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)	2012-12-21 14:52:47 +01:00
Miroslav Stampar	35728fa443	Fix (and some hidden bug fixes/improvements) regarding an Issue #317	2012-12-21 10:51:35 +01:00
Miroslav Stampar	b94a5d42d4	Removing a leftover	2012-12-21 09:49:09 +01:00
Miroslav Stampar	0a122ccce4	Related to an Issue #319	2012-12-21 09:47:58 +01:00
Miroslav Stampar	1073ebc697	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-12-20 20:51:41 +01:00
Bernardo Damele	912323c12d	minor bug fix (#297 )	2012-12-20 17:05:44 +00:00
Bernardo Damele	7adaffa71b	fixed options initiation	2012-12-20 16:53:43 +00:00
Miroslav Stampar	8efe056671	Minor refactoring	2012-12-20 15:51:03 +01:00
Bernardo Damele	e9ab33e9dd	standalone REST API, code cleanup (#297 )	2012-12-20 14:35:02 +00:00
Miroslav Stampar	63d9b7a1f8	No character shall be left forgotten (no more ? in case that character was not properly being decoded by used charset)	2012-12-20 12:23:37 +01:00
Miroslav Stampar	c2c4601d6e	Minor restyling	2012-12-20 11:06:52 +01:00
Bernardo Damele	076b4063e6	these edits got overwritten from last commits	2012-12-20 09:42:44 +00:00
Miroslav Stampar	3cbe60b586	Proper fix	2012-12-20 10:37:20 +01:00
Miroslav Stampar	0d1ea7f05a	Merge branch 'master' of github.com:sqlmapproject/sqlmap Conflicts: lib/core/testing.py	2012-12-20 10:37:11 +01:00
Miroslav Stampar	da93e77eb2	Proper fix	2012-12-20 10:34:51 +01:00
Bernardo Damele	ac77724970	attempt to handle standard input from --live-test	2012-12-20 09:30:48 +00:00
Bernardo Damele	2b6ee06de0	minor bug fix to correctly parse unicode chars	2012-12-20 09:30:13 +00:00
Miroslav Stampar	69310e47ce	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-12-20 09:54:39 +01:00
Miroslav Stampar	06d8213ffd	minor fix (reading of unicode xml files)	2012-12-20 09:53:08 +01:00
Bernardo Damele	86872956d5	minor bug fix (for PostgreSQL)	2012-12-19 22:55:31 +00:00
Bernardo Damele	77843f44fb	minor bug fix (issue #314 )	2012-12-19 22:49:02 +00:00
Bernardo Damele	357da43cea	slight improvement of live test engine and added misc test cases to xml	2012-12-19 17:28:41 +00:00
Bernardo Damele	85fcd27e2d	added support for random global variables	2012-12-19 15:58:06 +00:00
Bernardo Damele	12d34587cc	minor restyling	2012-12-19 14:34:34 +00:00
Bernardo Damele	326ff404fc	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-12-19 14:25:35 +00:00
Bernardo Damele	12eed58485	pointless restyling	2012-12-19 14:25:29 +00:00
Miroslav Stampar	37346fe8a3	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-12-19 15:23:57 +01:00
Miroslav Stampar	7ee98c7bff	Just for one girl out there waiting for this patch ;)	2012-12-19 15:23:38 +01:00
Bernardo Damele	3be90c97aa	forgot these	2012-12-19 14:12:45 +00:00
Bernardo Damele	cefb03c835	fixed bug related to issue #223	2012-12-19 14:12:09 +00:00
Bernardo Damele	27a12ae85b	restyling	2012-12-19 13:47:17 +00:00
Bernardo Damele	4b3b4eb374	commented out partial work	2012-12-19 13:47:04 +00:00
Bernardo Damele	3655d1f12a	revert change of name for now	2012-12-19 13:45:52 +00:00
Bernardo Damele	874e2176c6	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-12-19 13:43:00 +00:00
Bernardo Damele	4f0f729982	be more specific in standard output message as to whether or not the read file is same as remote file	2012-12-19 13:42:56 +00:00
Miroslav Stampar	23153e8088	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-12-19 14:29:08 +01:00
Miroslav Stampar	244901eda0	During --flush-session log file should be cleaned too (especially because of --live-tests)	2012-12-19 14:28:54 +01:00
Bernardo Damele	282aeb734f	ORDER BY does not play well with UNION query SQLi (related to issue #313 )	2012-12-19 13:21:16 +00:00
Bernardo Damele	128597ee7e	--run-case is now case insensitive	2012-12-19 12:45:46 +00:00
Bernardo Damele	b91c829103	minor bug fix (issue #310 )	2012-12-19 12:42:31 +00:00
Bernardo Damele	2bc2c0431c	fixed test cases	2012-12-19 12:33:37 +00:00
Bernardo Damele	9149d77cc8	removed duplicate code - fixes issue #310	2012-12-19 12:17:56 +00:00
Bernardo Damele	f5450e9f0e	layout adjustment	2012-12-19 11:39:38 +00:00
Miroslav Stampar	92e338251a	Finally working inference against MySQL/international letters (even chinese)	2012-12-19 10:44:02 +01:00
Miroslav Stampar	c9b8b51c9c	Update lib/core/common.py Revert of last commit and try 2	2012-12-19 01:48:53 +01:00
Bernardo Damele	318fcee49c	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-12-19 00:30:26 +00:00
Bernardo Damele	3c7007097a	minor refactoring	2012-12-19 00:30:22 +00:00
Miroslav Stampar	50b846b5af	Update lib/core/common.py Fixing wrong assumption in case of MySQL inference international character retrieval	2012-12-19 01:26:12 +01:00
Miroslav Stampar	9e2f0131b9	Update lib/core/agent.py	2012-12-18 20:25:00 +01:00
Bernardo Damele	326ed33f31	added support for comma separated list of files for --file-read - fixes issue #223	2012-12-18 17:55:21 +00:00
Bernardo Damele	58656bbeb5	minor bug fix, union query has to be limited 0, 0	2012-12-18 16:36:30 +00:00
Bernardo Damele	61a838bb35	added more test cases	2012-12-18 15:59:48 +00:00
Miroslav Stampar	88d8494b5a	Implementation for an Issue #307	2012-12-18 16:03:35 +01:00
Bernardo Damele	3c1b696bd6	removed more print statements	2012-12-17 13:35:32 +00:00
Bernardo Damele	9f47eb0a59	cleaner	2012-12-17 13:29:37 +00:00
Bernardo Damele	0500712a03	removed unuseful prints	2012-12-17 13:29:19 +00:00
Bernardo Damele	ac44cf3ec0	minor fix: add also back-end DBMS and web app fingerprint output to log file	2012-12-17 13:02:09 +00:00
Bernardo Damele	bbd2adb5fb	improvements to --live-test and added --stop-fail switch	2012-12-17 11:41:43 +00:00
Bernardo Damele	2926c815bf	improved test switch --live-test and minor refactoring	2012-12-17 11:29:33 +00:00
Bernardo Damele	0c3da5c7eb	code refactoring and first time logger is handled by a separate file descriptor (issue #297 )	2012-12-15 00:12:22 +00:00
Bernardo Damele	a2a71bb37b	cleanup from XML-RPC related stuff	2012-12-14 13:37:36 +00:00
Bernardo Damele	6e31e87de1	added initial support (hidden from -hh and not yet usable) for REST-JSON API	2012-12-14 02:49:25 +00:00
Miroslav Stampar	df0f08bc6a	Cleaning some (web upload based) garbage	2012-12-13 13:19:47 +01:00
Miroslav Stampar	5150172178	Minor update	2012-12-13 10:03:21 +01:00
Miroslav Stampar	fc4be0a77c	Minor fix	2012-12-12 16:45:29 +01:00
Miroslav Stampar	921000bd87	Another update for an Issue #287	2012-12-12 14:22:24 +01:00
Miroslav Stampar	c3f20a136f	Minor update for an Issue #287	2012-12-12 14:03:03 +01:00
Miroslav Stampar	a6448e8768	Update for an Issue #287	2012-12-12 11:54:59 +01:00
Miroslav Stampar	b9f6fc5f4e	First commit (and working one) for an Issue #287 (XML-RPC server)	2012-12-11 16:02:06 +01:00
Miroslav Stampar	b5884c7eda	Minor language update	2012-12-11 15:24:02 +01:00
Miroslav Stampar	760519dbe9	Removing redundant piece of code	2012-12-11 15:21:27 +01:00
Miroslav Stampar	a54c261496	Minor update for Issues #292 & #293 (only single alert per target)	2012-12-11 14:44:43 +01:00
Miroslav Stampar	5c2451d83c	Implementation for an Issue #293	2012-12-11 12:48:58 +01:00
Miroslav Stampar	562044577b	Implementation for an Issue #292	2012-12-11 12:02:06 +01:00
Miroslav Stampar	6433be8b3d	Style update	2012-12-10 17:20:04 +01:00
Miroslav Stampar	a024884ca7	Support for a HTTP parameter pollution (Issue #267 )	2012-12-10 11:55:31 +01:00
Miroslav Stampar	1f7644a691	Minor fix when user doesn't want custom injection char marker to be processed	2012-12-08 21:23:30 +01:00
Miroslav Stampar	0cbdaaecfa	Revert of `99e9412f74` (because of an Issue #289 )	2012-12-08 08:53:25 +01:00
Miroslav Stampar	1028afce37	Removal of leftovers	2012-12-06 14:15:44 +01:00
Miroslav Stampar	974407396e	Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)	2012-12-06 14:14:19 +01:00
Miroslav Stampar	baccbd6f48	Implementation for an Issue #283	2012-12-06 11:57:57 +01:00
Miroslav Stampar	ab67344448	Removed unused imports and variables (pyflake-ing)	2012-12-06 11:15:05 +01:00
Miroslav Stampar	b6650add46	Introducing 'new style classes' (idea from Pull request #284 )	2012-12-06 10:42:53 +01:00
Miroslav Stampar	0f191f624c	Taking some goodies from Pull request #284	2012-12-06 10:21:53 +01:00
Miroslav Stampar	6b39e661a7	Fix for an issue #279	2012-12-05 12:15:14 +01:00
Miroslav Stampar	775e0df04b	Update for an Issue #278	2012-12-05 10:45:17 +01:00
Miroslav Stampar	6b007ab188	Minor patch for an Issue #274 (just in case to avoid this kind of problems)	2012-12-04 16:14:14 +01:00
Miroslav Stampar	e2aa695655	Minor update	2012-12-03 17:20:18 +01:00
Miroslav Stampar	42a8234c6f	Update for an Issue #12	2012-12-03 14:27:01 +01:00
Miroslav Stampar	79fca8e9d5	Fix for an Issue #268	2012-12-03 12:13:59 +01:00
Miroslav Stampar	8410fc5a9d	Minor update	2012-12-02 08:00:55 +01:00
redshark1802	1675386093	fixed typo that created an invalid configuration file with the option '--save'	2012-11-30 23:00:03 +01:00
Miroslav Stampar	5b61e9ce12	Minor update for an Issue #254	2012-11-30 11:43:50 +01:00
Miroslav Stampar	7e2db762d6	Minor update	2012-11-29 15:45:04 +01:00
Miroslav Stampar	8f10023523	Fix for an Issue #266	2012-11-29 15:44:14 +01:00
Miroslav Stampar	3b961c2550	Update for an Issue #254	2012-11-29 15:36:38 +01:00
Miroslav Stampar	a7e1e856d4	Fix for an Issue #260	2012-11-28 17:00:26 +01:00
Miroslav Stampar	35d1146fd1	Minor update for an (Issue #254 )	2012-11-28 12:53:11 +01:00
Miroslav Stampar	753d0f18bf	First CSS style added for a HTML table dump format (Issue #254 )	2012-11-28 12:46:43 +01:00
Miroslav Stampar	b6ea337937	First style-less prototype for an HTML dump output (Issue #254 )	2012-11-28 12:28:42 +01:00
Miroslav Stampar	e2d8b53e97	Minor update for an Issue #264	2012-11-28 11:45:33 +01:00
Miroslav Stampar	cff0c59630	Implementation for an Issue #264	2012-11-28 11:41:39 +01:00
Miroslav Stampar	5bf5b95588	More refactoring for an Issue #254	2012-11-28 11:16:00 +01:00
Miroslav Stampar	87a92ab330	Deprecating --replicate (Issue #254 )	2012-11-28 11:10:57 +01:00
Miroslav Stampar	f08eb0fd9f	Minor style update	2012-11-28 10:59:15 +01:00
Miroslav Stampar	d95dd2d16e	Preparation for an Issue #254	2012-11-28 10:58:18 +01:00
Miroslav Stampar	d490ffb163	Fix for an Issue #259	2012-11-27 11:45:22 +01:00
Miroslav Stampar	bd33128085	Fix for an Issue #262	2012-11-27 10:08:22 +01:00
Miroslav Stampar	38c96a366b	Patch for an Issue #260	2012-11-26 11:16:59 +01:00
Miroslav Stampar	ef2038f1c8	Implementation for an Issue #253	2012-11-21 10:16:13 +01:00
Miroslav Stampar	93e071fc33	Fix for an Issue #251	2012-11-20 11:19:23 +01:00
Miroslav Stampar	302348b0cd	Minor update	2012-11-19 11:59:28 +01:00
Miroslav Stampar	d37be5f97b	Fix for an Issue #248	2012-11-14 15:54:24 +01:00
Miroslav Stampar	9a54a911a8	Patch for an Issue #231	2012-11-14 11:30:29 +01:00
Miroslav Stampar	6f7f9dd8eb	Patch for an Issue #242	2012-11-13 10:41:13 +01:00
Miroslav Stampar	a52dbc575b	Patch for an Issue #246	2012-11-13 10:21:11 +01:00
Miroslav Stampar	f305dde413	Patch for an Issue #235	2012-11-10 11:01:29 +01:00
Miroslav Stampar	181c3534f0	Patch for an Issue #237	2012-11-08 19:16:37 +01:00
Miroslav Stampar	e7e83defaa	Minor update	2012-11-08 11:09:34 +01:00
Miroslav Stampar	1ee0d9ce5e	Fix for an Issue #229	2012-11-05 15:58:54 +01:00
Miroslav Stampar	2de52927f3	Code refactoring (epecially Google search code)	2012-10-30 18:38:10 +01:00
Miroslav Stampar	5cfc066ac4	Minor update	2012-10-30 10:30:22 +01:00
Miroslav Stampar	7c7aff12c6	Update for an Issue #225	2012-10-30 01:26:19 +01:00
Miroslav Stampar	b0f5b4f9bc	Update for an Issue #225	2012-10-30 00:59:31 +01:00
Miroslav Stampar	a9094a35fe	Fix for an Issue #227	2012-10-30 00:20:49 +01:00
Miroslav Stampar	1d07b93730	Bug fix for --os-shell on MySQL (it was not working for a long time because of this)	2012-10-29 15:45:30 +01:00
Miroslav Stampar	5358d85d37	Important refactoring for web-based functionality	2012-10-29 15:09:05 +01:00
Miroslav Stampar	81ccf28785	Minor refactoring	2012-10-29 14:08:48 +01:00
Miroslav Stampar	359e734954	Minor refactoring	2012-10-29 10:48:49 +01:00
Miroslav Stampar	c1eb803ef5	Bug fix for MsSQL --hex --technique=E (NOT IN based queries were not working properly)	2012-10-28 21:16:51 +01:00
Miroslav Stampar	25a5073281	Bug fix for --hex/--technique=B (especially MsSQL)	2012-10-28 12:22:33 +01:00
Miroslav Stampar	8617fe0d65	Bug fix for international letters decoded with --hex on MsSQL	2012-10-28 11:50:16 +01:00
Miroslav Stampar	ca427af8b3	Minor refactoring/improvement	2012-10-28 01:42:08 +02:00
Miroslav Stampar	43ddf39bea	Minor refactoring	2012-10-28 01:16:02 +02:00
Miroslav Stampar	bcdba7b7bb	Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details	2012-10-28 01:11:50 +02:00
Miroslav Stampar	c1b8226329	Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)	2012-10-28 00:36:09 +02:00
Miroslav Stampar	965d7eee17	Minor bug fix for a reflection removal mechanism	2012-10-26 00:06:15 +02:00
Miroslav Stampar	8a5844a364	Implementation for an Issue #222	2012-10-25 13:21:32 +02:00
Miroslav Stampar	12fc9442b9	Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)	2012-10-25 10:10:23 +02:00
Miroslav Stampar	65ec715828	Fix for an Issue #218	2012-10-25 00:03:00 +02:00
Miroslav Stampar	5477c9f7ba	Fix for an Issue #216	2012-10-24 22:59:46 +02:00
Miroslav Stampar	056be32ac1	Fix for Issue #213	2012-10-23 17:06:31 +02:00
Miroslav Stampar	4365c48e83	Minor style update	2012-10-23 14:38:24 +02:00
Miroslav Stampar	06f226c494	Fix for an Issue #211	2012-10-23 14:37:45 +02:00
Miroslav Stampar	b82eb3a1ae	Fix for an Issue #210	2012-10-23 13:58:25 +02:00
Miroslav Stampar	f2bbf1ead9	Fix for raw_input raising EOFError and KeyboardInterrupt on Ctrl-C (Windows platform)	2012-10-23 11:05:00 +02:00
Miroslav Stampar	5ff2e33c43	Minor fix	2012-10-23 10:54:26 +02:00
Miroslav Stampar	68d5faa287	Minor update	2012-10-23 10:46:17 +02:00
Miroslav Stampar	f11a640e99	Undo of a previous commit (pdb left inside)	2012-10-22 14:39:35 +02:00
Miroslav Stampar	b913e2123d	Displaying hex-decoded resulting output in --hex mode	2012-10-22 14:39:11 +02:00
Miroslav Stampar	39f565533a	In case on --no-cast DUMP_REPLACEMENTS should not be used	2012-10-22 14:13:30 +02:00
Miroslav Stampar	d65d9e25cd	Implementation for an Issue #2	2012-10-19 11:02:14 +02:00
Miroslav Stampar	64b4586883	Minor update	2012-10-18 11:36:12 +02:00
Miroslav Stampar	ea49fa2db2	Fix for an Issue #206	2012-10-18 11:11:20 +02:00
Miroslav Stampar	1cb2ca4195	Minor update	2012-10-18 10:55:27 +02:00
Miroslav Stampar	2cb1b054bb	Implementation for an Issue #79	2012-10-16 12:32:58 +02:00
Miroslav Stampar	3e64ab214e	Minor update	2012-10-16 10:28:59 +02:00
Miroslav Stampar	8b57e1fce6	Minor update for an Issue #203	2012-10-15 23:15:52 +02:00
Miroslav Stampar	048e720f69	Minor refactoring for an Issue #203	2012-10-15 17:55:57 +02:00
Miroslav Stampar	9aba690a60	Patch for an Issue #203	2012-10-15 16:23:41 +02:00
Miroslav Stampar	e440b096c5	Fix for an Issue #202	2012-10-15 12:24:30 +02:00
Miroslav Stampar	56832fe9c4	Better adjustTimeDelay() candidate algorithm	2012-10-11 14:23:53 +02:00
Miroslav Stampar	e61c4c22c9	Implementation for an Issue #200	2012-10-09 15:19:47 +02:00
Miroslav Stampar	cd9a47835b	Minor consistency update	2012-10-09 14:48:26 +02:00
Miroslav Stampar	8c5fb1b064	Minor update	2012-10-09 14:46:45 +02:00
Miroslav Stampar	ea12ccec77	Minor refactoring	2012-10-09 11:33:19 +02:00
Miroslav Stampar	10b0fd21dc	Fix for an Issue #198	2012-10-09 11:27:19 +02:00
Miroslav Stampar	8e7449ccd5	Minor update	2012-10-07 20:28:24 +02:00
Miroslav Stampar	ebc7088f94	Implementation for an Issue #128	2012-10-05 10:24:09 +02:00
