Miroslav Stampar
|
a5e3dce26f
|
Proper naming
|
2018-09-14 10:01:31 +02:00 |
|
Miroslav Stampar
|
12012b36b1
|
Automatic disabling of socket-preconnect for known problematic server (SimpleHTTPServer)
|
2018-09-04 23:01:17 +02:00 |
|
Miroslav Stampar
|
0507234add
|
Minor update
|
2018-08-29 11:06:45 +02:00 |
|
Miroslav Stampar
|
a296d22195
|
Fixes #3205
|
2018-08-10 14:01:55 +02:00 |
|
Miroslav Stampar
|
d47c16e196
|
Minor refactoring
|
2018-06-07 00:55:32 +02:00 |
|
Miroslav Stampar
|
091c8ab2dd
|
Minor update (switching --invalid-logical to LIKE version)
|
2018-06-07 00:37:22 +02:00 |
|
Miroslav Stampar
|
6b3f01bfeb
|
Minor patch
|
2018-05-28 11:07:06 +02:00 |
|
Miroslav Stampar
|
2a810fb796
|
Trivial modifications (thou shalt not judge people by trivial commits)
|
2018-05-03 14:10:55 +02:00 |
|
Miroslav Stampar
|
8f7a7bed20
|
Minor patch
|
2018-05-03 13:31:27 +02:00 |
|
Miroslav Stampar
|
8ca3287df4
|
Proper way to skip already used payloads (important to --suffix/--prefix cases)
|
2018-04-12 14:38:32 +02:00 |
|
Miroslav Stampar
|
a8cb14ed4a
|
Minor patch (disable tamper script usage in WAF/IDS/IPS check phase)
|
2018-04-11 14:48:54 +02:00 |
|
Miroslav Stampar
|
7f3f1dcdee
|
Fixes #3022
|
2018-04-03 12:50:09 +02:00 |
|
Miroslav Stampar
|
4147f44e63
|
Potential patch for Issues like #3013 and #3017
|
2018-04-01 12:45:47 +02:00 |
|
Miroslav Stampar
|
2cc6214227
|
Fixes #3020
|
2018-04-01 11:25:51 +02:00 |
|
Miroslav Stampar
|
8a90512354
|
One more commit related to the last one (reduce false hopes in heavily dynamic cases)
|
2018-03-31 11:02:48 +02:00 |
|
Miroslav Stampar
|
ae8699f258
|
Reducing false-positive 'appears' messages in heavily dynamic environment
|
2018-03-29 14:47:30 +02:00 |
|
Miroslav Stampar
|
cdb1e79370
|
Disabling ORDER BY tests in heavily dynamic environment
|
2018-03-29 14:37:33 +02:00 |
|
Miroslav Stampar
|
16cd13d7db
|
Fixes #3014
|
2018-03-28 17:24:12 +02:00 |
|
Miroslav Stampar
|
45fb5ab4a5
|
Patch for cases when http: is immediatelly being redirected to https:
|
2018-03-28 15:13:33 +02:00 |
|
Miroslav Stampar
|
f287ff3767
|
Trivial comment update
|
2018-03-21 14:29:54 +01:00 |
|
Miroslav Stampar
|
7d5a0ed2dc
|
Use false-positive checks in dummy mode
|
2018-03-21 14:22:59 +01:00 |
|
Miroslav Stampar
|
74de40b9c5
|
Minor patch of a previous commit
|
2018-03-16 15:21:19 +01:00 |
|
Miroslav Stampar
|
6c2b7cff80
|
Minor patch of UNION checking logic
|
2018-03-16 15:11:04 +01:00 |
|
Miroslav Stampar
|
fa4c1c5251
|
Some more PEPing (I hope that I haven't broke anything)
|
2018-03-13 13:45:42 +01:00 |
|
Miroslav Stampar
|
5380e8174b
|
Safer WAF heuristics in case of URI injections
|
2018-03-11 03:20:33 +01:00 |
|
Miroslav Stampar
|
4cefff7e98
|
Bug fix (misencoding inside check waf payload)
|
2018-03-11 03:13:33 +01:00 |
|
Miroslav Stampar
|
9e75bb7f68
|
Minor patch
|
2018-01-31 11:43:17 +01:00 |
|
Miroslav Stampar
|
8a122401aa
|
Update of copyright years
|
