Miroslav Stampar
|
48ac2101f2
|
Using only once the dummy checkWaf payload
|
2016-01-08 23:23:41 +01:00 |
|
Miroslav Stampar
|
d0d676ccce
|
Update of copyright string
|
2016-01-06 00:06:12 +01:00 |
|
Miroslav Stampar
|
c6d4217495
|
Minor update (just in case)
|
2015-12-03 02:08:59 +01:00 |
|
Miroslav Stampar
|
53de0e8949
|
Implements #1442
|
2015-10-01 11:57:33 +02:00 |
|
Miroslav Stampar
|
81caf14b6d
|
Adding switch --skip-waf
|
2015-09-21 14:57:44 +02:00 |
|
Miroslav Stampar
|
e81e474646
|
Minor adjustment
|
2015-09-21 14:46:34 +02:00 |
|
Miroslav Stampar
|
56f0b811a6
|
Minor patch
|
2015-09-21 13:23:56 +02:00 |
|
Miroslav Stampar
|
f494004f44
|
Switching to the getSafeExString (where it can be used)
|
2015-09-10 15:51:33 +02:00 |
|
Miroslav Stampar
|
c1f829d131
|
Removing last remnants of bad handling the exceptions as strings
|
2015-09-08 11:15:31 +02:00 |
|
Miroslav Stampar
|
e623ee66ad
|
Better approach for #1320
|
2015-07-30 23:29:31 +02:00 |
|
Miroslav Stampar
|
58002c5057
|
Minor cosmetics
|
2015-07-23 09:55:59 +02:00 |
|
Miroslav Stampar
|
21e8182ac6
|
Fixes #1305
|
2015-07-18 17:01:34 +02:00 |
|
Miroslav Stampar
|
16f8e4c8ba
|
Removing unused imports
|
2015-07-12 12:25:02 +02:00 |
|
Miroslav Stampar
|
10f8c6a0b6
|
Introducing --offline switch (to perform session only lookups)
|
2015-07-10 16:10:24 +02:00 |
|
Miroslav Stampar
|
0ba264bfa0
|
Minor patch
|
2015-07-10 09:51:11 +02:00 |
|
Miroslav Stampar
|
4baaa4a5ad
|
Minor improvement
|
2015-07-10 09:24:14 +02:00 |
|
Miroslav Stampar
|
9ff115ce71
|
Minor patch
|
2015-07-10 01:33:53 +02:00 |
|
Miroslav Stampar
|
02470ea683
|
Further decreasing number of testing payloads
|
2015-07-10 01:19:46 +02:00 |
|
Miroslav Stampar
|
48b627f3ff
|
Prevent double tests (e.g. in same final tests where suffix is cut by the comment)
|
2015-07-10 00:54:02 +02:00 |
|
Miroslav Stampar
|
ca2f63c672
|
Test speed up in case of boolean based blind
|
2015-07-10 00:37:59 +02:00 |
|
Miroslav Stampar
|
96327b6701
|
Fixes #1290
|
2015-07-05 01:47:01 +02:00 |
|
Miroslav Stampar
|
1f71d809d4
|
Fixes #1288
|
2015-07-03 08:55:33 +02:00 |
|
Miroslav Stampar
|
08caca387b
|
Minor patch of automatic WAF heuristic check
|
2015-05-29 16:01:41 +02:00 |
|
Miroslav Stampar
|
adc8ac267d
|
Fixes #1190
|
2015-03-10 09:23:26 +01:00 |
|
Bernardo Damele
|
8281fe48e5
|
bug fix: test for boundaries with high levels if the test was extended
|
2015-03-01 11:02:05 +00:00 |
|
Bernardo Damele
|
2f08c8b666
|
bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup
|
2015-02-27 13:57:28 +00:00 |
|
Bernardo Damele
|
475cc8b24b
|
trivial code cleanup
|
2015-02-21 13:12:30 +00:00 |
|
Bernardo Damele
|
d235ee375b
|
code cleanup
|
2015-02-21 12:59:44 +00:00 |
|
Bernardo Damele
|
52dd92748a
|
rework some of the logic of the detection phase based on identified DBMS along the way
|
2015-02-21 02:23:42 +00:00 |
|
Bernardo Damele
|
4f939b5719
|
avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables
|
2015-02-20 18:36:34 +00:00 |
|
Bernardo Damele
|
214b9360e9
|
Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup
|
2015-02-20 18:30:42 +00:00 |
|
Bernardo Damele
|
79d4d970a5
|
trivial code cleanup
|
2015-02-20 15:42:28 +00:00 |
|
Bernardo Damele
|
201b605f9b
|
Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already
|
2015-02-20 10:21:44 +00:00 |
|
Bernardo Damele
|
e17d212c23
|
bug fix introduced with 863d5a6281
|
2015-02-15 20:07:52 +00:00 |
|
Bernardo Damele
|
863d5a6281
|
--test-filter now ignores values of --risk and --level
|
2015-02-15 16:28:37 +00:00 |
|
Miroslav Stampar
|
2e5c11e427
|
Closes #1163
|
2015-02-13 10:59:03 +01:00 |
|
Miroslav Stampar
|
2e9bf47703
|
Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145)
|
2015-01-30 22:12:35 +01:00 |
|
Miroslav Stampar
|
b7cfaa6ca5
|
Minor style update
|
2015-01-22 08:55:37 +01:00 |
|
Miroslav Stampar
|
a603002acd
|
Adding a choice to automatically turn on --identify-waf if protection has been detected
|
2015-01-20 09:38:18 +01:00 |
|
Miroslav Stampar
|
45bdefd29b
|
Update of copyright
|
2015-01-06 15:02:16 +01:00 |
|
Miroslav Stampar
|
6fc41ca940
|
Heuristically checking for WAF/IDS/IPS by default
|
2015-01-06 14:01:47 +01:00 |
|
Miroslav Stampar
|
e6de92ce88
|
Minor patch (unicode related)
|
2014-12-15 13:36:08 +01:00 |
|
Miroslav Stampar
|
1e06e7c386
|
Adding a debug message during name resolution
|
2014-12-11 13:29:26 +01:00 |
|
Miroslav Stampar
|
9b32e69f26
|
Adding new WAF script (UrlScan)
|
2014-12-04 10:06:15 +01:00 |
|
Miroslav Stampar
|
f0802c6fb9
|
Update for an Issue #431
|
2014-11-21 11:20:54 +01:00 |
|
Miroslav Stampar
|
c6a8feea8a
|
Fix for an Issue #831
|
2014-10-07 12:00:11 +02:00 |
|
Miroslav Stampar
|
f67a38dba9
|
Minor adjustment
|
2014-10-01 13:42:10 +02:00 |
|
Miroslav Stampar
|
a9454fbb43
|
Minor commit related to the last one (bypassing DBMS error trimming problem)
|
2014-10-01 13:35:20 +02:00 |
|
Miroslav Stampar
|
8c9014c39f
|
Adding a dummy (auxiliary) XSS check
|
2014-10-01 13:31:48 +02:00 |
|
Miroslav Stampar
|
bfc8ab0e35
|
Language update
|
2014-09-08 14:48:31 +02:00 |
|