Miroslav Stampar	098e446ca4	Adding support for generic XML POST data	2012-10-04 18:44:12 +02:00
Miroslav Stampar	8865fe69d7	Minor cleanup	2012-10-04 18:26:07 +02:00
Miroslav Stampar	d464678e10	Minor update for an Issue #49	2012-10-04 18:01:42 +02:00
Miroslav Stampar	84b05e2d18	Better treating of numeric values (Issue #49 )	2012-10-04 16:08:37 +02:00
Miroslav Stampar	31aa9be1c7	Minor update	2012-10-04 15:40:11 +02:00
Miroslav Stampar	9129dac77b	Minor fix for an Issue #134	2012-10-04 15:33:26 +02:00
Miroslav Stampar	5d2b534908	Minor update (Issue #49 )	2012-10-04 15:23:01 +02:00
Miroslav Stampar	5b59b6feb4	Removing junk part	2012-10-04 12:09:09 +02:00
Miroslav Stampar	d570e25b1b	Minor workflow update	2012-10-04 12:05:59 +02:00
Miroslav Stampar	eddc634ceb	Minor improvement (custom injection marks are now processed in order of appearance)	2012-10-04 11:52:40 +02:00
Miroslav Stampar	3764d230be	Minor fix for Issue #197 and Issue #49	2012-10-04 11:43:37 +02:00
Miroslav Stampar	461e5ebc5f	Work for Issue #197 and Issue #49	2012-10-04 11:25:44 +02:00
Miroslav Stampar	bcbf0571a5	Implementation for an Issue #49	2012-10-02 14:23:58 +02:00
Miroslav Stampar	763dc98311	Minor refactoring	2012-10-02 13:36:15 +02:00
Miroslav Stampar	687f3991de	Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.	2012-09-26 11:27:43 +02:00
Miroslav Stampar	6bc5f44b20	Minor just in case update for an Issue #195 (safer behavior on forced charsets)	2012-09-25 15:09:07 +02:00
Miroslav Stampar	efe4c13ed1	Update regarding suffixQuery (user supplied --suffix should nullify any eventual payload comments)	2012-09-25 14:36:15 +02:00
Miroslav Stampar	fccdb824bb	Patch for an Issue #193	2012-09-25 11:21:39 +02:00
Miroslav Stampar	c9e7e71ea2	Implementation for an Issue #195	2012-09-25 10:17:25 +02:00
Miroslav Stampar	9ca7b3e20e	Implementation for an Issue #194	2012-09-25 09:25:35 +02:00
Miroslav Stampar	d175decdfc	Fix for an Issue #190	2012-09-22 20:59:40 +02:00
Miroslav Stampar	9a1fbb8941	Fix for an Issue #185	2012-09-13 14:22:26 +02:00
Miroslav Stampar	a64438fb5c	Minor language update	2012-09-11 19:45:40 +02:00
Miroslav Stampar	05dced5418	Minor language update	2012-09-11 19:43:03 +02:00
Miroslav Stampar	511c3b8dcc	Update and fix for an Issue #182	2012-09-11 14:58:52 +02:00
Miroslav Stampar	f26ea04e38	Fix for an Issue #175	2012-09-07 17:06:38 +02:00
Miroslav Stampar	e4bc471f81	Fix for an Issue #173	2012-09-07 10:09:19 +02:00
Miroslav Stampar	a3baf94e9b	Minor style update	2012-09-07 10:09:00 +02:00
Miroslav Stampar	cea5127ffd	Update for an Issue #6	2012-09-06 15:51:38 +02:00
Miroslav Stampar	c3d191e626	Minor update for an Issue #2	2012-09-06 14:13:54 +02:00
Miroslav Stampar	1e238b5a5a	Minor update	2012-09-06 13:36:34 +02:00
Miroslav Stampar	f6716cf7c0	Fix for an Issue #170	2012-09-01 23:52:00 +02:00
Miroslav Stampar	2170e64ca5	Minor bug fix	2012-08-31 19:48:45 +02:00
Miroslav Stampar	33980adaef	Another update for an Issue #79	2012-08-31 12:46:38 +02:00
Miroslav Stampar	7286d89cb6	Few fixes for an Issue #79 (problem with case sensitivity of request get_header)	2012-08-31 12:15:09 +02:00
Miroslav Stampar	2806185989	Minor refactoring	2012-08-31 10:43:06 +02:00
Miroslav Stampar	74a5d41272	Minor update for an Issue #79	2012-08-31 10:24:47 +02:00
Miroslav Stampar	a89d61415a	'Patch' for an Issue #167	2012-08-29 21:29:27 +02:00
Miroslav Stampar	9674b174ee	One more minor update related to last commit	2012-08-23 15:37:17 +02:00
Miroslav Stampar	b79247c197	Minor update	2012-08-23 15:22:14 +02:00
Miroslav Stampar	e9ae44c6fc	Implementation for an #162	2012-08-22 16:50:01 +02:00
Miroslav Stampar	a62a874d59	Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets)	2012-08-22 16:06:09 +02:00
Miroslav Stampar	52351e5d81	Update for an Issue #161 (now detecting format error messages too)	2012-08-22 15:51:47 +02:00
Miroslav Stampar	a6d743ec4c	Minor console output fix (redundant newline has been displayed in case of rawInput)	2012-08-22 14:43:57 +02:00
Miroslav Stampar	8a5042b6a4	Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)	2012-08-22 11:56:30 +02:00
Miroslav Stampar	61151447fe	Implementation of an Issue #161	2012-08-22 11:27:58 +02:00
Miroslav Stampar	2c66ca39f1	Wrong limit number has been used (MySQL LIMIT/OFFSET starts with 0)	2012-08-22 09:53:53 +02:00
Miroslav Stampar	ad59abe018	Cleaning leftover	2012-08-21 14:37:09 +02:00
Miroslav Stampar	1b86fffc6d	Fix for an Issue #157	2012-08-21 14:36:04 +02:00
Miroslav Stampar	d421f9a618	Fix for an Issue #157	2012-08-21 14:34:19 +02:00
Miroslav Stampar	1bcf5a6b88	Some more dict refactorings	2012-08-21 11:30:01 +02:00
Miroslav Stampar	01f481c332	Minor refactoring of dictionaries	2012-08-21 11:19:15 +02:00
Miroslav Stampar	b7415d36df	Minor refactoring	2012-08-21 10:28:25 +02:00
Miroslav Stampar	8ee9feafb9	Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)	2012-08-20 21:57:25 +02:00
Miroslav Stampar	823dde73ab	Minor cleanup	2012-08-20 11:40:49 +02:00
Miroslav Stampar	e0d9fa8666	Minor style update	2012-08-20 11:28:41 +02:00
Miroslav Stampar	59078bb1b8	Fix for an Issue #154	2012-08-20 10:05:13 +02:00
Miroslav Stampar	4649450603	Fix for an Issue #137	2012-08-16 22:20:24 +02:00
Miroslav Stampar	0d8fca30c9	Fix for an Issue #59	2012-08-16 11:31:43 +02:00
Miroslav Stampar	1af81c0de4	Implementation of an Issue #149	2012-08-15 22:31:25 +02:00
Miroslav Stampar	f358ab2e73	Implementation of an Issue #147	2012-08-15 16:37:18 +02:00
Miroslav Stampar	36b55cf209	Proper fix for an Issue #145	2012-08-14 22:28:42 +02:00
Miroslav Stampar	ab35ab4e2a	Fix for an Issue #145	2012-08-14 18:52:45 +02:00
Miroslav Stampar	432b567584	Fix for an Issue #141	2012-08-08 00:03:58 +02:00
Miroslav Stampar	31ceb0cb6c	Fix for an Issue #140	2012-08-07 10:57:29 +02:00
Miroslav Stampar	fec8a5cc9d	Fix for an Issue #139	2012-08-07 00:50:58 +02:00
Miroslav Stampar	f797a6d813	Fix for an Issue #125	2012-07-31 13:06:45 +02:00
Miroslav Stampar	6f529542e3	Making those --string tips (containing escaped characters) decodable by sqlmap	2012-07-31 11:32:53 +02:00
Miroslav Stampar	142fc887f1	Fix for an Issue #129	2012-07-31 11:03:44 +02:00
Miroslav Stampar	bdbe8ff9d9	Fix for an Issue #132	2012-07-30 22:39:45 +02:00
Miroslav Stampar	b9ac50faef	Minor bug fix	2012-07-30 12:09:20 +02:00
Miroslav Stampar	a86f9798b2	Minor refactoring together with a wider support for html entities	2012-07-30 11:21:32 +02:00
Miroslav Stampar	20a66567a3	Minor refactoring	2012-07-30 10:06:14 +02:00
Miroslav Stampar	1669c6bdb4	Another update for an Issue #28	2012-07-27 17:05:21 +02:00
Miroslav Stampar	6ffc5665d0	Update for Issue #28	2012-07-27 16:29:33 +02:00
Bernardo Damele	92c2b3bd4c	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-26 23:11:11 +01:00
Bernardo Damele	d492291744	working on issue #12	2012-07-26 23:11:07 +01:00
Miroslav Stampar	efa99c4519	Implementation for an Issue #4	2012-07-26 14:07:05 +02:00
Miroslav Stampar	b3552494c4	Minor preparation for an Issue #48	2012-07-26 12:26:57 +02:00
Miroslav Stampar	3e9f1fe410	Minor style update	2012-07-26 12:13:16 +02:00
Miroslav Stampar	30f8d09651	Implementation for an Issue #70	2012-07-26 12:06:02 +02:00
Miroslav Stampar	231f0f76b5	Fix for an Issue #119	2012-07-26 00:49:51 +02:00
Miroslav Stampar	cba77410a9	Minor style update	2012-07-26 00:08:49 +02:00
Miroslav Stampar	18b1d1efd6	Fix for an Issue #121	2012-07-26 00:02:38 +02:00
Miroslav Stampar	922ea9d1f4	Update for Issue #118	2012-07-24 15:43:29 +02:00
Miroslav Stampar	f8c9868cb6	Implementation for an Issue #118	2012-07-24 15:34:50 +02:00
Miroslav Stampar	42f518b2d6	Minor update for letting unhandledExceptionMessage() do it's job if kb has not yet been initialized	2012-07-24 14:44:44 +02:00
Miroslav Stampar	b820975217	Improvement of decodeIntToUnicode()	2012-07-23 19:31:06 +02:00
Miroslav Stampar	ab9cb80602	Implementing Issue #111	2012-07-23 15:14:52 +02:00
Miroslav Stampar	6809449e31	Minor style update	2012-07-23 15:06:49 +02:00
Miroslav Stampar	a7d1a0c250	Implementation for an Issue #117	2012-07-23 14:14:22 +02:00
Miroslav Stampar	1b6cb9442f	Fix for an Issue #114	2012-07-21 23:31:36 +02:00
Miroslav Stampar	95e0d46e3e	Fix for an Issue #110	2012-07-21 09:15:54 +02:00
Miroslav Stampar	dcf8a27f12	Implementation for an Issue #67	2012-07-18 14:24:10 +02:00
Miroslav Stampar	4fc462c4d9	Minor update for an Issue #105	2012-07-18 14:09:04 +02:00
Miroslav Stampar	655dd55a6f	Implementation of an Issue #105	2012-07-18 13:32:34 +02:00
Miroslav Stampar	08244c7ebf	Fix for an Issue #104	2012-07-17 15:05:50 +02:00
Miroslav Stampar	e30646a54f	Fix for an Issue #103	2012-07-17 10:36:22 +02:00
Miroslav Stampar	d6ceb7af5e	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-17 00:19:52 +02:00
Miroslav Stampar	81d15e5051	Fix for an Issue #101	2012-07-17 00:19:33 +02:00
Bernardo Damele	5f876bdbbe	minor adjustments	2012-07-16 22:50:29 +01:00
Miroslav Stampar	c96e44b30c	Fix for an Issue #100	2012-07-16 23:28:01 +02:00
Miroslav Stampar	ffbbb10abb	Support for dotted identificator names	2012-07-16 23:13:21 +02:00
Miroslav Stampar	0eff977c63	Refactoring for Issue #91	2012-07-16 12:24:54 +02:00
Miroslav Stampar	4d759984b2	Implementation for Issue #91	2012-07-16 12:12:52 +02:00
Miroslav Stampar	c1a14257a4	Removing --disable... switches and making changes in default choice(s) for respectable sections	2012-07-16 11:31:51 +02:00
Miroslav Stampar	07a85874fe	Implementation for Issue #92	2012-07-16 11:07:47 +02:00
Miroslav Stampar	87ecf205cb	More work for Issue #66	2012-07-14 17:01:04 +02:00
Miroslav Stampar	38d82771be	Minor style update	2012-07-14 11:23:22 +02:00
Miroslav Stampar	805120ac52	Minor refactoring	2012-07-14 11:01:30 +02:00
Miroslav Stampar	9a7fc24ec2	Minor style update	2012-07-13 15:22:08 +02:00
Miroslav Stampar	32b700f130	Minor style update	2012-07-13 15:02:11 +02:00
Miroslav Stampar	fbb5db00ba	Minor style update	2012-07-13 15:00:39 +02:00
Miroslav Stampar	786686da60	Minor language update	2012-07-13 14:53:42 +02:00
Miroslav Stampar	3c81f74823	Minor style update	2012-07-13 12:22:37 +02:00
Miroslav Stampar	6ade007aec	Minor update of language	2012-07-13 12:13:04 +02:00
Miroslav Stampar	c5ecc8b8db	Closing work on Issue #83	2012-07-13 11:23:21 +02:00
Miroslav Stampar	48f68bd076	First commit for Issue #83	2012-07-13 10:35:22 +02:00
Miroslav Stampar	d834e8debf	Minor update	2012-07-13 10:28:03 +02:00
Miroslav Stampar	b11fd8b9f7	Fix for an Issue #87	2012-07-13 10:11:16 +02:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Miroslav Stampar	a49d685eb8	Hidding --beep (Issue #84 )	2012-07-12 17:03:24 +02:00
Miroslav Stampar	569c9214bf	Adding support for boldifying important logging messages	2012-07-12 16:30:35 +02:00
Miroslav Stampar	b2fe1c30f8	Minority report	2012-07-12 16:04:01 +02:00
Miroslav Stampar	8e18514e56	Minor refactoring for all that stickyness	2012-07-12 15:58:45 +02:00
Miroslav Stampar	fe61bdce75	Minor update	2012-07-12 15:25:26 +02:00
Miroslav Stampar	dbbca16c69	Minor renaming	2012-07-12 15:24:40 +02:00
Miroslav Stampar	9bc24cea6b	Dealing with kb.currentMessage issue	2012-07-12 15:23:35 +02:00
Miroslav Stampar	b320dc118d	Minor fix (recognizing if it's colorizing handler or not)	2012-07-12 14:55:54 +02:00
Miroslav Stampar	65639cdda6	First update for Issue #75 (error-based dumping)	2012-07-12 14:31:28 +02:00
Miroslav Stampar	3fd5119f3f	Redesigning for Issue #75	2012-07-12 13:42:22 +02:00
Bernardo Damele	3d66e2dfb1	minor bug fix	2012-07-12 10:47:51 +01:00
Bernardo Damele	ee3aeb8dcf	actual implementation of issue #75 , still some work to do	2012-07-12 01:16:00 +01:00
Bernardo Damele	a5924739f6	minor code refactoring in preparation of ticket #75	2012-07-12 01:12:30 +01:00
Bernardo Damele	53c0336b48	added --hostname switch to retrieve DBMS server hostname - closes issue #69	2012-07-12 00:01:57 +01:00
Bernardo Damele	4e64c1126d	restored bold on questions to users (calls from readInput()) - issue #77	2012-07-11 22:56:11 +01:00
Bernardo Damele	247f95e051	restored kb.currentMessage - needed in cases where we send to dataToStdout() strings like "." (e.g. "creation in progres ..... done")	2012-07-11 22:48:27 +01:00
Bernardo Damele	2b3ea3e3b7	fixed colouring for PAYLOAD (-v 3) - issue #77	2012-07-11 22:40:52 +01:00
Miroslav Stampar	15ee5310d9	Adding traffic in and out to color_map	2012-07-11 20:42:18 +02:00
Miroslav Stampar	43cac2212b	Fix for a case when ColorizingStreamHandler is not used	2012-07-11 20:36:32 +02:00
Miroslav Stampar	72378d4f61	Some more refactoring	2012-07-11 20:29:48 +02:00
Miroslav Stampar	c6464b44be	Some more refactoring	2012-07-11 20:13:23 +02:00
Miroslav Stampar	d7926b8aac	Minor refactoring	2012-07-11 19:54:21 +02:00
Bernardo Damele	53ccd09ca4	now also readInput() uses colouring	2012-07-11 17:53:32 +01:00
Bernardo Damele	02ec25b4b8	code refactoring	2012-07-11 17:44:23 +01:00
Bernardo Damele	77b275f1a6	conf->kb	2012-07-11 17:32:12 +01:00
Bernardo Damele	1d2c87e24e	leftover	2012-07-11 17:22:01 +01:00
Bernardo Damele	105ac8ea77	deleted unnecessary hg file	2012-07-11 17:06:56 +01:00
Bernardo Damele	fa2f6f9a39	colourize manually crafter "logging" messages	2012-07-11 16:48:30 +01:00
Bernardo Damele	f219b39980	minor fix in case ctypes is not installed on Windows	2012-07-10 13:08:37 +01:00
Miroslav Stampar	8caffac4bc	conf.unescape->kb.unescape	2012-07-10 10:55:04 +02:00
Miroslav Stampar	e7f78bf04f	Fix for an issue where False value was displayed for --is.. switches	2012-07-10 10:31:14 +02:00
Bernardo Damele	ea77e7d9d1	added missing file - issue #77	2012-07-10 03:00:21 +01:00
Bernardo Damele	eb7ffb8f91	setup for implementing logging colouring - issue #77	2012-07-10 02:54:37 +01:00
Bernardo Damele	0a3899858d	missed in previous commit	2012-07-10 01:37:53 +01:00
Bernardo Damele	a27f50ed1d	added conf.unescape global variable to control whether or not the injected statements should be unescaped	2012-07-10 01:37:16 +01:00
Bernardo Damele	f645ac6040	dealing with variables in SQL procs - issue #33	2012-07-10 01:05:03 +01:00
Bernardo Damele	2527554f8e	more work on #33	2012-07-10 00:53:07 +01:00
Bernardo Damele	c4af7b9aa0	initial work for issue #33	2012-07-10 00:27:08 +01:00
Bernardo Damele	d3da3f5c52	refactoring for issue #51	2012-07-10 00:19:32 +01:00
Bernardo Damele	99c5ea54f7	cleanup for #34	2012-07-09 12:39:43 +01:00
Miroslav Stampar	3ff28e58b4	Update regarding Issue #52	2012-07-08 19:24:25 +02:00
Miroslav Stampar	0d539a876d	Minor fix (subversion->github)	2012-07-07 23:49:34 +02:00
Miroslav Stampar	a525dd4336	Fix for Issue #72	2012-07-07 19:02:46 +02:00
Miroslav Stampar	f00a776d8d	Minor fix for BigArray (now accepting negative indexes)	2012-07-07 10:35:29 +02:00
Miroslav Stampar	8c871476ee	Some more refactoring	2012-07-06 17:34:40 +02:00
Miroslav Stampar	6bc0b34031	Some more refactoring	2012-07-06 17:28:01 +02:00
Miroslav Stampar	e948e4d45b	Some more refactoring	2012-07-06 17:18:22 +02:00
Miroslav Stampar	438a636973	Fix for issue Issue #60	2012-07-06 15:36:32 +02:00
Miroslav Stampar	6a05e3fd79	Fix for Issue #61	2012-07-06 14:24:44 +02:00
Miroslav Stampar	1ebff35b19	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-06 12:25:21 +02:00
Miroslav Stampar	982fcde1c0	Fix for Issue #62	2012-07-06 12:24:55 +02:00
Bernardo Damele	4fa6d51d93	improved issues link	2012-07-05 16:26:50 +01:00
Miroslav Stampar	c3c1b9e957	Minor restyling	2012-07-04 20:28:18 +02:00
Miroslav Stampar	23fb753759	Finishing work on Issue #52	2012-07-03 22:13:01 +02:00
Miroslav Stampar	40fc6488bf	Fix for Issue #56 (Google has changed few things for retrieving PR)	2012-07-03 21:00:18 +02:00
Miroslav Stampar	bbf41f6658	Removing debugging leftover	2012-07-03 16:50:05 +02:00