2018-01-02 00:48:10 +01:00 |
|
Miroslav Stampar
|
66c1f72a16
|
Minor optimization
|
2017-12-29 13:04:52 +01:00 |
|
Miroslav Stampar
|
5326df1071
|
Minor grammar fix
|
2017-12-13 13:49:55 +01:00 |
|
Miroslav Stampar
|
8cef17b583
|
Minor just in case patch (error set in case of --string)
|
2017-12-12 11:18:17 +01:00 |
|
Miroslav Stampar
|
220dffbcfa
|
Couple of wording updates
|
2017-12-04 13:59:35 +01:00 |
|
Miroslav Stampar
|
7c5b051d60
|
Fixes #2808
|
2017-11-29 15:59:00 +01:00 |
|
Miroslav Stampar
|
132a72c9bd
|
Minor update of logging messages
|
2017-11-24 12:20:57 +01:00 |
|
Miroslav Stampar
|
67b470245e
|
Minor cleanup of NULL connection
|
2017-11-09 13:45:52 +01:00 |
|
Miroslav Stampar
|
58b87e4b6b
|
Some more refactoring
|
2017-11-08 15:58:23 +01:00 |
|
Miroslav Stampar
|
496075ef20
|
Trivial refactoring
|
2017-10-31 10:10:22 +01:00 |
|
Miroslav Stampar
|
1f60dfc835
|
Minor patch for WAF mechanism
|
2017-10-16 11:42:11 +02:00 |
|
Miroslav Stampar
|
8c6b761044
|
Replacing doc/COPYING to LICENSE
|
2017-10-11 14:50:46 +02:00 |
|
Miroslav Stampar
|
12f802c70f
|
Minor text update
|
2017-09-11 10:41:50 +02:00 |
|
Miroslav Stampar
|
96ffb4b911
|
Fixes #2693
|
2017-09-11 10:38:19 +02:00 |
|
Miroslav Stampar
|
cb2258fea4
|
Fixes #2603
|
2017-08-28 13:02:08 +02:00 |
|
Miroslav Stampar
|
8b0c50f25d
|
Update related to the #2663
|
2017-08-23 13:17:37 +02:00 |
|
Miroslav Stampar
|
62ae149464
|
Minor patch
|
2017-07-29 03:35:05 +02:00 |
|
Miroslav Stampar
|
0f9c81965b
|
Implementation on request
|
2017-07-26 00:24:13 +02:00 |
|
Miroslav Stampar
|
d12b65d38c
|
Fixes #2624
|
2017-07-25 23:32:30 +02:00 |
|
Louis-Philippe Huberdeau
|
e38267a61e
|
Include tracking properties in the HAR to identify which test the requests were associated to
|
2017-07-18 15:46:52 -04:00 |
|
Miroslav Stampar
|
1678b606a2
|
Update for #2597
|
2017-07-03 16:55:24 +02:00 |
|
Louis-Philippe Huberdeau
|
0d756a8823
|
Parse request data and convert to HAR, include in injection data
|
2017-06-23 11:50:21 -04:00 |
|
Miroslav Stampar
|
864711b434
|
Minor improvement
|
2017-06-05 16:48:14 +02:00 |
|
Miroslav Stampar
|
996ad59126
|
Minor patch
|
2017-06-05 16:28:19 +02:00 |
|
Miroslav Stampar
|
359bfb2704
|
Minor adjustment
|
2017-05-26 14:14:35 +02:00 |
|
Miroslav Stampar
|
644ea2e3aa
|
Minor patch
|
2017-05-26 14:08:08 +02:00 |
|
Miroslav Stampar
|
4ce08dcfa3
|
Patch for an Issue #2536
|
2017-05-17 00:22:18 +02:00 |
|
Miroslav Stampar
|
d3a08a2d22
|
Implementation for an Issue #2505
|
2017-05-07 23:12:42 +02:00 |
|
Miroslav Stampar
|
fc8eede952
|
Minor cleanup and one bug fix
|
2017-04-19 14:46:27 +02:00 |
|
Miroslav Stampar
|
5f2bb88037
|
Some code refactoring
|
2017-04-18 15:48:05 +02:00 |
|
Miroslav Stampar
|
38f16decef
|
Update for an Issue #2384
|
2017-02-06 13:28:33 +01:00 |
|
Miroslav Stampar
|
55272f7a3b
|
New version preparation
|
2017-01-02 14:19:18 +01:00 |
|
Miroslav Stampar
|
edc6f47758
|
Some refactoring
|
2016-12-19 23:47:39 +01:00 |
|
Miroslav Stampar
|
6130185ac6
|
Minor consistency update with the wiki
|
2016-10-11 00:35:39 +02:00 |
|
Miroslav Stampar
|
171cf6f54d
|
Minor fine tuning for SQLi heuristic check
|
2016-10-04 11:32:06 +02:00 |
|
Miroslav Stampar
|
381deb68ff
|
Implementation for an Issue #2137
|
2016-09-27 13:26:11 +02:00 |
|
Miroslav Stampar
|
7151df16f6
|
Adding extra validation step in case of boolean-based blind (e.g. if unexpected 500 occurs)
|
2016-09-27 11:21:12 +02:00 |
|
Miroslav Stampar
|
8994bf2dba
|
Further dealing with time-based SQLi (Issue #1973)
|
2016-09-27 10:32:22 +02:00 |
|
Miroslav Stampar
|
09617c8243
|
Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973
|
2016-09-27 10:20:36 +02:00 |
|
Miroslav Stampar
|
556b4d289e
|
Minor cosmetic patch (removing multiple same content '...appears...' messages)
|
2016-09-26 17:02:40 +02:00 |
|
Miroslav Stampar
|
56a918c408
|
Minor refactoring
|
2016-09-20 10:03:00 +02:00 |
|
Miroslav Stampar
|
bcd62ecc5b
|
Minor optimization (avoiding unnecessary deepcopies)
|
2016-09-20 09:56:08 +02:00 |
|
Miroslav Stampar
|
32dd4a938c
|
Minor patch of message
|
2016-09-09 11:37:16 +02:00 |
|
Miroslav Stampar
|
cb43c03712
|
Definite patch for MemoryError(s) (fixes #1991)
|
2016-06-30 14:57:56 +02:00 |
|
Miroslav Stampar
|
8b4367d354
|
Revert of last commit
|
2016-06-26 01:42:21 +02:00 |
|
Miroslav Stampar
|
0a9d69a7d0
|
Minor patch
|
2016-06-26 01:10:47 +02:00 |
|
Miroslav Stampar
|
0175acd028
|
Bug fix (in some cases lack of warning message for SQLi appearing)
|
2016-06-23 17:52:37 +02:00 |
|
Miroslav Stampar
|
78fdb27a0b
|
More improvements
|
2016-06-03 15:51:52 +02:00 |
|
Miroslav Stampar
|
350baf0a0a
|
Minor update
|
2016-06-03 14:29:32 +02:00 |
|
Miroslav Stampar
|
9886b646eb
|
Proper update regarding the last commit
|
2016-06-03 14:18:28 +02:00 |
|
Miroslav Stampar
|
c5197b99a0
|
Minor patch and minor improvement
|
2016-06-03 13:59:32 +02:00 |
|
Miroslav Stampar
|
229d3a7dd0
|
Patch for cases when error page looks more like original, than the False one does
|
2016-05-30 16:46:23 +02:00 |
|
Miroslav Stampar
|
b965e5bf1c
|
Minor refactoring
|
2016-05-30 16:06:39 +02:00 |
|
Miroslav Stampar
|
3bd74c5351
|
Minor patch
|
2016-05-30 15:20:21 +02:00 |
|
Miroslav Stampar
|
55624ec1a2
|
Minor message update
|
2016-05-30 14:40:22 +02:00 |
|
Miroslav Stampar
|
69fd900108
|
Adding waf script for detection of generic/unknown
|
2016-05-27 16:34:41 +02:00 |
|
Miroslav Stampar
|
de9f23939f
|
Major bug fix in WAF/IDS/IPS detection (question 'do you want..to try to detect backend WAF/IPS/IDS' never worked)
|
2016-05-27 13:41:03 +02:00 |
|
Miroslav Stampar
|
7a2ac23f0b
|
Adding new waf script (sitelock)
|
2016-05-27 02:13:01 +02:00 |
|
Miroslav Stampar
|
c395958dff
|
Fixes #1888
|
2016-05-24 14:55:19 +02:00 |
|
Miroslav Stampar
|
f7cae68378
|
More formal language
|
2016-05-22 21:44:17 +02:00 |
|
Miroslav Stampar
|
f6ff1a115a
|