Miroslav Stampar	ada627a022	Another update for Issue #52	2012-07-03 16:49:34 +02:00
Miroslav Stampar	70f754f6c5	Making work on Issue #52	2012-07-03 16:34:11 +02:00
Bernardo Damele	793fa464e3	website url fix	2012-07-03 13:14:39 +01:00
Miroslav Stampar	481b46a004	Restyling output for Issue #52	2012-07-03 13:06:52 +02:00
Miroslav Stampar	3af1532700	Implementation for Issue #54	2012-07-03 12:09:18 +02:00
Miroslav Stampar	5af6ca58a0	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-03 00:50:45 +02:00
Miroslav Stampar	168aeadf76	Adding switch --output-dir (Issue #53 )	2012-07-03 00:50:23 +02:00
Bernardo Damele	04d803c7fd	more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)	2012-07-02 15:02:00 +01:00
Miroslav Stampar	8eefe4b71f	Getting back revision number - displayed like in GitHub commits (Issue #52 )	2012-07-02 13:01:20 +02:00
Bernardo Damele	7b4ecd9df0	added skeleton code for issue #34 , still not usable	2012-07-02 00:22:34 +01:00
Bernardo Damele	4736d46677	just in case..	2012-07-02 00:00:46 +01:00
Bernardo Damele	03d2c9c818	placeholder message when --update is provided, remove when the function is updated to pull changes from git	2012-07-01 23:59:44 +01:00
Miroslav Stampar	d7cd55fb28	Fix for Issue #47	2012-07-01 11:05:04 +02:00
Miroslav Stampar	21d9ae0a2c	some more refactoring	2012-07-01 01:19:54 +02:00
Miroslav Stampar	f6509db31a	minor refactoring	2012-07-01 00:33:19 +02:00
Miroslav Stampar	e51d3a02f1	Update for Issue #43 (renamed --disable-cracking to --disable-hash)	2012-06-28 18:53:47 +02:00
Miroslav Stampar	18b596ea75	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-06-28 18:48:18 +02:00
Miroslav Stampar	c8bac658f3	Fix for Issue #43	2012-06-28 18:47:55 +02:00
Miroslav Stampar	2a72fcce2b	Fix for Issue #42	2012-06-28 13:55:30 +02:00
jekil	c39e5a85ba	Removed $id$ tags	2012-06-27 20:56:43 +02:00
Miroslav Stampar	ea5d483c86	session file no more	2012-06-21 11:19:30 +00:00
Miroslav Stampar	ec44e88db8	lots of refactoring regarding removal of already obsolete session file mechanism	2012-06-21 10:09:10 +00:00
Miroslav Stampar	1e67b4f0b9	minor fix	2012-06-20 14:16:26 +00:00
Miroslav Stampar	302d782a0f	minor style update	2012-06-19 08:33:51 +00:00
Miroslav Stampar	452ef202ae	minor fixes	2012-06-17 22:48:23 +00:00
Miroslav Stampar	b9f6943a42	minor update	2012-06-17 21:23:12 +00:00
Miroslav Stampar	06be7bbb18	few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)	2012-06-15 20:41:53 +00:00
Miroslav Stampar	76c873a222	minor fix	2012-06-15 06:22:44 +00:00
Miroslav Stampar	76584ff0fa	unhidding --test-filter	2012-06-14 14:36:53 +00:00
Miroslav Stampar	d2dd47fb23	some more refactoring	2012-06-14 13:52:56 +00:00
Miroslav Stampar	3a90105fbb	minor refactoring	2012-06-14 13:38:53 +00:00
Miroslav Stampar	1204eb00b2	minor fix	2012-06-14 12:46:32 +00:00
Miroslav Stampar	19c0efec59	just a minor refactoring	2012-06-14 09:10:28 +00:00
Miroslav Stampar	a51d8c4c79	replacing identifier safe char " with [] enclosing for MsSQL	2012-06-13 15:27:42 +00:00
Miroslav Stampar	367de838c1	minor update	2012-06-13 14:08:32 +00:00
Miroslav Stampar	d7f698fa14	minor update	2012-06-11 22:01:13 +00:00
Miroslav Stampar	058a9c59a2	fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)	2012-06-05 22:40:55 +00:00
Miroslav Stampar	f94ebe3107	minor fix (credentials were only set for the first target)	2012-06-04 22:30:12 +00:00
Miroslav Stampar	7b282b1d6c	adding support for newer SSL protocols	2012-06-04 19:46:28 +00:00
Miroslav Stampar	10b0639a96	making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)	2012-06-04 09:24:46 +00:00
Miroslav Stampar	b1d82422a0	changing conf.dnsDomain to conf.dName just because of long text problems in help listing	2012-05-28 14:15:04 +00:00
Miroslav Stampar	76eeba10e2	unhiding --dns-domain switch	2012-05-27 18:41:06 +00:00
Miroslav Stampar	71ff081fde	minor update	2012-05-27 09:11:19 +00:00
Miroslav Stampar	d335ec0c34	turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars	2012-05-26 07:00:26 +00:00
Miroslav Stampar	db526bdbc0	minor update (tainted values are not checked any more in multipleTargets mode)	2012-05-25 09:52:17 +00:00
Miroslav Stampar	c394610740	adding switch --skip-urlencode to skip URL encoding of POST data	2012-05-24 23:30:33 +00:00
Miroslav Stampar	86fdad2bfa	minor update	2012-05-24 22:07:50 +00:00
Miroslav Stampar	eed8d7eb5d	finalizing support for IPv6	2012-05-24 21:55:57 +00:00
Miroslav Stampar	b6d37d766a	minor update regarding IPv6 support	2012-05-24 21:49:20 +00:00
Miroslav Stampar	92286104e3	minor just in case update	2012-05-24 21:39:10 +00:00
Miroslav Stampar	3e9c57d177	minor fix	2012-05-24 21:36:35 +00:00
Miroslav Stampar	be76928293	minor fix	2012-05-24 20:53:01 +00:00
Miroslav Stampar	2538e2d5b4	fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring	2012-05-22 09:33:22 +00:00
Miroslav Stampar	2c057d5b3d	minor style update	2012-05-21 22:40:52 +00:00
Miroslav Stampar	bbfa4b6d5d	minor update	2012-05-14 14:38:16 +00:00
Miroslav Stampar	333f8057a5	minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces	2012-05-14 14:06:43 +00:00
Miroslav Stampar	595f69fa2c	minor language update	2012-05-10 18:30:25 +00:00
Miroslav Stampar	35f400b45b	minor language upgrade	2012-05-10 18:25:12 +00:00
Miroslav Stampar	80aedbe284	adding a warning about --tor switch	2012-05-10 18:17:32 +00:00
Miroslav Stampar	b81fe42d4b	turning off null connection on -o when --tor used (not compatible)	2012-05-10 17:50:54 +00:00
Miroslav Stampar	efdd86ddcc	minor just in case patch	2012-05-10 14:22:34 +00:00
Miroslav Stampar	6367f59b98	minor code refactoring	2012-05-10 14:15:17 +00:00
Miroslav Stampar	1418ae9767	little refactoring of parseUnionPage together with a patch for some special case	2012-05-09 18:47:40 +00:00
Miroslav Stampar	37f2709197	making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)	2012-05-09 09:08:23 +00:00
Miroslav Stampar	64c241fe92	limiting original UNION query results to only 1 result (potentially speeding things up in some cases)	2012-05-08 13:45:53 +00:00
Miroslav Stampar	a121339395	automatically writing uncracked hashes to a file for eventual further processing	2012-05-08 10:46:05 +00:00
Miroslav Stampar	96299d3d5d	minor refactoring	2012-05-03 22:34:18 +00:00
Miroslav Stampar	cc28f6db6b	minor update	2012-05-01 20:43:16 +00:00
Miroslav Stampar	17efeaae7f	causing too much confusion among dummy users	2012-05-01 09:04:11 +00:00
Miroslav Stampar	694b14111f	skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set)	2012-04-27 13:16:51 +00:00
Miroslav Stampar	6f67dc85ee	adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical	2012-04-25 20:29:07 +00:00
Miroslav Stampar	cec432f94d	minor update	2012-04-23 14:43:59 +00:00
Miroslav Stampar	697768c01a	adding --purge-output to be one of mandatory switches	2012-04-23 14:42:24 +00:00
Miroslav Stampar	d57d5e4b2c	minor update	2012-04-23 14:33:36 +00:00
Miroslav Stampar	1eecfb3dce	adding new file related to the last commit	2012-04-23 14:25:16 +00:00
Miroslav Stampar	095b25e1d1	adding option '--purge'	2012-04-23 14:24:23 +00:00
Miroslav Stampar	be2da77bf8	minor update	2012-04-23 10:15:04 +00:00
Miroslav Stampar	21c6b52198	minor fix	2012-04-23 10:11:00 +00:00
Miroslav Stampar	2b1b4c0742	minor fix	2012-04-18 10:01:04 +00:00
Miroslav Stampar	6ebb621228	adding support for (custom) POST injection (marking injection point with '*' in conf.data)	2012-04-17 14:23:00 +00:00
Miroslav Stampar	efd27d7ade	minor renaming	2012-04-17 08:41:19 +00:00
Miroslav Stampar	601d118c68	reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)	2012-04-15 16:59:03 +00:00
Miroslav Stampar	052d9455fe	warning user in cases of "User xyz already has more than 'max_user_connections' active connections"	2012-04-12 09:44:54 +00:00
Miroslav Stampar	c7422546e1	tiny update	2012-04-11 23:01:38 +00:00
Miroslav Stampar	2bad73a981	minor update	2012-04-11 21:48:44 +00:00
Miroslav Stampar	e195de2093	correcting comment on reflective removal function	2012-04-11 21:41:48 +00:00
Miroslav Stampar	b45ae10da4	minor fixes	2012-04-11 21:36:37 +00:00
Miroslav Stampar	627bfc589f	some more updates in reflective removal mechanism	2012-04-11 21:26:00 +00:00
Miroslav Stampar	8b130f6497	minor improvement for reflective values (when missing first part of payload like in error reports)	2012-04-11 15:01:28 +00:00
Miroslav Stampar	01bd5d0ab2	some more updates for reflective mechanism	2012-04-11 10:41:33 +00:00
Miroslav Stampar	2e92d8636e	improvement of reflective mechanism	2012-04-11 08:58:03 +00:00
Miroslav Stampar	60ca44e0cf	minor adjustment	2012-04-11 08:35:09 +00:00
Miroslav Stampar	8541222080	minor update	2012-04-10 22:26:42 +00:00
Miroslav Stampar	9c2f244d47	minor fix	2012-04-10 22:20:53 +00:00
Miroslav Stampar	119eec3598	improving "boolean detection" by automatic recognition of convenient --string candidate	2012-04-10 21:48:34 +00:00
Miroslav Stampar	8c6eb4faa9	adding support for PgSQL DNS data exfiltration	2012-04-07 14:06:11 +00:00
Miroslav Stampar	b2afa87e48	reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)	2012-04-06 08:42:36 +00:00
Miroslav Stampar	2223c884e5	minor refactoring	2012-04-05 12:55:26 +00:00
Miroslav Stampar	02924eb345	minor update	2012-04-04 23:47:06 +00:00
Bernardo Damele	d106fb5184	layout adjustments	2012-04-04 12:27:24 +00:00
Miroslav Stampar	1b2cd44255	proper fix	2012-04-04 10:35:52 +00:00
Miroslav Stampar	7031ef8e00	removing default values for referer and host from higher level/risk options	2012-04-04 10:34:27 +00:00
Miroslav Stampar	b0787f193c	getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)	2012-04-03 14:34:15 +00:00
Miroslav Stampar	33bb9c5f19	much cleaner approach in that "flat" representation of retrieved items in union technique	2012-04-03 13:56:11 +00:00
Miroslav Stampar	e05109812f	minor improvements regarding data retrieval through DNS channel	2012-04-03 09:18:30 +00:00
Miroslav Stampar	2c28423cb8	minor update	2012-04-02 14:57:15 +00:00
Miroslav Stampar	1cd3c3f7af	further update of DNS data retrieval mechanism through SQLi	2012-04-02 14:05:30 +00:00
Miroslav Stampar	1e01203562	few just in case "patches"	2012-04-02 12:58:10 +00:00
Miroslav Stampar	d908d078dd	minor fix	2012-04-02 12:27:30 +00:00
Miroslav Stampar	abffc39929	minor update regarding DNS data retrieval task	2012-04-02 12:22:40 +00:00
Miroslav Stampar	f7a664b120	enablind DNS server for DNS data exfiltration	2012-03-31 12:08:27 +00:00
Miroslav Stampar	8be9cd4ac4	bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value)	2012-03-31 10:22:50 +00:00
Miroslav Stampar	56638f9e95	making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection	2012-03-30 10:50:01 +00:00
Miroslav Stampar	79c3d6f2aa	minor update	2012-03-30 10:37:46 +00:00
Miroslav Stampar	637a8d8273	improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism	2012-03-29 14:33:27 +00:00
Miroslav Stampar	772ead8d03	fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values	2012-03-29 12:44:20 +00:00
Miroslav Stampar	60146481af	bug fix(es) (flags were used in place of count parameter in re.sub() calls)	2012-03-28 19:33:00 +00:00
Miroslav Stampar	9433bbe26d	memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)	2012-03-28 19:27:12 +00:00
Miroslav Stampar	7fd64df167	minor code cleaning	2012-03-28 13:31:07 +00:00
Miroslav Stampar	11132ba993	fix for a bug in reflection removal mechanism	2012-03-19 14:28:18 +00:00
Miroslav Stampar	0fc4288a7c	modifying redirection code for only two choices	2012-03-18 17:27:08 +00:00
Miroslav Stampar	cbdcbdd786	minor minor update	2012-03-16 11:18:18 +00:00
Miroslav Stampar	adb5fff6b2	one more update related to the redirection mechanism	2012-03-15 20:17:40 +00:00
Miroslav Stampar	19beb912fa	first step toward negative logic support	2012-03-15 15:52:12 +00:00
Miroslav Stampar	3d9b1599d1	minor update	2012-03-15 11:45:32 +00:00
Miroslav Stampar	a8c9a47092	redirect logic rewritten from scratch	2012-03-15 11:10:58 +00:00
Bernardo Damele	890bf708bc	Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)	2012-03-15 00:19:57 +00:00
Miroslav Stampar	ca0d068575	distinguishing NULL from BLANK	2012-03-14 13:52:23 +00:00
Miroslav Stampar	61ad3b999a	fix for a crash with partial union and --hex	2012-03-14 10:31:24 +00:00
Miroslav Stampar	a7fbc55748	grammar fix	2012-03-13 22:03:23 +00:00
Miroslav Stampar	e827f41cdb	using pickle HIGHEST_PROTOCOL just in case	2012-03-13 09:35:37 +00:00
Miroslav Stampar	cda8815634	introducing safe deprecation mechanism for HashDB versioning	2012-03-12 22:55:57 +00:00
Miroslav Stampar	6ed1b04bbe	minor update	2012-03-12 13:27:07 +00:00
Bernardo Damele	c79807f5fb	Minor layout adjustments	2012-03-08 15:11:24 +00:00
Miroslav Stampar	775e424bf2	bug fix for using --no-cast and --hex switches together	2012-03-08 15:04:52 +00:00
Miroslav Stampar	11c7cc5224	minor temporary fix	2012-03-08 11:08:43 +00:00
Miroslav Stampar	98a3e43f53	bug fix for writing raw pickled data into SQLite HashDB	2012-03-08 10:57:47 +00:00
Miroslav Stampar	cd28eb6544	minor update regarding --load-cookies	2012-03-08 10:19:34 +00:00
Miroslav Stampar	2c87d061e9	minor update	2012-03-08 10:03:59 +00:00
Miroslav Stampar	b4cf8b05b3	added switch --load-cookies	2012-03-07 14:48:45 +00:00
Miroslav Stampar	4cfea96471	minor update	2012-03-05 09:56:48 +00:00
Miroslav Stampar	ac5a752b12	Oracle's XMLType doesn't like '#' char too	2012-03-01 11:59:37 +00:00
Miroslav Stampar	37db27b720	turning back on automatic adjusting of delays in time based queries	2012-02-29 15:51:23 +00:00
Miroslav Stampar	0205d96d7b	minor fix	2012-02-29 15:38:01 +00:00
Miroslav Stampar	8b9c5c66cc	code refactoring regarding charsetType inside inference/bisection	2012-02-29 14:36:23 +00:00
Miroslav Stampar	f6f98f1b41	minor improvement	2012-02-29 14:19:59 +00:00
Miroslav Stampar	d06182347f	fixing few potential problems	2012-02-29 13:56:40 +00:00
Miroslav Stampar	f142c0f782	minor update	2012-02-28 14:04:13 +00:00
Miroslav Stampar	22b3fa0749	minor update	2012-02-27 15:28:36 +00:00
Miroslav Stampar	a9bf0297f6	moving injection data to HashDB	2012-02-27 13:44:07 +00:00
Miroslav Stampar	68e08d2749	minor fix for not displaying 'None' but None in enumeration when data unavailable	2012-02-27 13:15:10 +00:00
Miroslav Stampar	3909658fc2	few minor just in case updates	2012-02-27 11:15:53 +00:00
Miroslav Stampar	85125018a1	minor bug fix	2012-02-25 22:54:32 +00:00
Miroslav Stampar	5d307cf886	minor update	2012-02-25 10:54:39 +00:00
Miroslav Stampar	06ab3fa134	minor update	2012-02-25 10:53:38 +00:00
Miroslav Stampar	74b19a0386	minor update	2012-02-25 10:43:10 +00:00
Miroslav Stampar	5b67af3b20	minor update	2012-02-24 15:03:39 +00:00
Miroslav Stampar	8a203ef79d	making session data strictly dependent on url through HashDB helper functions	2012-02-24 14:58:24 +00:00
Miroslav Stampar	c36cbbb3ae	minor fix	2012-02-24 14:54:10 +00:00
Miroslav Stampar	9d6fd2e507	bug fix for --schema --technique=BST	2012-02-24 14:12:19 +00:00
Miroslav Stampar	f94b91ad87	added helper function for HashDB data storing/retrieval	2012-02-24 13:07:20 +00:00
Miroslav Stampar	b481c0352f	minor update	2012-02-24 11:25:56 +00:00
Miroslav Stampar	1f6ce265b9	minor fix	2012-02-24 11:05:04 +00:00
Miroslav Stampar	5afbd52b61	more update related to last commits	2012-02-24 10:57:23 +00:00
Miroslav Stampar	570d3a19c2	more general fix	2012-02-24 10:53:28 +00:00
Miroslav Stampar	e8352e504f	fixing problems with chars deletition by logging messages in inference mode	2012-02-24 10:48:19 +00:00
Miroslav Stampar	71028a81f5	fix for proper retrieval of columns in SQLite	2012-02-24 09:55:13 +00:00