Better (automatic) picking of a --string candidate (especially in case of international pages)
|
2016-05-22 21:29:08 +02:00 |
|
Miroslav Stampar
|
32ee586e2a
|
Minor language update
|
2016-05-22 14:30:32 +02:00 |
|
Miroslav Stampar
|
6623c3f877
|
Pesky bug fix (nobody noticed :)
|
2016-05-22 14:22:31 +02:00 |
|
Miroslav Stampar
|
30a4173249
|
I like users which don't know the difference between detection and identification
|
2016-05-22 12:40:23 +02:00 |
|
Miroslav Stampar
|
5e8b105677
|
Fixes #1880
|
2016-05-19 19:46:12 +02:00 |
|
Miroslav Stampar
|
be9381abc5
|
Implements #1845
|
2016-05-06 13:06:59 +02:00 |
|
Miroslav Stampar
|
9dd5cd8eb6
|
Removing CloudFlare check
|
2016-04-29 00:17:07 +02:00 |
|
Miroslav Stampar
|
aa21550712
|
Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself)
|
2016-04-15 13:47:19 +02:00 |
|
Miroslav Stampar
|
d7cdb6cbd8
|
Minor update
|
2016-02-06 20:16:33 +01:00 |
|
Miroslav Stampar
|
62f94f6587
|
Adding comments (Issue #1681)
|
2016-01-26 07:52:25 +01:00 |
|
Miroslav Stampar
|
574b3a79aa
|
Adding support for detection of CloudFlare responses
|
2016-01-21 10:16:23 +01:00 |
|
Miroslav Stampar
|
59695af101
|
Minor improvement of heuristic checks
|
2016-01-14 22:21:47 +01:00 |
|
Miroslav Stampar
|
bdcf3fffba
|
Minor update related to the last (error results in OR boolean-based blind should not be the same as True to be able to do proper comparison)
|
2016-01-14 13:40:50 +01:00 |
|
Miroslav Stampar
|
c7ef9429ae
|
Minor check for problematic injections
|
2016-01-14 13:16:44 +01:00 |
|
Miroslav Stampar
|
4c1fc095d8
|
Adding heuristic check for FI vulnerability
|
2016-01-14 09:59:13 +01:00 |
|
Miroslav Stampar
|
a8c6c6fca1
|
Minor update related to the last one
|
2016-01-13 23:47:34 +01:00 |
|
Miroslav Stampar
|
4e29e1b351
|
Fixing wrong commit #4f939b5719716dfe9bd085c4f67696bc11064edd
|
2016-01-13 23:34:42 +01:00 |
|
Miroslav Stampar
|
8362bdcf66
|
Fix for screw up made by #52dd92748a50bcee4fb979ea49185840ff6743b9
|
2016-01-13 23:16:27 +01:00 |
|
Miroslav Stampar
|
eb989469f3
|
Minor just in case update
|
2016-01-12 10:27:04 +01:00 |
|
Miroslav Stampar
|
48ac2101f2
|
Using only once the dummy checkWaf payload
|
2016-01-08 23:23:41 +01:00 |
|
Miroslav Stampar
|
d0d676ccce
|
Update of copyright string
|
2016-01-06 00:06:12 +01:00 |
|
Miroslav Stampar
|
c6d4217495
|
Minor update (just in case)
|
2015-12-03 02:08:59 +01:00 |
|
Miroslav Stampar
|
53de0e8949
|
Implements #1442
|
2015-10-01 11:57:33 +02:00 |
|
Miroslav Stampar
|
81caf14b6d
|
Adding switch --skip-waf
|
2015-09-21 14:57:44 +02:00 |
|
Miroslav Stampar
|
e81e474646
|
Minor adjustment
|
2015-09-21 14:46:34 +02:00 |
|
Miroslav Stampar
|
56f0b811a6
|
Minor patch
|
2015-09-21 13:23:56 +02:00 |
|
Miroslav Stampar
|
f494004f44
|
Switching to the getSafeExString (where it can be used)
|
2015-09-10 15:51:33 +02:00 |
|
Miroslav Stampar
|
c1f829d131
|
Removing last remnants of bad handling the exceptions as strings
|
2015-09-08 11:15:31 +02:00 |