Miroslav Stampar	7941504c3a	minor update	2012-02-23 15:32:36 +00:00
Miroslav Stampar	0478e4166a	minor justin case fix	2012-02-23 15:19:20 +00:00
Miroslav Stampar	6e54cb171f	minor code restyling	2012-02-22 15:53:36 +00:00
Miroslav Stampar	61a25418a9	minor update	2012-02-22 10:45:10 +00:00
Miroslav Stampar	b3bd4144f5	removing of unused imports together with some general code refactoring	2012-02-22 10:40:11 +00:00
Miroslav Stampar	386e98a0e3	using UNION SELECT for where=..NEGATIVE	2012-02-22 09:41:58 +00:00
Miroslav Stampar	686eacda9a	minor update regarding --hex	2012-02-21 13:38:18 +00:00
Miroslav Stampar	bcf3255fe1	implementation of switch --hex for 4 major DBMSes	2012-02-21 11:44:48 +00:00
Miroslav Stampar	3e4db6d140	minor fix for Python v2.6	2012-02-20 19:35:57 +00:00
Miroslav Stampar	bc4dd7c0dd	fix for -g	2012-02-20 10:02:19 +00:00
Miroslav Stampar	aee269cc14	gazillion changes, nothing will work, muhahaha	2012-02-17 14:22:48 +00:00
Miroslav Stampar	dcf7277a0f	some more refactorings	2012-02-16 14:42:28 +00:00
Miroslav Stampar	6632aa7308	some more refactoring	2012-02-16 13:46:01 +00:00
Miroslav Stampar	844fc8addb	minor cleanup	2012-02-16 10:19:36 +00:00
Miroslav Stampar	0e23521adc	some more refactoring	2012-02-16 09:54:29 +00:00
Miroslav Stampar	e1f86c97c4	minor refactoring	2012-02-16 09:46:41 +00:00
Miroslav Stampar	bcf9fc6c6f	minor refactoring	2012-02-16 09:32:47 +00:00
Miroslav Stampar	8d7912ad34	minor update and refactoring	2012-02-15 14:05:50 +00:00
Miroslav Stampar	bf923a97df	minor update	2012-02-15 13:45:10 +00:00
Miroslav Stampar	122db6e164	minor update	2012-02-15 13:24:02 +00:00
Miroslav Stampar	9059d30312	adding first code example for SPL snippets	2012-02-15 13:17:01 +00:00
Miroslav Stampar	23cc8b6974	minor fix for special cases when parameter value contains html encoded characters	2012-02-14 14:08:10 +00:00
Miroslav Stampar	bb5113980b	minor update	2012-02-14 10:27:56 +00:00
Miroslav Stampar	3f15c52188	minor change in workflow for "tainted" parameter values	2012-02-14 09:26:52 +00:00
Miroslav Stampar	b140ef4a14	minor update (preparing for switching to HashDB from old sessionFile)	2012-02-10 10:24:48 +00:00
Miroslav Stampar	980367b7b2	minor update	2012-02-09 09:48:47 +00:00
Miroslav Stampar	7e9e582eca	minor update	2012-02-08 14:23:57 +00:00
Miroslav Stampar	2662fe84f7	minor update	2012-02-08 12:02:50 +00:00
Miroslav Stampar	93d7d6c355	minor patch	2012-02-08 10:38:58 +00:00
Miroslav Stampar	6bedb80ffa	adding --force-ssl switch (most useful in combination with -r)	2012-02-08 09:11:57 +00:00
Miroslav Stampar	e50d64546f	minor fix	2012-02-07 14:57:48 +00:00
Miroslav Stampar	2b05ded9c3	just a makeup	2012-02-07 12:05:23 +00:00
Miroslav Stampar	b4f4a982e4	minor update	2012-02-07 11:37:54 +00:00
Miroslav Stampar	11af0b1bbc	minor fix	2012-02-07 11:16:03 +00:00
Miroslav Stampar	f7bf1fbe94	upgrade/fixes for direct DBMS access	2012-02-07 10:46:55 +00:00
Miroslav Stampar	8c45ff0d57	bug fix	2012-02-03 10:38:04 +00:00
Bernardo Damele	c0f4b4632d	Minor fix	2012-02-02 12:55:39 +00:00
Miroslav Stampar	8405ef59ac	some estetic updates	2012-02-01 14:49:42 +00:00
Miroslav Stampar	f4e7bf1d51	minor update regarding support for Unicode characters in Oracle	2012-02-01 14:17:27 +00:00
Miroslav Stampar	2589521ecf	fix of a wrong assumption (e.g. decodeIntToUnicode(12345) has been returning a "09" instead of a single unicode character)	2012-02-01 10:38:43 +00:00
Miroslav Stampar	f2857e38ba	minor update	2012-01-30 10:19:03 +00:00
Miroslav Stampar	9eee6c252d	minor update for --scope	2012-01-16 10:28:21 +00:00
Miroslav Stampar	b2dad63000	some more refactoring	2012-01-13 22:00:34 +00:00
Miroslav Stampar	23117e72ca	minor improvement	2012-01-13 20:56:06 +00:00
Bernardo Damele	0043336620	Minor fix and removed leftover debug message	2012-01-13 17:04:59 +00:00
Bernardo Damele	b03f91437b	Minor code refactoring	2012-01-13 16:49:52 +00:00
Miroslav Stampar	337973df77	reverting last 2 commits (better solution was the original one)	2012-01-13 15:58:47 +00:00
Miroslav Stampar	1f53ff0633	minor update regarding last commit	2012-01-13 15:56:50 +00:00
Miroslav Stampar	ff96c537a9	minor update for multithreaded mode	2012-01-13 15:50:38 +00:00
Bernardo Damele	7e560eec1f	Minor fix	2012-01-13 12:54:45 +00:00
Miroslav Stampar	04686b83e3	minor update	2012-01-13 11:16:26 +00:00
Miroslav Stampar	305371b7a9	minor update	2012-01-12 14:58:23 +00:00
Miroslav Stampar	95f89ab63a	updating copyright date	2012-01-11 14:59:46 +00:00
Miroslav Stampar	1d0b43b1a2	implemented mechanism for merging cookies by request	2012-01-11 14:28:08 +00:00
Miroslav Stampar	ff52931140	some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available)	2012-01-07 19:30:35 +00:00
Miroslav Stampar	2b5e429dc2	one more level of defense against user himself	2012-01-07 17:16:14 +00:00
Miroslav Stampar	a675c88894	minor check added for invalid urls (e.g. deliberately too long)	2012-01-07 16:06:18 +00:00
Miroslav Stampar	164c8a4020	better message in case of update error	2012-01-07 15:47:38 +00:00
Miroslav Stampar	5a8fc44119	minor update	2012-01-07 15:26:54 +00:00
Miroslav Stampar	3f4afdf251	minor fix (crashing if no : in value)	2012-01-07 14:54:56 +00:00
Miroslav Stampar	759465bde5	minor fix	2012-01-06 00:06:38 +00:00
Miroslav Stampar	1f085a0241	now [SLEEPTIME] is changeable properly in vivo	2012-01-05 14:45:05 +00:00
Miroslav Stampar	804629832d	minor fix	2012-01-05 10:24:27 +00:00
Miroslav Stampar	13f2afbbc9	minor fix	2012-01-03 17:28:50 +00:00
Miroslav Stampar	40991a5d52	minor fix	2011-12-31 01:03:54 +00:00
Miroslav Stampar	94d43a4135	minor bug fix	2011-12-30 14:20:06 +00:00
Miroslav Stampar	29f502fe29	some refactoring	2011-12-28 16:27:17 +00:00
Miroslav Stampar	37d78ffe01	minor optimization	2011-12-28 15:59:30 +00:00
Miroslav Stampar	22c3fe49bb	some refactoring	2011-12-28 13:50:03 +00:00
Miroslav Stampar	dda979a15a	minor refactoring	2011-12-27 12:31:29 +00:00
Miroslav Stampar	0a6334db22	minor speedup	2011-12-27 11:41:57 +00:00
Miroslav Stampar	b02363b1aa	minor update	2011-12-27 11:25:40 +00:00
Miroslav Stampar	068ff92dc4	optimizing a bit pyDes module used in Oracle hash cracking	2011-12-26 15:33:49 +00:00
Miroslav Stampar	08071f42d0	minor update	2011-12-26 14:31:59 +00:00
Miroslav Stampar	366e86c560	minor "patch"	2011-12-26 14:08:25 +00:00
Miroslav Stampar	c20546dcaa	minor refactoring	2011-12-26 12:24:39 +00:00
Miroslav Stampar	b71a81041d	implemented --tor-port by request	2011-12-23 10:57:09 +00:00
Miroslav Stampar	89d2c7c042	minor update	2011-12-22 20:54:20 +00:00
Miroslav Stampar	abb401879c	minor update	2011-12-22 20:42:57 +00:00
Miroslav Stampar	087e29d272	minor update	2011-12-22 20:14:56 +00:00
Miroslav Stampar	8a7b0406c8	minor optimization	2011-12-22 20:08:28 +00:00
Miroslav Stampar	094129a656	minor optimization	2011-12-22 15:42:21 +00:00
Miroslav Stampar	f622995a29	compatibility with partial union and error technique resumed data	2011-12-22 12:20:21 +00:00
Miroslav Stampar	58a4a02b7e	minor fix	2011-12-22 11:56:42 +00:00
Miroslav Stampar	6f8d8a15aa	minor update	2011-12-22 11:55:02 +00:00
Miroslav Stampar	9f68e54fff	minor cleanup	2011-12-22 10:59:28 +00:00
Miroslav Stampar	aaa29d1f24	minor fix	2011-12-22 10:51:41 +00:00
Miroslav Stampar	4a1a0773b7	speedup of UNION dumping	2011-12-22 10:44:14 +00:00
Miroslav Stampar	1ae413a206	some refactoring/speedup around UNION technique	2011-12-22 10:32:21 +00:00
Miroslav Stampar	b77e2042f2	some optimization	2011-12-21 23:23:00 +00:00
Miroslav Stampar	a6310c0b21	minor update	2011-12-21 23:04:36 +00:00
Miroslav Stampar	526aacb640	code cleanup	2011-12-21 22:59:23 +00:00
Miroslav Stampar	41ccf88990	some more refactoring	2011-12-21 22:09:21 +00:00
Miroslav Stampar	0a039d84e0	some more refactoring	2011-12-21 19:40:42 +00:00
Miroslav Stampar	41b60b26fc	minor refactoring	2011-12-21 14:25:39 +00:00
Miroslav Stampar	81bd9a201b	minor refactoring	2011-12-21 11:50:49 +00:00
Miroslav Stampar	113ebf5e9d	minor update	2011-12-20 16:08:17 +00:00
Miroslav Stampar	8bfff4a28e	minor update	2011-12-20 15:01:27 +00:00
Miroslav Stampar	d3a428c9c8	minor bug fix regarding dumping tables with safe quotes	2011-12-20 13:17:24 +00:00
Miroslav Stampar	95cd9e2af3	adding support for scanning Host header values (-p host)	2011-12-20 12:52:41 +00:00
Miroslav Stampar	dcf842692b	minor fix	2011-12-16 12:34:26 +00:00
Miroslav Stampar	563c0c1066	adding switch --tor-type	2011-12-15 23:19:55 +00:00
Miroslav Stampar	8793fbc9f5	minor update	2011-12-14 12:59:25 +00:00
Miroslav Stampar	1fd1ec22a1	minor fix	2011-12-14 12:03:21 +00:00
Miroslav Stampar	364113441b	adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)	2011-12-14 10:19:45 +00:00
Miroslav Stampar	73a500833d	minor bug fix	2011-12-12 14:38:06 +00:00
Miroslav Stampar	25cde9e2c7	minor fixes	2011-12-12 09:45:40 +00:00
Bernardo Damele	8fe72d87a8	minor bug fix for mysql -d --file-read	2011-12-06 10:57:23 +00:00
Miroslav Stampar	0f5d48ff20	minor update	2011-12-05 09:25:56 +00:00
Miroslav Stampar	9bc735963b	update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))	2011-12-04 22:42:19 +00:00
Miroslav Stampar	ec895c3d1a	revert of last commit	2011-12-04 16:37:18 +00:00
Miroslav Stampar	393843bf87	it seems that SOCKS4 is safer solution for TOR socks access	2011-12-04 16:23:08 +00:00
Miroslav Stampar	5f7dbec41f	minor patch	2011-12-03 12:11:46 +00:00
Miroslav Stampar	b9ae28dd5e	minor beautification	2011-12-02 14:11:43 +00:00
Miroslav Stampar	32ab7171ea	minor update	2011-12-01 10:07:39 +00:00
Miroslav Stampar	9975ff8d17	minor update	2011-11-30 19:26:03 +00:00
Miroslav Stampar	f1dfa5c860	minor update	2011-11-30 17:44:34 +00:00
Miroslav Stampar	71c46f50aa	adding option --csv-del	2011-11-30 17:39:41 +00:00
Miroslav Stampar	02bd9a54f3	minor update	2011-11-30 17:19:21 +00:00
Miroslav Stampar	872a73f631	minor refactoring	2011-11-29 19:17:07 +00:00
Miroslav Stampar	885b432808	minor update	2011-11-23 21:39:53 +00:00
Miroslav Stampar	ba4234dc42	switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)	2011-11-23 21:17:08 +00:00
Miroslav Stampar	8ea9b19b66	minor update regarding dumping of table content in --forms mode	2011-11-23 20:56:22 +00:00
Miroslav Stampar	14e8ca6d41	minor fix	2011-11-23 14:26:40 +00:00
Miroslav Stampar	d5cddd40f6	minor fix	2011-11-23 03:03:31 +00:00
Miroslav Stampar	2e10de8921	minor update	2011-11-22 12:18:24 +00:00
Miroslav Stampar	ac041399f0	minor patch	2011-11-22 11:04:43 +00:00
Miroslav Stampar	9697e80013	some more optimizations	2011-11-22 10:54:29 +00:00
Miroslav Stampar	267d67b024	minor update	2011-11-22 10:41:56 +00:00
Miroslav Stampar	b117c40aa5	major improvement of HashDB speed in multi-threaded mode	2011-11-22 10:09:35 +00:00
Miroslav Stampar	e94efff187	some more optimization	2011-11-22 09:00:00 +00:00
Miroslav Stampar	2ed3efba12	speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)	2011-11-22 08:39:13 +00:00
Miroslav Stampar	493e436e16	minor update	2011-11-22 07:32:39 +00:00
Miroslav Stampar	e905ea2a54	minor bug fix	2011-11-22 07:07:52 +00:00
Miroslav Stampar	eee03871d7	minor refactoring	2011-11-21 21:31:08 +00:00
Miroslav Stampar	65b2b0ad87	adding switch --eval	2011-11-21 16:41:02 +00:00
Miroslav Stampar	440b7efe55	minor optimization	2011-11-20 20:14:47 +00:00
Miroslav Stampar	7c1af97852	minor optimization	2011-11-20 19:38:56 +00:00
Miroslav Stampar	e1a92d59de	implementing WordPress phpass hash cracking routine	2011-11-20 19:10:46 +00:00
Miroslav Stampar	f1979936c8	minor update	2011-11-18 15:32:33 +00:00
Miroslav Stampar	7314de3490	language update	2011-11-15 11:17:39 +00:00
Miroslav Stampar	ad2762118d	minor update	2011-11-14 15:10:39 +00:00
Miroslav Stampar	367627c331	minor fix for Python 2.6	2011-11-13 19:09:13 +00:00
Miroslav Stampar	76fb6ba666	minor update	2011-11-13 10:38:27 +00:00
Miroslav Stampar	ccbd93cc2e	fix for redirect/HOST header bug	2011-11-11 11:28:27 +00:00
Miroslav Stampar	030c57a0c8	minor update	2011-11-06 11:18:16 +00:00
Miroslav Stampar	61e3621855	minor update	2011-11-02 14:33:23 +00:00
Miroslav Stampar	24bda96d9e	adding items from John the Ripper's word list to the dictionary for Oracle cracking	2011-11-02 11:21:49 +00:00
Miroslav Stampar	6ec522e14b	removal of minor obsolete thingy	2011-11-02 10:41:12 +00:00
Miroslav Stampar	d735582536	major speed improvement of hash cracking	2011-11-02 06:53:43 +00:00
Miroslav Stampar	43340a7ea5	language	2011-11-01 19:06:27 +00:00
Miroslav Stampar	c0cd29f01c	minor update	2011-10-31 15:20:40 +00:00
Miroslav Stampar	60cadf4747	better regex used	2011-10-29 10:31:52 +00:00
Miroslav Stampar	ef987c6954	adding compatibility support for using --crawl and --forms together	2011-10-29 09:32:20 +00:00
Miroslav Stampar	ddc4dfe5ff	minor refactoring for regarding --forms	2011-10-29 08:32:24 +00:00
Miroslav Stampar	d7866ac78d	added support for automatic filtering of badly formed HTML in --forms mode	2011-10-28 21:28:03 +00:00
Miroslav Stampar	666a7da12a	minor update	2011-10-28 11:28:21 +00:00
Miroslav Stampar	b83fe6113e	turning off time adjustment off (now is shown as a tip) because it seems that it never was actually used (payload always left the same)	2011-10-28 11:25:07 +00:00
Miroslav Stampar	7ce3af68fc	fixing support for parsing BURP logs	2011-10-27 17:31:34 +00:00
Miroslav Stampar	6b7920d89a	minor patch for --tor	2011-10-27 10:52:06 +00:00
Miroslav Stampar	3c31ccd16e	minor update	2011-10-26 22:37:04 +00:00
Miroslav Stampar	d64c0af461	minor update	2011-10-26 14:31:00 +00:00
Miroslav Stampar	64ca01ea0e	minor update	2011-10-25 22:06:47 +00:00
Miroslav Stampar	35c889a411	minor update	2011-10-25 18:07:33 +00:00
Miroslav Stampar	ee76fed56a	minor update	2011-10-25 17:48:20 +00:00
Miroslav Stampar	41ad7f9eab	minor update	2011-10-25 17:44:30 +00:00
Miroslav Stampar	86b4a3562f	added switch --check-tor	2011-10-25 17:37:43 +00:00
Miroslav Stampar	c1486ed4be	adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request	2011-10-25 09:53:44 +00:00
Miroslav Stampar	b07f165d60	quick fix	2011-10-24 18:11:34 +00:00
Miroslav Stampar	cd00c0d084	minor patch	2011-10-24 09:43:59 +00:00
Miroslav Stampar	20ae1c2187	added switch --logic-negative	2011-10-24 00:40:06 +00:00
Miroslav Stampar	8bd3cfdc8e	minor update	2011-10-24 00:17:38 +00:00
Miroslav Stampar	d39d36f7a7	minor language beautification	2011-10-23 23:27:56 +00:00
Miroslav Stampar	1dd3fae930	minor fix	2011-10-23 22:27:45 +00:00
Miroslav Stampar	0c29311eb2	minor update	2011-10-23 22:24:57 +00:00
Miroslav Stampar	5863429fc1	minor update	2011-10-23 21:17:45 +00:00
Miroslav Stampar	4a469c3258	minor update	2011-10-23 21:12:34 +00:00
Miroslav Stampar	3f0517d3f3	support for non-latin (e.g. cyrillic) URLs	2011-10-23 17:02:48 +00:00
Miroslav Stampar	25f0ec3597	some minor range to xrange conversion (where safe to do)	2011-10-21 22:34:27 +00:00
Miroslav Stampar	b4ce857f9b	added some comments	2011-10-21 21:29:24 +00:00
Miroslav Stampar	7a3096ce25	some refactoring	2011-10-21 21:12:48 +00:00
Miroslav Stampar	566d6e4974	minor fix	2011-10-21 20:21:29 +00:00
Miroslav Stampar	12a7fd4054	quick fix	2011-10-20 08:28:57 +00:00
Miroslav Stampar	0cbcbf159c	minor fix	2011-10-19 21:35:01 +00:00
Miroslav Stampar	e3a719e7d2	minor update	2011-10-11 22:40:00 +00:00
Miroslav Stampar	c204f2b221	minor optimization	2011-10-10 14:47:48 +00:00
Miroslav Stampar	323aa7bf2f	minor update	2011-10-09 21:21:41 +00:00
Miroslav Stampar	8720aad6dc	transformed cDel to pDel as a more generic option	2011-10-06 22:03:33 +00:00
Miroslav Stampar	dd0ed5f5da	adding redirect response to the traffic file	2011-09-28 08:13:46 +00:00
Miroslav Stampar	6d2536f217	minor update	2011-09-27 22:27:34 +00:00
Miroslav Stampar	c0910ca2c8	added one more warning message by request	2011-09-27 22:25:15 +00:00
Miroslav Stampar	88f1110c44	adding a new (for now) hidden switch --test-filter for filtering tests by their name	2011-09-27 14:09:25 +00:00
Miroslav Stampar	fd9acfd7d2	fix	2011-09-26 13:36:08 +00:00
Miroslav Stampar	b3b4459c72	minor fix	2011-09-26 13:01:43 +00:00
Miroslav Stampar	7e80274fac	refactoring	2011-09-25 21:10:45 +00:00
Miroslav Stampar	744636a8c1	switching to SQLite resume support (on error and union techniques this moment)	2011-09-25 20:36:32 +00:00
Miroslav Stampar	4a3580d10b	minor fix	2011-09-19 19:08:08 +00:00
Bernardo Damele	f890b29f81	Proper reference to Metasploit Framework as now it's version 4, not 3 anymore	2011-09-12 17:26:22 +00:00
Miroslav Stampar	4fb6dab1a2	minor bug fix	2011-09-12 14:15:57 +00:00
Miroslav Stampar	1bdde51d0e	minor just in case update	2011-09-11 16:41:07 +00:00
Miroslav Stampar	02f993583b	minor bug fix	2011-09-09 11:36:09 +00:00
Miroslav Stampar	2f4e34f5a0	minor improvement for URI injections	2011-09-08 11:13:12 +00:00
Miroslav Stampar	d434047482	minor bug fix	2011-09-05 09:28:40 +00:00
Miroslav Stampar	08e0eb9b61	minor lower/upper case fix	2011-08-29 13:47:32 +00:00
Miroslav Stampar	9be89422da	implemented parameter --skip	2011-08-29 13:29:42 +00:00
Miroslav Stampar	e0f521cf9d	minor update regarding --randomize	2011-08-29 13:08:25 +00:00
Miroslav Stampar	ac00014c4a	implemented --randomize switch by request	2011-08-29 12:50:52 +00:00
Miroslav Stampar	01014eca17	by request	2011-08-23 21:45:01 +00:00
Miroslav Stampar	8a174248dc	fix for a bug reported by blueBoy	2011-08-20 20:08:11 +00:00
Miroslav Stampar	54bcc35ba7	important bug fix (connection exception was causing losing of already retrieved data)	2011-08-17 22:31:33 +00:00
Bernardo Damele	9361e633f4	Minor bug fix - some applications do really set cookies like param="value" with double-quotes	2011-08-16 09:21:01 +00:00
Miroslav Stampar	7cc5743c5d	minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)	2011-08-16 06:50:20 +00:00
Miroslav Stampar	262996fc5b	bug fix	2011-08-16 06:14:40 +00:00
Miroslav Stampar	df4abf1af1	lowering constant value from 10 to 7 for da peace in da houz	2011-08-12 17:19:19 +00:00
Bernardo Damele	702ed73a65	Added --code switch to match in boolean-based tests against the HTTP response code	2011-08-12 16:48:11 +00:00
Miroslav Stampar	10bdd90e60	minor speed optimizations (as a result of profiling)	2011-08-12 13:40:37 +00:00
Bernardo Damele	36280b33fa	Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site	2011-08-12 13:06:40 +00:00
Miroslav Stampar	41ae9bc7ff	minor bug fix	2011-08-09 14:20:25 +00:00
Miroslav Stampar	2ad267132a	minor update for empty normal responses (like AJAX requests)	2011-08-05 10:55:21 +00:00
Miroslav Stampar	9423d15fb3	ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix	2011-08-03 09:08:16 +00:00
Miroslav Stampar	457f501bbd	proper fix	2011-08-01 23:48:38 +00:00
Bernardo Damele	cbd0ea0866	Possible fix for a minor bug	2011-08-01 23:24:39 +00:00
Miroslav Stampar	018d7ed646	improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)	2011-07-31 23:40:09 +00:00
Miroslav Stampar	0627bb02cb	minor beautification	2011-07-31 10:21:47 +00:00
Miroslav Stampar	68ae8ea5b2	minor refactoring	2011-07-29 10:54:25 +00:00
Miroslav Stampar	e522263640	fix for a neverending data retrieval in large full inband cases	2011-07-29 10:45:09 +00:00
Miroslav Stampar	107089c00b	bug fix	2011-07-27 08:25:51 +00:00
Bernardo Damele	938716e361	Proper fix for --start and --stop consistency amongst different techniques	2011-07-26 10:06:28 +00:00
Bernardo Damele	e71f96afe7	Reverted dumb "fix"	2011-07-26 09:42:09 +00:00
Miroslav Stampar	6bbb8139a0	update (smaller memory footprint in postprocessing phase because of safecharencode part)	2011-07-25 20:40:31 +00:00
Miroslav Stampar	5770c08784	minor optimization and refactoring	2011-07-25 20:17:44 +00:00
Bernardo Damele	0a7a648694	Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind)	2011-07-25 11:15:18 +00:00
Bernardo Damele	6cbb927012	Partial fix for -o not resumed at following runs if missing from command line	2011-07-25 11:05:49 +00:00
Miroslav Stampar	2033a28ae7	minor update regarding last commit (cleaner code)	2011-07-24 20:44:17 +00:00
Miroslav Stampar	3a3561fdaa	doing proper big table support for partial union too	2011-07-24 20:36:44 +00:00
Miroslav Stampar	ec1bc0219c	hello big tables, this is sqlmap, sqlmap this is big tables	2011-07-24 09:19:33 +00:00
Miroslav Stampar	82e1e61554	minor speedup	2011-07-23 19:51:19 +00:00
Miroslav Stampar	094dc91e2d	minor update (prior to some changes regarding large content retrieval)	2011-07-23 19:04:59 +00:00
Miroslav Stampar	a89140e1ce	revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)	2011-07-23 06:07:00 +00:00
Miroslav Stampar	8a00ca83af	refactoring. nothing special changed	2011-07-21 10:18:11 +00:00
Miroslav Stampar	963f54e6d2	minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job)	2011-07-21 10:06:52 +00:00
Miroslav Stampar	9cf33ec997	now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char	2011-07-15 13:24:13 +00:00
Miroslav Stampar	ff8fc90ac7	bug fix	2011-07-13 06:44:15 +00:00
Miroslav Stampar	5c162efbd8	more optimization	2011-07-12 23:21:15 +00:00
Miroslav Stampar	9933edc718	optimization of reflective removal mechanism	2011-07-12 22:28:19 +00:00
Miroslav Stampar	3583d6dd1b	quick fixes, more work to do	2011-07-12 20:32:19 +00:00
Miroslav Stampar	f5e45bf113	quick fix for a bug reported by jovon.itwaru@gmail.com	2011-07-11 08:54:39 +00:00
Miroslav Stampar	0d6afca7db	adding new switch '--smart' by request	2011-07-10 15:16:58 +00:00
Miroslav Stampar	1e182e6c72	quick fix	2011-07-08 22:34:44 +00:00
Bernardo Damele	651349e229	More verbose critical message	2011-07-08 13:12:53 +00:00
Bernardo Damele	b5dd4d4a63	Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection	2011-07-08 10:19:01 +00:00
Miroslav Stampar	02bfd05b20	more general approach	2011-07-08 10:03:14 +00:00
Miroslav Stampar	5443e06430	cosmetics (in debug mode [0] is used)	2011-07-08 09:43:52 +00:00
Miroslav Stampar	c463c411b9	minor update	2011-07-08 09:32:58 +00:00
Miroslav Stampar	ba2c06c9dc	quick fix	2011-07-08 09:01:32 +00:00
Miroslav Stampar	c517e97a44	few fixes and minor cosmetics	2011-07-08 06:02:31 +00:00
Bernardo Damele	aedcf8c8d7	Changed homepage address	2011-07-07 20:10:03 +00:00
Bernardo Damele	067354b97f	Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access	2011-07-07 13:20:40 +00:00
Bernardo Damele	fcd4e94c04	Higher chances to detect UNION query SQL injection against Microsoft Access	2011-07-06 23:52:44 +00:00
Bernardo Damele	23b4efdcaf	Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.	2011-07-06 21:04:45 +00:00
Bernardo Damele	6f6038b534	Quick fix (revert..)	2011-07-06 11:32:12 +00:00
Miroslav Stampar	93b296e02c	few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")	2011-07-06 05:44:47 +00:00
Miroslav Stampar	b8ffcf9495	few fixes here and there and multi-core processing for dictionary based hash attack	2011-07-04 19:58:41 +00:00
Miroslav Stampar	34d9a91af1	bulk of fixes	2011-07-02 22:48:56 +00:00
Bernardo Damele	861cdb1b14	cosmetics	2011-07-01 10:04:34 +00:00
Miroslav Stampar	4513ef409e	massive (like really massive) dictionary support	2011-06-30 23:44:49 +00:00
Miroslav Stampar	43db6b03a7	update with a feature request (file with list of wordlist files)	2011-06-30 08:42:43 +00:00
Miroslav Stampar	be9b8bca78	bug fix	2011-06-29 17:39:58 +00:00
Miroslav Stampar	4be55c811f	minor update	2011-06-27 21:48:26 +00:00
Miroslav Stampar	5b4eaf48d9	minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ")	2011-06-27 21:34:49 +00:00
Miroslav Stampar	8a8b94883b	minor update (that default quit in --batch was bothering me - my original idea and it was bad :)	2011-06-27 14:14:49 +00:00
Miroslav Stampar	d72db1bf91	minor update (all misc options are alphabetically ordered)	2011-06-27 08:21:33 +00:00
Bernardo Damele	36c96ef796	Added DB2 support - patch provided by Sebastian Bittig	2011-06-25 09:44:24 +00:00
Miroslav Stampar	aa83fe5c66	minor update	2011-06-24 18:19:33 +00:00
Miroslav Stampar	21010f702c	minor beautification	2011-06-24 17:46:54 +00:00
Miroslav Stampar	96190cf594	minor update	2011-06-24 17:15:15 +00:00
Bernardo Damele	406f2cda09	Got rid of useless TAB completion in --sql-shell	2011-06-24 13:05:13 +00:00
Bernardo Damele	35ce6dedcf	Got rid of useless imports	2011-06-24 09:59:11 +00:00
Bernardo Damele	a78f5b4eb3	Minor adjustment to avoid function and variables with same name	2011-06-24 09:29:11 +00:00
Miroslav Stampar	eaa2a4202f	changing to: --crawl=CRAWLDEPTH	2011-06-24 05:40:03 +00:00
Miroslav Stampar	3717b8423f	cleanest fix this moment (conf.dbms will for sure deal problems later in any form)	2011-06-22 15:48:44 +00:00
Miroslav Stampar	5190440ea2	minor fix	2011-06-22 15:36:59 +00:00
Miroslav Stampar	97d8729d71	probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded)	2011-06-22 15:28:49 +00:00
Miroslav Stampar	52ba3c281e	minor update	2011-06-22 14:59:49 +00:00
Miroslav Stampar	4ca37901da	thread safe logging+stdout (no more overlapping of log messages and raw output)	2011-06-22 14:53:42 +00:00
Miroslav Stampar	84bc8c3a37	update	2011-06-22 14:39:31 +00:00
Miroslav Stampar	938db1b513	replacing xmlobject logic with our own	2011-06-22 14:33:52 +00:00
Bernardo Damele	1cb12ea659	replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)	2011-06-22 13:31:07 +00:00
Miroslav Stampar	2a4a284a29	crawler fix (skip binary files)	2011-06-20 22:41:38 +00:00
Miroslav Stampar	d6062e8fc9	minor fix for crawler and far less message overlaps in future	2011-06-20 21:18:12 +00:00
Miroslav Stampar	8968c708a0	minor update	2011-06-20 14:27:24 +00:00
Miroslav Stampar	f09340fc89	minor update	2011-06-20 12:40:14 +00:00
Miroslav Stampar	4d1fa5596b	added support for --scope in --crawl mode	2011-06-20 12:37:51 +00:00
Miroslav Stampar	67fab9f2e2	putting this to info messages (user needs to know at this place why is it waiting)	2011-06-20 12:17:19 +00:00
Miroslav Stampar	b1426b5131	bug fix	2011-06-20 12:11:09 +00:00
Miroslav Stampar	cda39ca350	minor update	2011-06-20 11:46:23 +00:00
Miroslav Stampar	07e2c72943	adding Beautifulsoup (BSD) into extras; adding --crawl to options	2011-06-20 11:32:30 +00:00
Miroslav Stampar	8c04aa871a	english typo	2011-06-20 11:00:23 +00:00
Miroslav Stampar	83af83da9e	minor beautification (WordsSet is considered as a bad english)	2011-06-18 15:47:19 +00:00
Bernardo Damele	6b2f44de14	Minor layout adjustment	2011-06-18 12:27:12 +00:00
Bernardo Damele	cd07139919	Layout adjustments	2011-06-18 11:58:14 +00:00
Miroslav Stampar	31ad0875b4	added by request	2011-06-18 11:34:51 +00:00
Miroslav Stampar	e4be141602	minor fix for --smoke-test	2011-06-18 11:26:17 +00:00
Bernardo Damele	c7e1aeeef2	layout	2011-06-18 11:02:48 +00:00
Miroslav Stampar	905fef0eae	now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)	2011-06-18 10:51:14 +00:00
Miroslav Stampar	1440c9f2d4	minor update	2011-06-17 22:28:07 +00:00
Miroslav Stampar	87e9842371	better language	2011-06-17 22:13:45 +00:00
Miroslav Stampar	ce3170edef	minor update/better language	2011-06-17 22:11:40 +00:00
Miroslav Stampar	ec6fa384eb	update	2011-06-17 22:04:25 +00:00
Miroslav Stampar	f3ee2c09fb	cleaner fix	2011-06-17 15:32:23 +00:00
Miroslav Stampar	bb987ec98f	fix for DNS leakage	2011-06-17 15:23:58 +00:00
Miroslav Stampar	9498a3f259	little stabilization of multi threading	2011-06-17 12:50:28 +00:00
Miroslav Stampar	530c296519	minor fix	2011-06-16 13:56:17 +00:00
Miroslav Stampar	0eeb48f8f5	some fixes	2011-06-16 13:41:02 +00:00
Miroslav Stampar	7733e5866a	minor update regarding mnemonics (again)	2011-06-16 12:34:38 +00:00
Miroslav Stampar	17e4c6b564	minor update regarding mnemonics	2011-06-16 12:26:50 +00:00
Miroslav Stampar	25b923bbc3	minor fixes and minor updates	2011-06-16 12:12:30 +00:00
Miroslav Stampar	3995891ab4	new file containing default settings	2011-06-16 11:43:07 +00:00
Miroslav Stampar	6f681b45ad	cleaning up a bit for a configuration mess	2011-06-16 11:42:13 +00:00
Bernardo Damele	f515c9c9e0	Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes	2011-06-16 10:11:11 +00:00
Miroslav Stampar	63d98d8ce6	fix for a bug reported by rdsears@mtu.edu (ignored config file items)	2011-06-16 08:08:49 +00:00
Miroslav Stampar	4d51fa8155	minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)	2011-06-15 17:37:28 +00:00
Miroslav Stampar	e0ad72031f	minor update	2011-06-15 12:04:30 +00:00
Miroslav Stampar	1d93a03eeb	introducing mnemonics	2011-06-15 11:58:50 +00:00
Miroslav Stampar	d55a242908	minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)	2011-06-14 19:38:35 +00:00
Bernardo Damele	8978fded03	typo fix	2011-06-13 19:00:27 +00:00
Bernardo Damele	7152a1ed3b	Added --dependences to show which sqlmap dependences are not available	2011-06-13 18:44:02 +00:00
Miroslav Stampar	2da56ea507	fix of a language bug	2011-06-11 21:17:30 +00:00
Miroslav Stampar	9331abb96f	minor update	2011-06-11 08:33:36 +00:00
Miroslav Stampar	f8dde2c23b	adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)	2011-06-10 23:18:43 +00:00
Miroslav Stampar	fae089646b	minor fix	2011-06-09 08:38:17 +00:00
Miroslav Stampar	9202fedf7b	minor fix	2011-06-09 08:14:54 +00:00
Miroslav Stampar	af5fe457bd	revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content)	2011-06-09 07:53:31 +00:00
Miroslav Stampar	8ec4bc9d9d	revert of the last commit. have to think about it	2011-06-09 06:32:53 +00:00
Miroslav Stampar	9c093d91f2	minor update	2011-06-09 06:14:35 +00:00
Bernardo Damele	0d8d6a4ace	Cosmetics	2011-06-08 16:08:20 +00:00
Bernardo Damele	70cac24909	Cosmetics	2011-06-08 15:31:27 +00:00
Bernardo Damele	64bef644c3	This was missing	2011-06-08 15:30:59 +00:00
Bernardo Damele	0d3e8a76d8	Cosmetics and a missing param	2011-06-08 14:40:42 +00:00
Miroslav Stampar	4a9640160e	more concise	2011-06-08 14:35:23 +00:00
Miroslav Stampar	6b81eef65a	refactoring	2011-06-08 14:30:12 +00:00
Bernardo Damele	7da3d8dbd1	minor layout adjustment	2011-06-08 13:01:33 +00:00
Miroslav Stampar	f65abdaae3	added switch --cookie-del by request	2011-06-08 08:27:24 +00:00
Miroslav Stampar	4eeeb3655e	asking and skipping to the next google result page if no usable links found	2011-06-07 23:24:17 +00:00
Miroslav Stampar	26062ec71e	minor update	2011-06-07 15:13:51 +00:00
Miroslav Stampar	50dde39e68	minor update	2011-06-07 10:32:18 +00:00
Miroslav Stampar	7a3cc38e3c	refactoring and stabilization of multithreading	2011-06-07 09:50:00 +00:00
Miroslav Stampar	03c3f83893	minor fix	2011-06-06 13:34:49 +00:00
Miroslav Stampar	24ed99e5a3	fix for a bug reported by aboynes@gmail.com	2011-06-06 08:50:48 +00:00
Miroslav Stampar	f27181c628	minor improvement for blind based injections with reflected values	2011-06-03 14:41:36 +00:00
Miroslav Stampar	e9eafc2e94	minor update	2011-06-03 14:13:22 +00:00
Miroslav Stampar	64a862ed58	minor usability update	2011-06-03 14:04:02 +00:00
Miroslav Stampar	faf7814869	fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com	2011-06-03 11:01:26 +00:00
Miroslav Stampar	08d6bb4f23	minor fix	2011-06-02 22:13:31 +00:00
Miroslav Stampar	8aa5625cd0	proper fix related to the last commit	2011-06-01 23:00:18 +00:00
Miroslav Stampar	63145236b9	minor fix	2011-05-31 21:53:29 +00:00
Miroslav Stampar	3c12799ff0	minor improvement	2011-05-30 20:34:34 +00:00
Miroslav Stampar	89559d1b0a	better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it	2011-05-30 20:18:30 +00:00
Miroslav Stampar	20988e58ed	warp 5 mr spock :)	2011-05-30 09:46:32 +00:00
Miroslav Stampar	001cbff2a9	speed up of 2 times for partial union technique	2011-05-30 09:07:48 +00:00
Miroslav Stampar	97820949f5	minor update	2011-05-30 08:33:01 +00:00
Miroslav Stampar	23d7820de7	minor update	2011-05-29 23:56:41 +00:00
Miroslav Stampar	86455ceb9c	implementation of multithreading for UNION and ERROR techniques	2011-05-29 23:17:50 +00:00
Miroslav Stampar	d51efa679d	typo update	2011-05-29 06:26:28 +00:00
Miroslav Stampar	f848cc779e	adding legal disclaimer as latest situation (these days news headlines) seems out of control	2011-05-28 18:54:14 +00:00
Miroslav Stampar	eb9b84d1da	type correction	2011-05-28 17:53:05 +00:00
Miroslav Stampar	03ef53f00a	update regarding mysql function resolution and versionedkeywords	2011-05-28 17:34:43 +00:00
Miroslav Stampar	c11ea35d53	adding some user input for "refreshing" cases (like redirect ones)	2011-05-27 22:42:23 +00:00
Miroslav Stampar	8227298057	user friendliness uber 9000	2011-05-27 08:30:52 +00:00
Miroslav Stampar	45caadbd4a	important update - finally found what was causing headache for UNION payloads in noticeable number of cases	2011-05-26 21:54:19 +00:00
Miroslav Stampar	4f46a5ab63	minor usability enhancement regarding warning for --text-only switch	2011-05-26 20:48:18 +00:00
Miroslav Stampar	ff030e4d24	minor cleanup of the leftover	2011-05-26 17:37:24 +00:00
Miroslav Stampar	bf2b58ba82	minor update	2011-05-26 15:23:28 +00:00
Miroslav Stampar	b6fe5b12a4	adding --schema to the wizard/Basic as it looks like a cool thingy to put there	2011-05-26 14:30:05 +00:00
Miroslav Stampar	f3ed61af5f	bug fix when using inference and kb.pageEncoding is None (like in binary cases)	2011-05-25 21:12:12 +00:00
Miroslav Stampar	0e480a9921	adding SYS to the ORACLE_SYSTEM_DBS	2011-05-25 10:55:47 +00:00
Miroslav Stampar	2f456bee75	minor beautification	2011-05-25 08:14:39 +00:00
Miroslav Stampar	8b7a3c5a6b	making it easier for totally dummy users	2011-05-24 17:24:01 +00:00
Miroslav Stampar	bec2c04671	helping dummy users	2011-05-24 17:15:25 +00:00
Miroslav Stampar	a3466ff79c	serving everything for the users	2011-05-24 16:34:08 +00:00
Miroslav Stampar	69eb173eca	minor just in case patch	2011-05-24 15:07:37 +00:00
Miroslav Stampar	f774d8fea0	proper Tor settings (reverted r3915 and implemented it the right way)	2011-05-24 11:06:58 +00:00
Miroslav Stampar	a536bf210f	improved redirection mechanism	2011-05-23 23:20:03 +00:00
Miroslav Stampar	128a012121	this was causing that --suffix trouble	2011-05-23 19:59:07 +00:00
Miroslav Stampar	bfe8e51b7c	minor fix for retrieving stuff like "SELECT * FROM testdb..users"	2011-05-23 19:45:40 +00:00
Miroslav Stampar	4542d4535f	minor beautification	2011-05-23 14:28:05 +00:00
Miroslav Stampar	0ed03d474f	now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate	2011-05-23 11:09:44 +00:00
Miroslav Stampar	fb23beef6f	most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)	2011-05-22 19:14:36 +00:00
Miroslav Stampar	9b2623514a	one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables	2011-05-22 09:48:46 +00:00
Miroslav Stampar	2ea613b170	type correction and adding global flag kb.ignoreTimeout which could be useful	2011-05-22 08:24:13 +00:00
Miroslav Stampar	a58aaf2e1a	better format for results file (easier for sorting when lots of files)	2011-05-22 07:02:36 +00:00
Miroslav Stampar	25fff8c135	changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)	2011-05-21 11:46:57 +00:00
Miroslav Stampar	9e5856caf8	improvement for recognition of scalar vs multiple-row commands	2011-05-19 16:45:05 +00:00
Miroslav Stampar	db72428765	minor update	2011-05-19 15:57:29 +00:00
Miroslav Stampar	f40c6b2ce7	added --cookie for maskSensitiveData too	2011-05-19 15:42:59 +00:00
Miroslav Stampar	9832fc42d4	minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)	2011-05-18 21:47:40 +00:00
Miroslav Stampar	3048e9f710	minor refactoring	2011-05-17 23:03:31 +00:00
Miroslav Stampar	cc07e5dc97	added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com	2011-05-17 22:55:22 +00:00
Miroslav Stampar	dfe81cc66f	minor yielding	2011-05-16 20:14:10 +00:00
Miroslav Stampar	a5ad4621c9	minor refactoring	2011-05-16 20:09:12 +00:00
Miroslav Stampar	faa74cd2bc	introducing results file for multiple target mode	2011-05-15 22:21:38 +00:00
Miroslav Stampar	90e84c9a6d	removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end	2011-05-15 21:43:38 +00:00
Miroslav Stampar	c3bb5a03e1	minor improvement	2011-05-14 20:09:37 +00:00
Miroslav Stampar	3484a4426b	fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments)	2011-05-14 19:57:28 +00:00
Miroslav Stampar	a7d7be5ce0	bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)	2011-05-13 01:01:53 +00:00
Miroslav Stampar	70688fb8b5	minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic)	2011-05-12 12:00:17 +00:00
Miroslav Stampar	0b2da2f9f5	minor beautification for --tor switch	2011-05-12 05:46:17 +00:00
Miroslav Stampar	e05a9c0554	i was probably very tired or very stupid to do this	2011-05-11 13:13:46 +00:00
Miroslav Stampar	2ab9e30f7a	bug fix	2011-05-11 12:54:33 +00:00
Miroslav Stampar	53065ee1fb	adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected)	2011-05-11 08:55:48 +00:00
Miroslav Stampar	5ee07b90b9	added -m switch for bulk loading multiple targets	2011-05-11 08:46:40 +00:00
Miroslav Stampar	120b0d756e	unfix	2011-05-10 21:33:06 +00:00
Miroslav Stampar	192c685bc8	changing conf attribute to a more proper name	2011-05-10 20:48:34 +00:00
Miroslav Stampar	deae534ee7	minor refactoring	2011-05-10 20:44:36 +00:00
Bernardo Damele	97bc816aeb	layout	2011-05-10 16:24:09 +00:00
Bernardo Damele	3a8309c4b0	Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches	2011-05-10 15:34:54 +00:00
Miroslav Stampar	707edc7b1a	fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along)	2011-05-10 13:28:07 +00:00
Miroslav Stampar	a64407d9db	minor bug fix for multithreading and lots of connection retries	2011-05-10 12:40:01 +00:00
Miroslav Stampar	22a1870c2c	adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1	2011-05-10 12:32:07 +00:00
Miroslav Stampar	ec4d9178f8	minor update related to the previous commit	2011-05-08 06:28:58 +00:00
Miroslav Stampar	4d6e7c738c	minor update	2011-05-08 06:17:43 +00:00
Bernardo Damele	6653907700	forgot in last commit	2011-05-07 21:13:56 +00:00
Bernardo Damele	1151af52bb	More fix for save/resume of --technique	2011-05-07 21:08:14 +00:00
Bernardo Damele	aae140080e	SVN roll back, DB2 patch will be recommitted after testing: $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .	2011-05-06 10:27:43 +00:00
Miroslav Stampar	42bca80968	removing blank lines and adding newline at the end of files	2011-05-06 09:35:53 +00:00
Miroslav Stampar	6e392b6054	applying contributed patch for DB2	2011-05-06 09:30:39 +00:00
Bernardo Damele	e96a533a04	Bug fix to resume of --technique	2011-05-05 15:18:33 +00:00
Bernardo Damele	c58dc4a6d8	isDbmsWithin() must stay like this, no getIdentifiedDbms() in there	2011-05-03 14:13:45 +00:00
Miroslav Stampar	742b0ef76e	major improvement of ERROR data retrieval on MSSQL	2011-05-03 13:25:20 +00:00
Miroslav Stampar	2a7838928e	minor fancier --replicate update	2011-05-03 11:48:04 +00:00
Miroslav Stampar	b202d73b46	bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally)	2011-05-03 11:09:30 +00:00
Miroslav Stampar	1840b0e43b	fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo)	2011-05-03 10:22:38 +00:00
Miroslav Stampar	1e6c2fea74	update regarding warning for --random-agent during connection timeout in connection test phase	2011-05-03 10:05:42 +00:00
Miroslav Stampar	5e9620198c	fix for a privately reported bug ("AttributeError: item is disabled")	2011-05-02 18:18:04 +00:00
Miroslav Stampar	93dee30895	better fix for the previous commit	2011-05-02 13:34:55 +00:00
Miroslav Stampar	20ad1c1f2f	minor update to not confuse users when using -o	2011-05-02 13:24:35 +00:00
Bernardo Damele	ac2550535c	Proper fix for --technique=U bug	2011-05-01 23:42:41 +00:00
Miroslav Stampar	900ee0ff93	fix for a major bug reported by k1971@live.co.uk (1..9 99..)	2011-05-01 15:47:00 +00:00
Miroslav Stampar	494503b334	proper way to deal with generic cases	2011-05-01 08:04:08 +00:00
Miroslav Stampar	fcd69ba9c7	fix for a --technique=U	2011-05-01 07:37:22 +00:00
Bernardo Damele	955dbc85e7	Minor variable rename	2011-04-30 15:29:59 +00:00
Bernardo Damele	00f14bec5f	layout adjustment	2011-04-30 15:22:33 +00:00
Bernardo Damele	9a4ae7d9e2	More code refactoring of Backend class methods used	2011-04-30 14:54:29 +00:00
Bernardo Damele	f56d135438	Minor code restyling	2011-04-30 13:20:05 +00:00
Miroslav Stampar	983546d6bf	proper fix	2011-04-30 07:01:21 +00:00
Bernardo Damele	a5968fff3e	Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided	2011-04-30 00:22:22 +00:00
Bernardo Damele	956e75e2b5	Minor adjustment to --mobile. Bug fix to --random-agent.	2011-04-29 21:50:48 +00:00
Miroslav Stampar	46f96f3c4c	removing Kindle from list as it's not really a smartphone	2011-04-29 19:32:30 +00:00
Miroslav Stampar	11124b21f9	implemented --mobile switch	2011-04-29 19:27:23 +00:00
Miroslav Stampar	6bb4dce3aa	minor refactoring	2011-04-29 15:22:32 +00:00
Miroslav Stampar	a2bb0d72e8	fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)	2011-04-29 14:40:28 +00:00
Bernardo Damele	edac0b2558	Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema	2011-04-28 23:59:00 +00:00
Bernardo Damele	e35f25b2cb	Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that: * It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime. * shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product. * shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX). * UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software. shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec. Minor code refactoring.	2011-04-24 23:01:21 +00:00
Bernardo Damele	d0dff82ce0	Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch	2011-04-23 16:25:09 +00:00
Miroslav Stampar	f88aa4b165	implemented suppressResumeInfo mechanism (huge slowdown on large tables)	2011-04-22 19:58:10 +00:00
Bernardo Damele	06a00fe85e	For development version, print also the revision number in the banner	2011-04-21 21:34:57 +00:00
Bernardo Damele	edc2d75702	Cosmetics and major bug fix	2011-04-21 21:15:23 +00:00
Bernardo Damele	b667c50588	store/resume info on xp_cmd available in session file	2011-04-21 14:25:04 +00:00
Bernardo Damele	a313df4d37	Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file	2011-04-21 14:05:37 +00:00
Miroslav Stampar	e1a8d268d8	fix for UPX linux/macos	2011-04-21 10:52:34 +00:00
Bernardo Damele	11ecd16099	cosmetics	2011-04-21 10:08:38 +00:00
Miroslav Stampar	9ccf720c05	removing funny remark	2011-04-21 10:06:13 +00:00
Bernardo Damele	a91e6a8440	layout	2011-04-21 10:03:18 +00:00
Miroslav Stampar	cbfe743bad	added a comment	2011-04-21 10:01:58 +00:00
Miroslav Stampar	3b133303bf	refactoring	2011-04-19 22:54:13 +00:00
Miroslav Stampar	de2479b864	dealing with http://bugs.python.org/issue1602	2011-04-19 22:33:03 +00:00
Miroslav Stampar	44bbef42f8	minor cosmetics	2011-04-19 20:23:08 +00:00
Miroslav Stampar	13f8c001a7	minor update	2011-04-19 11:13:53 +00:00
Miroslav Stampar	7a06af9a92	added "lagging" critical message	2011-04-19 10:37:20 +00:00
Miroslav Stampar	a7c26366b4	doing that auto default value for --time-sec only for --tor	2011-04-19 08:43:29 +00:00
Miroslav Stampar	4d48ac54dc	automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)	2011-04-19 08:34:21 +00:00
Miroslav Stampar	b79d4f70f3	cleaner solution for the problem solved with last commit	2011-04-18 14:51:48 +00:00
Miroslav Stampar	f5cff067c6	little hack for --time-sec	2011-04-18 14:46:18 +00:00
Miroslav Stampar	354a2ce249	'chardet' heuristic engine added to the project	2011-04-18 13:38:46 +00:00
Miroslav Stampar	6fab44d635	minor refactoring and improving of used regex	2011-04-17 22:37:00 +00:00
Miroslav Stampar	76d1f09b0a	minor cosmetics	2011-04-17 22:25:25 +00:00
Miroslav Stampar	9aae447553	minor update for matching SOAP messages	2011-04-17 22:21:32 +00:00
Miroslav Stampar	a7366bf710	SOAP refactoring	2011-04-17 21:39:00 +00:00
Miroslav Stampar	c7ff5dcbeb	minor update	2011-04-17 08:48:13 +00:00
Miroslav Stampar	ee88ccf0ac	well, this could be important :)	2011-04-17 08:33:46 +00:00
Miroslav Stampar	29ee760021	improving time based data retrieval mechanism	2011-04-17 07:24:18 +00:00
Miroslav Stampar	c461fdca54	some refactoring	2011-04-15 13:51:06 +00:00
Miroslav Stampar	0387654166	update of copyright string (until year)	2011-04-15 12:33:18 +00:00
Miroslav Stampar	4d8a49a87c	more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation	2011-04-15 11:53:20 +00:00
Miroslav Stampar	467d1a50b3	removed debug message that could cause confusion	2011-04-15 11:28:01 +00:00
Miroslav Stampar	8c6f7c7d5f	explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay	2011-04-15 08:52:53 +00:00
Miroslav Stampar	3efd9e3959	improved htmlunescape (great for localized html escape codes)	2011-04-14 21:36:13 +00:00
Miroslav Stampar	ded28442fb	minor fixes and refactoring regarding safecharencoding	2011-04-14 15:54:00 +00:00
Miroslav Stampar	866cdb4cf7	speed of --replicate is now vastly improved	2011-04-14 14:34:12 +00:00
Miroslav Stampar	eafab03d99	safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)	2011-04-14 13:53:56 +00:00
Miroslav Stampar	30bfefd638	minor fix	2011-04-14 12:58:03 +00:00
Bernardo Damele	5cf38cd0d7	More cookies to ignore	2011-04-14 12:46:14 +00:00
Miroslav Stampar	8426d48e2e	minor refactoring	2011-04-14 10:14:46 +00:00
Miroslav Stampar	930262f573	minor update related to the last commit	2011-04-14 10:12:07 +00:00
Miroslav Stampar	1c5427baf8	minor fix	2011-04-14 09:54:29 +00:00
Miroslav Stampar	bb99bd2fbe	one more commit related to the issue with displaying of garbled characters	2011-04-14 09:43:36 +00:00
Miroslav Stampar	04986be4b9	update regarding safe character output together with a small fix for newlines	2011-04-14 09:31:45 +00:00
Miroslav Stampar	5dfb55effc	revert of the last commit because of this http://osvdb.org/show/osvdb/26582	2011-04-14 06:46:32 +00:00
Miroslav Stampar	786f305e1a	minor update	2011-04-14 06:43:08 +00:00
Miroslav Stampar	21114d1748	added IGNORE_PARAMETERS to skip testing of state/session web server parameters	2011-04-13 19:01:02 +00:00
Miroslav Stampar	58a93c5b1f	better beep for MacOSX	2011-04-13 18:32:47 +00:00
Miroslav Stampar	d06ae9cd47	implemented retrieved items info for partial union too	2011-04-13 14:33:15 +00:00
Miroslav Stampar	f5f2201bbc	minor cosmetics for partial inband retrieval	2011-04-13 11:25:42 +00:00
Miroslav Stampar	c193b896be	just in case update to prevent gibberish "retrieved: " outputs	2011-04-12 23:07:50 +00:00
Miroslav Stampar	5346ecbb56	fix for a "accept certificate first time for svn"	2011-04-12 14:25:17 +00:00
Miroslav Stampar	941daa1645	just in case to prevent "object of type 'NoneType' has no len()" error reports	2011-04-11 11:59:02 +00:00
Miroslav Stampar	08d14886fd	added new dev version string	2011-04-11 09:44:44 +00:00
Bernardo Damele	07d6b18c4e	cutting for 0.9 stable	2011-04-11 00:24:51 +00:00
Miroslav Stampar	8597409d9e	lowering the value	2011-04-10 22:57:17 +00:00
Bernardo Damele	14219a3dac	Minor bug fix	2011-04-10 22:44:08 +00:00
Miroslav Stampar	940c225d7c	few fixes	2011-04-10 20:53:27 +00:00
Bernardo Damele	d324704844	Removed unused code	2011-04-10 20:39:15 +00:00
Miroslav Stampar	decab6642d	fix for that @chunk bug	2011-04-10 16:46:33 +00:00
Miroslav Stampar	723a7447b2	minor refactoring	2011-04-10 07:16:19 +00:00
Miroslav Stampar	c714ac6421	added support for handling binary data values (no more garbish chars)	2011-04-09 23:13:16 +00:00
Miroslav Stampar	4ad73f9263	added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics	2011-04-09 22:39:03 +00:00
Miroslav Stampar	c4c40308c6	no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)	2011-04-08 22:42:07 +00:00
Miroslav Stampar	83feb097ef	greater flexibility for --batch when default is None	2011-04-08 22:29:50 +00:00
Miroslav Stampar	228cc68747	fix for those ugly DEBUG messages in brute mode	2011-04-08 11:02:21 +00:00
Miroslav Stampar	be11e2535e	one more minor update	2011-04-08 00:05:44 +00:00
Miroslav Stampar	3435d549a9	minor update regarding the last commit	2011-04-07 23:35:51 +00:00
Miroslav Stampar	726155383d	higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])	2011-04-07 23:32:07 +00:00
Miroslav Stampar	b288e5ef57	implemented DNS caching mechanism	2011-04-07 21:39:18 +00:00
Miroslav Stampar	ae4ea0af45	fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')	2011-04-07 13:57:07 +00:00
Miroslav Stampar	6a8a5db9aa	minor code restyling	2011-04-07 13:27:29 +00:00
Bernardo Damele	9e8c933333	cosmetics	2011-04-07 10:40:58 +00:00
Miroslav Stampar	68828d68a5	removed integers from --technique	2011-04-07 10:37:48 +00:00
Miroslav Stampar	fced81b6be	minor update	2011-04-07 10:32:39 +00:00
Miroslav Stampar	845533e92f	minor refactoring	2011-04-07 10:27:22 +00:00
Bernardo Damele	1880f18367	Minor layout adjustments	2011-04-07 10:07:52 +00:00
Bernardo Damele	17844eb87c	Refactoring to --technique	2011-04-07 10:00:47 +00:00
Bernardo Damele	05d12790f1	closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)	2011-04-06 14:41:44 +00:00
Miroslav Stampar	a379463213	cosmeticado	2011-04-06 08:40:06 +00:00
Miroslav Stampar	b327bbcd9b	minor fix (it was quite ... to have this check at the later stage)	2011-04-06 08:39:24 +00:00
Bernardo Damele	81034140c0	Reduced number of threads to 3 when -o is provided	2011-04-06 08:15:20 +00:00
Miroslav Stampar	2c01fc56e6	minor update regarding misusage of --proxy and --ignore-proxy switches	2011-04-04 09:19:43 +00:00
Miroslav Stampar	305115a68b	important improvement of data handling (POST data and header values)	2011-04-03 15:02:52 +00:00
Miroslav Stampar	bbd4c128b0	minor update related to the last commit	2011-04-01 22:19:42 +00:00
Miroslav Stampar	cd7e4f5afc	improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)	2011-04-01 22:12:24 +00:00
Bernardo Damele	c3b54cc222	Cosmetics	2011-04-01 16:40:28 +00:00
Miroslav Stampar	e27afef6be	minor update regarding --current-db on Oracle	2011-04-01 15:56:11 +00:00
Bernardo Damele	eb99f68a7a	Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)	2011-04-01 14:55:39 +00:00
Miroslav Stampar	de4e0c7346	minor update related to the problem with request files reported by jorge_a_santos@hotmail.com	2011-04-01 12:09:11 +00:00
Miroslav Stampar	ee15988878	another minor update related to previous commit	2011-03-31 17:34:07 +00:00
Miroslav Stampar	156d24203f	speed optimization	2011-03-31 17:16:26 +00:00
Miroslav Stampar	220366b6e8	minor update (ip addresses will not be confused any more for crypt_generic hashes)	2011-03-31 16:56:26 +00:00
Miroslav Stampar	c5de903eab	minor improvement ("quick defense against substr fields")	2011-03-31 09:35:09 +00:00
Miroslav Stampar	ce51326bff	quick fix	2011-03-31 08:43:17 +00:00
Miroslav Stampar	dd01d66f13	proper update regarding last commit	2011-03-29 22:10:08 +00:00
Miroslav Stampar	b6af80bab3	refactoring, cleanup and improvement	2011-03-29 21:54:15 +00:00
Miroslav Stampar	adfbfef8c1	minor refactoring	2011-03-29 21:01:47 +00:00
Miroslav Stampar	12f3024c8a	removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)	2011-03-29 20:45:21 +00:00
Miroslav Stampar	d0861a00e2	minor improvement	2011-03-29 15:37:57 +00:00
Miroslav Stampar	d28ca5809b	adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)	2011-03-29 14:16:28 +00:00
Miroslav Stampar	7cf4ba83dc	minor refactoring and comment update	2011-03-29 12:08:07 +00:00
Miroslav Stampar	5560196648	minor fix	2011-03-29 11:50:12 +00:00
Miroslav Stampar	e20d460809	Bernardo will kill me (added --wizard for total beginners)	2011-03-29 11:42:55 +00:00
Miroslav Stampar	86f93713d3	fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update	2011-03-29 06:25:17 +00:00
Miroslav Stampar	bf0e3c4662	improvement for --forms with empty fields	2011-03-28 22:48:00 +00:00
Miroslav Stampar	1e22ff45de	minor update regarding testing of GET parameters if --data and/or --forms is used	2011-03-28 16:14:08 +00:00
Miroslav Stampar	625f124263	little info message	2011-03-28 12:13:17 +00:00
Miroslav Stampar	47924fb92e	fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')	2011-03-27 13:41:54 +00:00
Miroslav Stampar	76b7e3517d	minor update	2011-03-27 07:58:15 +00:00
Miroslav Stampar	afe2be6a9f	implementation of Standard DES hashing (crypt)	2011-03-26 20:46:25 +00:00
Miroslav Stampar	c5b6d377fb	fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)	2011-03-25 12:14:19 +00:00
Miroslav Stampar	af5342c495	fix for partial inband queries on MSSQL	2011-03-25 11:19:15 +00:00
Miroslav Stampar	e80c9e08d8	minor update regarding --live-test	2011-03-25 09:03:08 +00:00
Miroslav Stampar	1f1c4c0e61	better update related to the last commit	2011-03-24 20:04:20 +00:00
Miroslav Stampar	c0cc5d1dad	minor update	2011-03-24 17:18:03 +00:00
Miroslav Stampar	f3858a5fcf	another fix related to the bug reported by Alone Shell	2011-03-24 17:08:14 +00:00
Miroslav Stampar	e42cdfd138	adding possibility to run only one live test (e.g. --run-case=8)	2011-03-24 12:07:47 +00:00
Miroslav Stampar	2b15ad57c2	basic live tests against 3 major DBMSes	2011-03-24 11:47:01 +00:00
Miroslav Stampar	ecbbfeba6e	introduction of --fresh-queries	2011-03-24 10:08:47 +00:00
Miroslav Stampar	d79fae724c	minor refactoring	2011-03-24 09:16:21 +00:00
Miroslav Stampar	0bb08d09d2	fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file	2011-03-24 08:43:40 +00:00
Miroslav Stampar	bd75fd26e9	implementing a --page-rank switch as requested by l0rda@l0rda.biz	2011-03-23 11:57:57 +00:00
Miroslav Stampar	5a1aaecf16	minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME\|\|chr(58)\|\|OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')	2011-03-22 13:07:37 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	3ca5cddca7	massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)	2011-03-20 23:54:56 +00:00
Miroslav Stampar	088c815567	minor update (exposing --tor switch)	2011-03-19 18:28:51 +00:00
Miroslav Stampar	2cc91b8470	minor fix	2011-03-19 17:44:34 +00:00
Miroslav Stampar	7c2b3afafb	minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)	2011-03-19 17:37:26 +00:00
Miroslav Stampar	139448eeb9	little stabilization regarding POST url(de/en)coding	2011-03-19 16:53:14 +00:00
Miroslav Stampar	0fcd999e51	fix for a bug reported by malice	2011-03-18 16:52:46 +00:00
Miroslav Stampar	58e9a074d3	masking some more command line arguments	2011-03-18 16:47:18 +00:00
Miroslav Stampar	36233fac42	update regarding a feature request from andyroyalbattle@yahoo.it	2011-03-18 16:35:30 +00:00
Miroslav Stampar	00b9d85ffc	fix regarding bug report from andyroyalbattle@yahoo.it	2011-03-18 16:26:39 +00:00
Miroslav Stampar	4e300baaf2	minor cosmetics	2011-03-18 14:09:18 +00:00
Miroslav Stampar	3628887110	los cosmeticados	2011-03-18 14:08:36 +00:00
Miroslav Stampar	75c0e09f43	little refactoring	2011-03-18 13:46:51 +00:00
Miroslav Stampar	c301b245a9	adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)	2011-03-18 13:39:51 +00:00
Miroslav Stampar	b53c9a2599	minor fix and some refactoring	2011-03-18 00:24:02 +00:00
Miroslav Stampar	fbd0cfda29	minor update toward the implementation of request from Santiago	2011-03-17 06:39:05 +00:00
Bernardo Damele	f00aff5303	-v 0 shows both error, critical and raw_input messages	2011-03-11 22:02:38 +00:00
Bernardo Damele	d7d47b6257	Minor bug fix (revert)	2011-03-11 21:56:45 +00:00
Miroslav Stampar	e64f225e65	minor refactoring	2011-03-11 20:16:34 +00:00
Miroslav Stampar	6cc745f789	removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)	2011-03-11 20:04:15 +00:00
Miroslav Stampar	5eae525010	this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)	2011-03-11 19:57:44 +00:00
Bernardo Damele	3cb0ca4b63	Minor bug fix for --privileges on PgSQL with error-based SQL inj technique	2011-03-11 15:24:25 +00:00
Bernardo Damele	5af7410cb1	Another bug fix for --privileges on PgSQL with UNION query technique	2011-03-11 15:13:09 +00:00
Bernardo Damele	74ef1e53c7	Minor bug fixes to --privileges for PostgreSQL query (corner case)	2011-03-11 14:54:41 +00:00
Miroslav Stampar	eb1cda7065	minor refactoring (more consistent)	2011-03-09 12:06:32 +00:00
Miroslav Stampar	62e3510387	minor refactoring	2011-03-09 11:37:37 +00:00
Miroslav Stampar	5c97f9a496	improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)	2011-03-09 09:36:56 +00:00
Miroslav Stampar	9b2962ff1c	now when we don't urlencode whole URI using : and \ as safe chars is not a good idea	2011-03-09 08:56:29 +00:00
Miroslav Stampar	30619c599b	minor update regarding encoding (adding few safe chars for e.g. CHR(50)\|...)	2011-03-08 11:53:59 +00:00
Miroslav Stampar	cc0306044c	adding SVN revision number support for non SVN client platforms	2011-03-07 21:54:30 +00:00
Miroslav Stampar	16b286982d	fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')	2011-03-07 09:50:43 +00:00
Miroslav Stampar	8edc3b3302	further update regarding last commit	2011-03-03 10:39:04 +00:00
Miroslav Stampar	bc50387a17	possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)	2011-03-03 09:42:50 +00:00
Miroslav Stampar	f27f05308a	minor update for masking sensitive data in error report (added aCred too)	2011-03-02 10:09:17 +00:00
Miroslav Stampar	ad2e4002ea	minor improvement	2011-03-01 10:38:27 +00:00
Miroslav Stampar	0f3cc153a3	fix for --technique	2011-03-01 09:54:06 +00:00
Miroslav Stampar	2bf212ffa9	minor minor update	2011-02-27 20:43:38 +00:00
Miroslav Stampar	7036190e8e	minor improvement of regular expression	2011-02-27 17:58:01 +00:00
Miroslav Stampar	21041f8b90	further reflective value handling improvement	2011-02-27 17:43:41 +00:00
Bernardo Damele	6e8ebd35f4	Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable	2011-02-27 12:17:41 +00:00
Miroslav Stampar	88faedc0fe	fix for a bug reported by -insane-	2011-02-26 17:48:19 +00:00
Miroslav Stampar	11996ce12e	bug fix for international encoded letters	2011-02-25 22:43:01 +00:00
Miroslav Stampar	2bbbc9a41e	few updates	2011-02-25 09:35:24 +00:00
Miroslav Stampar	aa88361ab1	incorporation of method for neutralization of reflective values	2011-02-25 09:22:44 +00:00
Miroslav Stampar	708ddf5608	added protection mechanism against reflected values	2011-02-24 16:52:46 +00:00
Miroslav Stampar	38dc82e13e	If no Accept header field is present, then it is assumed that the client accepts all media types.	2011-02-22 22:26:22 +00:00
Miroslav Stampar	d05bd75068	adding experimental for --group-concat	2011-02-22 14:35:38 +00:00
Miroslav Stampar	3f8eadf4fe	minor refactoring	2011-02-22 13:00:58 +00:00
Miroslav Stampar	dcad5410fe	minor refactoring	2011-02-22 12:54:22 +00:00
Bernardo Damele	3e8c204121	Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba	2011-02-21 16:00:56 +00:00
Miroslav Stampar	aac817935a	further improvement of MaxDB support	2011-02-20 22:41:42 +00:00
Miroslav Stampar	70449eb01b	minor bug fix	2011-02-20 21:35:28 +00:00
Miroslav Stampar	345df5968d	minor update	2011-02-20 21:27:38 +00:00
Bernardo Damele	8e60acae5d	Added support for --scope also in WebScarab logs (-l)	2011-02-19 21:03:55 +00:00
Miroslav Stampar	b71bb321dd	some more Sybase updates	2011-02-19 18:04:27 +00:00
Miroslav Stampar	cec7694aac	some progress regarding SYBASE	2011-02-19 14:56:58 +00:00
Miroslav Stampar	e0efe453ab	minor update regarding Sybase support	2011-02-19 14:07:08 +00:00
Miroslav Stampar	df58bcaf95	minor improvement	2011-02-18 14:27:02 +00:00
Miroslav Stampar	6cdf08b81c	minor fix	2011-02-17 21:51:40 +00:00
Miroslav Stampar	22cd49a217	--technique can now be something like 123 which includes both techniques 1, 2 and 3	2011-02-17 21:39:16 +00:00
Miroslav Stampar	199f14df46	implementation of MySQL GROUP_CONCAT technique	2011-02-15 00:28:27 +00:00
Bernardo Damele	2ea828e416	Proper fix for r3307 (file-write on MySQL via UNION query tech)	2011-02-13 22:48:01 +00:00
Miroslav Stampar	417b311475	minor update	2011-02-13 22:02:47 +00:00
Miroslav Stampar	50d25c3b4d	update regarding explicit testing of ua and referer when using -p	2011-02-13 21:58:48 +00:00
Miroslav Stampar	5fb11fd173	update regarding multiple DBMS payloads	2011-02-13 21:20:21 +00:00
Miroslav Stampar	9f7d666451	removing --method per request of buawig	2011-02-12 19:50:27 +00:00
Bernardo Damele	7253362114	Minor bug fix so that --file-write on MySQL via UNION query now works again	2011-02-11 23:35:45 +00:00
Miroslav Stampar	535eb9f3eb	implementation of referer feature	2011-02-11 23:07:03 +00:00
Miroslav Stampar	4295a78c5f	minor update	2011-02-10 19:51:34 +00:00
Bernardo Damele	c078de894f	Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA	2011-02-10 14:24:04 +00:00
Bernardo Damele	864eade744	Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase	2011-02-10 11:14:05 +00:00
Bernardo Damele	aa0fb276ba	More fixes for --common-columns to work against MSSQL too	2011-02-09 17:22:07 +00:00
Miroslav Stampar	7d9be18789	added one comment	2011-02-09 14:34:18 +00:00
Miroslav Stampar	bafc8a1b0f	another update	2011-02-09 13:29:52 +00:00
Miroslav Stampar	600f729139	fix for a bug reported by skysbsb@gmail.com (double ORDER BY)	2011-02-09 12:43:09 +00:00
Miroslav Stampar	5b57a69f3e	fix	2011-02-09 11:20:03 +00:00
Miroslav Stampar	37f7001143	first commit with mysql/error/substringing	2011-02-08 16:23:33 +00:00
Bernardo Damele	c3eb82e60b	Proper fix	2011-02-08 10:08:48 +00:00
Miroslav Stampar	dba2f74588	revert of r3274	2011-02-08 09:44:34 +00:00
Bernardo Damele	cfe2da0195	Minor fix	2011-02-08 00:13:39 +00:00
Bernardo Damele	0a81415f2f	Minor code cleanup	2011-02-08 00:02:54 +00:00
Miroslav Stampar	771020abd6	one more related commit	2011-02-07 16:32:08 +00:00
Miroslav Stampar	265e7ca272	fix for that MSSQL limit/top problem	2011-02-07 16:24:23 +00:00
Miroslav Stampar	99e9412f74	minor update	2011-02-07 12:34:23 +00:00
Miroslav Stampar	e023e0d233	proper fix	2011-02-07 12:32:08 +00:00
Bernardo Damele	39decebe85	Minor fixes to checking/re-enabling of xp_cmdshell procedure	2011-02-07 12:17:19 +00:00
Miroslav Stampar	096efea282	added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]	2011-02-07 10:22:43 +00:00
Bernardo Damele	ba3a8a69d4	More statements to exclude from unescap'ing	2011-02-07 00:33:54 +00:00
Bernardo Damele	3719f085ae	Added back-end dbms' OS based methods to Backend object - will be used for refactoring	2011-02-07 00:21:17 +00:00
Bernardo Damele	2e00656235	Minor fix	2011-02-07 00:20:23 +00:00
Bernardo Damele	bf5ca4bd9a	No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')	2011-02-06 23:30:43 +00:00
Bernardo Damele	061f56daf9	More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload.	2011-02-06 23:27:56 +00:00
Bernardo Damele	6a71629575	Converted from DOS format (\n\r to \n only)	2011-02-06 23:25:55 +00:00
Bernardo Damele	0800d9e49b	Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()	2011-02-06 22:58:12 +00:00
Bernardo Damele	f3d6be7868	Code cleanup	2011-02-06 22:32:44 +00:00
Miroslav Stampar	078a2207cc	few reverts	2011-02-06 22:10:28 +00:00
Miroslav Stampar	b9b2fe0e7c	little cleanup	2011-02-06 21:52:39 +00:00
Miroslav Stampar	c4c2cf1d58	can't stay as it is right now. temporary disabling.	2011-02-06 21:17:41 +00:00
Bernardo Damele	6191a7f26f	Major fix for a silent bug	2011-02-06 15:53:43 +00:00
Miroslav Stampar	4df8a03c04	using OrderedDict to store parameters in order of appearance	2011-02-04 18:07:21 +00:00
Miroslav Stampar	acb986ae80	minor refactoring	2011-02-04 17:40:55 +00:00
Bernardo Damele	fec88f6a6d	Minor fix	2011-02-04 15:57:53 +00:00
Miroslav Stampar	09e88cfb19	fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())	2011-02-04 14:05:47 +00:00
Miroslav Stampar	f83f1a1e06	minor just in case update	2011-02-04 13:08:54 +00:00
Miroslav Stampar	c69b76776e	minor refactoring	2011-02-04 13:04:19 +00:00
Miroslav Stampar	accf4e6ce0	one important fix (URI injection parameter '*' now can go anywhere)	2011-02-04 12:43:18 +00:00
Miroslav Stampar	c19d481bb1	little clean up	2011-02-04 12:25:14 +00:00
Miroslav Stampar	c229efba05	revert	2011-02-04 11:33:21 +00:00
Miroslav Stampar	d211def899	minor adjustment (accepting strange new looking uri formats)	2011-02-04 10:55:03 +00:00
Miroslav Stampar	e4933f0c92	refactoring	2011-02-03 23:25:56 +00:00
Miroslav Stampar	9a1a28c804	adding comments to filtering function	2011-02-03 23:09:08 +00:00
Miroslav Stampar	e5f54644f0	minor "statistical" update	2011-02-03 16:59:49 +00:00
Miroslav Stampar	b56a77e573	removing obsolete switches (--threshold, --excl-reg, --excl-str)	2011-02-03 15:55:19 +00:00
Miroslav Stampar	1b9850b73a	revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )	2011-02-03 12:21:29 +00:00
Miroslav Stampar	5edba2ffbc	minor change (conf.updateAll to conf.update)	2011-02-03 11:13:39 +00:00
Miroslav Stampar	5f49e20cc8	adding --random-agent and removing -a	2011-02-02 14:51:12 +00:00
Miroslav Stampar	2dae57a56d	cosmetics	2011-02-02 14:35:21 +00:00
Miroslav Stampar	6c87bd1c63	added maskSensitiveData function	2011-02-02 14:25:16 +00:00
Miroslav Stampar	8134c2154a	adding WHERE enum for payloads	2011-02-02 13:34:09 +00:00
Miroslav Stampar	d6c9515f78	minor update	2011-02-02 13:03:24 +00:00
Miroslav Stampar	e73a147fb5	minor update	2011-02-02 11:49:59 +00:00
Miroslav Stampar	e33428b833	adding __findUnionCharCount function	2011-02-02 11:22:35 +00:00
Miroslav Stampar	99aa38b58f	minor refactoring	2011-02-02 10:10:28 +00:00
Miroslav Stampar	23c95107ed	we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)	2011-02-02 09:24:37 +00:00
Miroslav Stampar	af99105c27	lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)	2011-02-01 22:45:38 +00:00
Bernardo Damele	2619e4895f	Properly handle --technique at save/resume phase	2011-02-01 22:05:48 +00:00
Bernardo Damele	3d966bd569	You never know..	2011-02-01 22:05:12 +00:00
Miroslav Stampar	705d45f4db	minor cosmetics	2011-02-01 11:10:23 +00:00
Miroslav Stampar	196e2d35b2	maybe we could ask user "are you willing to import local data content into error report" and use this function respectably	2011-02-01 11:06:56 +00:00
Bernardo Damele	6761933f75	Just.. cosmetics ;)	2011-01-31 22:51:14 +00:00
Miroslav Stampar	25c175a9a5	minor bug fix	2011-01-31 22:34:57 +00:00
Bernardo Damele	b04e1a0313	More detailed message for unhandled exception	2011-01-31 21:23:40 +00:00
Bernardo Damele	ec9ebb3479	Set threads to 4 when optimization switch is provided, -o	2011-01-31 21:21:13 +00:00
Bernardo Damele	8397c526d8	Minor adjustment	2011-01-31 21:20:23 +00:00
Miroslav Stampar	fa58a9c86b	update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)	2011-01-31 20:36:01 +00:00
Miroslav Stampar	b1dc928e68	implemented validation for time-based inference	2011-01-31 16:07:23 +00:00
Miroslav Stampar	25463bc67c	fix for a bug (--predict-output) noticed by Bernardo	2011-01-31 15:00:41 +00:00
Miroslav Stampar	60a2364f2b	now union technique parses headers too	2011-01-31 12:41:39 +00:00
Miroslav Stampar	8ef47307db	added checking of header values for GREP (error); still UNION to do	2011-01-31 12:21:17 +00:00
Miroslav Stampar	fb3513650d	adding ID properties	2011-01-31 11:41:28 +00:00
Miroslav Stampar	f9eac97fe8	refactoring of MSSQL XML banner parsing	2011-01-31 11:38:00 +00:00
Miroslav Stampar	7175efcae1	another minor cosmetic update	2011-01-31 10:59:51 +00:00
Miroslav Stampar	97328c3104	minor fix	2011-01-31 10:54:13 +00:00
Miroslav Stampar	5e768be509	minor bug fix	2011-01-31 09:34:54 +00:00
Miroslav Stampar	f7feebe0df	fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)	2011-01-31 09:28:16 +00:00
Miroslav Stampar	fc9c626f9e	minor refactoring (removed URL_ENCODE_PAYLOAD)	2011-01-30 17:03:06 +00:00
Bernardo Damele	21e7223779	perhaps this is better english	2011-01-30 16:34:13 +00:00
Miroslav Stampar	ddf23ba7cc	refactoring	2011-01-30 11:36:03 +00:00
Miroslav Stampar	367d0639f0	refactoring (class names should always be Capital cased)	2011-01-28 16:36:09 +00:00
Miroslav Stampar	ddd296030d	added some more info to unhandled exception message(s)	2011-01-28 16:15:45 +00:00
Miroslav Stampar	8e74c571bc	centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels	2011-01-27 19:44:24 +00:00
Miroslav Stampar	81722b6881	major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)	2011-01-27 18:36:28 +00:00
Miroslav Stampar	03413bd5e0	minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)	2011-01-27 16:55:58 +00:00
Miroslav Stampar	bb6e36fb02	minor updates	2011-01-27 12:38:39 +00:00
Miroslav Stampar	6cc69f5e16	now --technique is appliable also after the injections have been identified	2011-01-24 16:47:24 +00:00
Miroslav Stampar	81011be0d7	minor update of parseTargetUrl method	2011-01-24 14:52:50 +00:00
Bernardo Damele	e1db2700f0	Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads	2011-01-24 12:25:45 +00:00
Miroslav Stampar	4441e11f68	fix for case -r with no params and cookie available	2011-01-24 11:26:51 +00:00
Miroslav Stampar	a3e3387113	fix for proper Firebird resume of version	2011-01-24 11:04:32 +00:00
Miroslav Stampar	c1145c244e	fix for user-agent injections	2011-01-23 23:23:30 +00:00
Miroslav Stampar	b18397fbc7	major revisit of --os-shell methods	2011-01-23 20:47:06 +00:00
Miroslav Stampar	f5ff78d40c	revert	2011-01-23 11:21:27 +00:00
Miroslav Stampar	3a5f0760f6	minor optimization (only way to prematurely stop SAX parser)	2011-01-23 10:12:01 +00:00
Miroslav Stampar	30cd877c4a	fix for URI based injections	2011-01-22 16:23:33 +00:00
Bernardo Damele	f1b402b103	Proper handling of CASE in Oracle, finally	2011-01-20 21:58:50 +00:00
Bernardo Damele	4128b2c87f	Enforce that when --prefix is provided, --suffix is too and viceversa.	2011-01-20 21:57:54 +00:00
Bernardo Damele	7d1c704575	Moved little precaution from checks.py to common.py. Initial refactoring of kb.os* get/set.	2011-01-20 21:56:10 +00:00
Bernardo Damele	9770db597e	Centralization of unescape()	2011-01-20 21:55:13 +00:00
Miroslav Stampar	dd7262d9e6	we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode	2011-01-20 17:53:49 +00:00
Miroslav Stampar	ad12242151	LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)	2011-01-20 16:27:59 +00:00
Miroslav Stampar	e8c037de1a	minor update	2011-01-20 16:17:38 +00:00
Miroslav Stampar	4e5f0da1ae	minor update	2011-01-20 16:07:08 +00:00
Miroslav Stampar	2fa066f892	added support for WebScarab logs	2011-01-20 15:55:50 +00:00
Miroslav Stampar	345e2288e1	important fix regarding encoding stuff	2011-01-20 13:54:18 +00:00
Miroslav Stampar	f6f4b5e9dd	bug fix for charset used in inference for pages retrieved with --null-connection	2011-01-20 11:01:01 +00:00
Bernardo Damele	701947490b	Two major bug fixes related to UNION technique query forging	2011-01-19 23:46:39 +00:00
Miroslav Stampar	7a060e756d	dummy fix for SQLite schema retrieval (lots of spaces inside)	2011-01-19 23:16:22 +00:00
Bernardo Damele	bade0e3124	Major code refactoring - centralized all kb.dbms* info for both retrieval and set.	2011-01-19 23:06:15 +00:00
Miroslav Stampar	c106dc829a	more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)	2011-01-19 22:08:56 +00:00
Miroslav Stampar	7ad41f9b19	bug fix (UnboundLocalError: local variable 'colType' referenced before assignment)	2011-01-19 21:46:43 +00:00
Miroslav Stampar	aea43a1e43	minor refactoring	2011-01-19 15:26:57 +00:00
Miroslav Stampar	eadaf680de	fuck yea	2011-01-19 15:25:48 +00:00
Miroslav Stampar	89e0fd0709	back to roots	2011-01-19 14:06:26 +00:00
Bernardo Damele	33485198e1	Code cleanup	2011-01-18 23:05:32 +00:00
Bernardo Damele	daebb0010b	Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup.	2011-01-18 23:02:11 +00:00
Bernardo Damele	3822b494ea	Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.	2011-01-17 23:43:37 +00:00
Bernardo Damele	35fb50a6ee	Major bug fix	2011-01-17 22:56:04 +00:00
Bernardo Damele	47565f9459	Minor code refactoring	2011-01-17 21:13:59 +00:00
Miroslav Stampar	041abb56e2	you can't believe how much man can learn when having good testing points	2011-01-17 13:59:22 +00:00
Miroslav Stampar	d225c5c9aa	was wrong about this one (just now tested on a real site)	2011-01-17 11:00:09 +00:00
Miroslav Stampar	ac0b5e6dbc	proper way to handle this (console output has totally different encoding than the page one)	2011-01-17 10:27:36 +00:00
Miroslav Stampar	34d13be0d3	minor update regarding default page encoding	2011-01-17 10:23:37 +00:00
Miroslav Stampar	5c857779c1	important fix for unicode based character inference	2011-01-17 10:15:19 +00:00
Miroslav Stampar	0fcca671bd	information update regarding common password suffixes	2011-01-17 09:28:25 +00:00
Miroslav Stampar	a835f233ac	fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer')	2011-01-17 00:17:31 +00:00
Miroslav Stampar	2041361695	minor cosmetics	2011-01-16 23:20:52 +00:00
Miroslav Stampar	e2c821eb81	minor cosmetics	2011-01-16 22:35:54 +00:00
Miroslav Stampar	e881465a9f	minor improvement	2011-01-16 20:55:07 +00:00
Miroslav Stampar	a6516798c0	proper fix for that previous "stacked" fix (that one screwed other injection types)	2011-01-16 19:25:10 +00:00
Miroslav Stampar	5476a8a27e	russian sites are great for testing :)	2011-01-16 19:00:19 +00:00
Miroslav Stampar	19dcaeaabf	fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)	2011-01-16 18:25:18 +00:00
Miroslav Stampar	30d6791968	update regarding time based data retrieval	2011-01-16 17:52:42 +00:00
Miroslav Stampar	2001bad7e1	automatic adjustment of timeSec for delayed queries	2011-01-16 12:04:32 +00:00
Miroslav Stampar	71391874eb	slightly faster and thread safer inference	2011-01-16 10:52:42 +00:00
Bernardo Damele	0fc4ebdc1b	Major bug fix. Minor code refactoring.	2011-01-16 01:17:09 +00:00
Miroslav Stampar	29ea0950b6	now False is also affected (along with None and "")	2011-01-15 23:43:26 +00:00
Bernardo Damele	558f3894f4	Minor improvement	2011-01-15 23:20:52 +00:00
Bernardo Damele	d3a28124b1	More code cleanup	2011-01-15 23:11:36 +00:00
Miroslav Stampar	3873d204bb	important update for dictionary attack	2011-01-15 15:56:11 +00:00
Miroslav Stampar	e17ac5fdca	update	2011-01-15 15:14:22 +00:00
Miroslav Stampar	5bdb50c224	code review part 3	2011-01-15 13:15:10 +00:00
Miroslav Stampar	1fa8f0cba7	code reviewing part 2	2011-01-15 12:53:40 +00:00
Miroslav Stampar	6a0e0cde3c	code review of modules in lib/core directory	2011-01-15 12:13:45 +00:00
Miroslav Stampar	daf5662eab	update	2011-01-14 15:33:49 +00:00
Bernardo Damele	1cfd6a6b9d	Code cleanup	2011-01-14 15:16:34 +00:00
Miroslav Stampar	08f7e20c51	minor code refactoring	2011-01-14 14:55:59 +00:00
Miroslav Stampar	fb9d7cdfaa	refactoring, code clearing and removal of obsolete switch --longest-common	2011-01-14 14:37:03 +00:00
Bernardo Damele	534f51f9fc	Minor bug fix	2011-01-14 14:20:28 +00:00
Bernardo Damele	3c95d71ea5	Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase	2011-01-14 11:55:20 +00:00
Bernardo Damele	7d9fd5a7b7	Minor bug fix	2011-01-14 09:49:14 +00:00
Miroslav Stampar	676b95b30a	minor code refactoring	2011-01-14 09:44:56 +00:00
Bernardo Damele	f8c04ce020	Minor bug fix	2011-01-13 20:59:13 +00:00
Bernardo Damele	2ac8debea0	Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. Minor bug fixes thanks to previous refactoring too.	2011-01-13 17:36:54 +00:00
Miroslav Stampar	b0fdbdb13b	minor update	2011-01-13 15:15:56 +00:00
Bernardo Damele	877ea31521	Verbose docstring	2011-01-13 12:05:14 +00:00
Miroslav Stampar	ac5b49f555	update	2011-01-13 11:24:03 +00:00
Bernardo Damele	af4ee81e62	Cosmetics	2011-01-13 11:23:07 +00:00
Miroslav Stampar	ece2eb31ca	minor update	2011-01-13 11:08:29 +00:00
Bernardo Damele	ca33728fbc	Minor fix to avoid query splitting/unpacking when the statement is EXISTS()	2011-01-13 10:00:40 +00:00
Bernardo Damele	be6e2d6a31	Important bug fix. Minor code restyling.	2011-01-13 09:41:55 +00:00
Bernardo Damele	b3a0f38f3f	Minor code refactoring and added internal debug prints	2011-01-12 12:03:23 +00:00
Bernardo Damele	af9725214a	Properly deal with partial (single entry) UNION injections. Got rid of kb.union*, now it's all stored/used from kb.injection. Minor bug fix with where=2 detection phase.	2011-01-12 12:01:32 +00:00
Bernardo Damele	3cff42986f	Code cleanup	2011-01-12 01:17:04 +00:00
Bernardo Damele	8a67aea754	One more step to fully working UNION exploitation after merge into detection phase	2011-01-12 01:13:32 +00:00
Bernardo Damele	b5c6f7556f	Minor update	2011-01-12 00:53:48 +00:00
Bernardo Damele	8bdb7ec58c	Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.	2011-01-12 00:47:39 +00:00
Bernardo Damele	c2e994e806	Minor adjustment	2011-01-11 23:56:04 +00:00
Bernardo Damele	5c7c3c76c3	Fixed previous bug in getErrorParsedDBMSes() call in detection phase. Added minor support to escape quotes in UNION payloads during detection phase.	2011-01-11 23:47:32 +00:00
Bernardo Damele	2f5995a7eb	Added generic and mysql UNION tests from 1 to 25 columns. Adapted config file and command line removing now outdated --union-test switch. Minor bug fix. Minor code refactoring. Got rid of some debug messages, standardized logging of UNION tests.	2011-01-11 22:56:21 +00:00
Bernardo Damele	300128042c	First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. Major refactoring to Agent.payload() method. Minor bug fixes, some code refactoring and a lot of core adjustments here and there. Added more checks for injection in GROUP BY and ORDER BY.	2011-01-11 22:18:47 +00:00
Bernardo Damele	06230e4d92	Minor code refactoring and cosmetics	2011-01-11 21:46:21 +00:00
Miroslav Stampar	394b6bc029	reverting some changes	2011-01-11 12:11:33 +00:00
Miroslav Stampar	54e0ba935a	minor update	2011-01-11 12:08:36 +00:00
Miroslav Stampar	690281dce1	didn't know this to be honest	2011-01-11 10:17:22 +00:00
Miroslav Stampar	0676b38063	revert of one thing for Bernardo and minor update	2011-01-10 10:30:17 +00:00
Miroslav Stampar	77b51dae57	adding openFile method with an exception block around file opening part	2011-01-08 09:30:10 +00:00
Bernardo Damele	97ae7e330f	cosmetics	2011-01-07 17:10:58 +00:00
Bernardo Damele	e373dac1f2	Cosmetics	2011-01-07 16:50:39 +00:00
Miroslav Stampar	c17714c423	suppress session in case of brute methods	2011-01-07 16:47:46 +00:00
Miroslav Stampar	b313a20a3f	some fixes	2011-01-07 16:39:47 +00:00
Miroslav Stampar	1a079c62cb	minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)	2011-01-07 16:08:01 +00:00
Bernardo Damele	1c86ec374e	Code refactoring and cosmetics	2011-01-07 15:41:09 +00:00
Miroslav Stampar	a8d660db54	fixes for bugs reported by pragmatk@gmail.com	2011-01-06 16:59:58 +00:00
Miroslav Stampar	cc9ca802bf	minor update	2011-01-06 08:54:50 +00:00
Miroslav Stampar	1297df66da	fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)	2011-01-06 08:04:59 +00:00
Miroslav Stampar	694a65f6f1	minor fix/update	2011-01-05 13:32:40 +00:00
Miroslav Stampar	7ae5192070	adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)	2011-01-05 10:25:07 +00:00

... 28 29 30 31 32 ...

3662 Commits