|
Miroslav Stampar
|
e623ee66ad
|
Better approach for #1320
|
2015-07-30 23:29:31 +02:00 |
|
Miroslav Stampar
|
58002c5057
|
Minor cosmetics
|
2015-07-23 09:55:59 +02:00 |
|
Miroslav Stampar
|
21e8182ac6
|
Fixes #1305
|
2015-07-18 17:01:34 +02:00 |
|
Miroslav Stampar
|
16f8e4c8ba
|
Removing unused imports
|
2015-07-12 12:25:02 +02:00 |
|
Miroslav Stampar
|
10f8c6a0b6
|
Introducing --offline switch (to perform session only lookups)
|
2015-07-10 16:10:24 +02:00 |
|
Miroslav Stampar
|
0ba264bfa0
|
Minor patch
|
2015-07-10 09:51:11 +02:00 |
|
Miroslav Stampar
|
4baaa4a5ad
|
Minor improvement
|
2015-07-10 09:24:14 +02:00 |
|
Miroslav Stampar
|
9ff115ce71
|
Minor patch
|
2015-07-10 01:33:53 +02:00 |
|
Miroslav Stampar
|
02470ea683
|
Further decreasing number of testing payloads
|
2015-07-10 01:19:46 +02:00 |
|
Miroslav Stampar
|
48b627f3ff
|
Prevent double tests (e.g. in same final tests where suffix is cut by the comment)
|
2015-07-10 00:54:02 +02:00 |
|
Miroslav Stampar
|
ca2f63c672
|
Test speed up in case of boolean based blind
|
2015-07-10 00:37:59 +02:00 |
|
Miroslav Stampar
|
96327b6701
|
Fixes #1290
|
2015-07-05 01:47:01 +02:00 |
|
Miroslav Stampar
|
1f71d809d4
|
Fixes #1288
|
2015-07-03 08:55:33 +02:00 |
|
Miroslav Stampar
|
08caca387b
|
Minor patch of automatic WAF heuristic check
|
2015-05-29 16:01:41 +02:00 |
|
Miroslav Stampar
|
adc8ac267d
|
Fixes #1190
|
2015-03-10 09:23:26 +01:00 |
|
Bernardo Damele
|
8281fe48e5
|
bug fix: test for boundaries with high levels if the test was extended
|
2015-03-01 11:02:05 +00:00 |
|
Bernardo Damele
|
2f08c8b666
|
bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup
|
2015-02-27 13:57:28 +00:00 |
|
Bernardo Damele
|
475cc8b24b
|
trivial code cleanup
|
2015-02-21 13:12:30 +00:00 |
|
Bernardo Damele
|
d235ee375b
|
code cleanup
|
2015-02-21 12:59:44 +00:00 |
|
Bernardo Damele
|
52dd92748a
|
rework some of the logic of the detection phase based on identified DBMS along the way
|
2015-02-21 02:23:42 +00:00 |
|
Bernardo Damele
|
4f939b5719
|
avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables
|
2015-02-20 18:36:34 +00:00 |
|
Bernardo Damele
|
214b9360e9
|
Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup
|
2015-02-20 18:30:42 +00:00 |
|
Bernardo Damele
|
79d4d970a5
|
trivial code cleanup
|
2015-02-20 15:42:28 +00:00 |
|
Bernardo Damele
|
201b605f9b
|
Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already
|
2015-02-20 10:21:44 +00:00 |
|
Bernardo Damele
|
e17d212c23
|
bug fix introduced with 863d5a6281
|
2015-02-15 20:07:52 +00:00 |
|
Bernardo Damele
|
863d5a6281
|
--test-filter now ignores values of --risk and --level
|
2015-02-15 16:28:37 +00:00 |
|
Miroslav Stampar
|
2e5c11e427
|
Closes #1163
|
2015-02-13 10:59:03 +01:00 |
|
Miroslav Stampar
|
2e9bf47703
|
Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145)
|
2015-01-30 22:12:35 +01:00 |
|
Miroslav Stampar
|
b7cfaa6ca5
|
Minor style update
|
2015-01-22 08:55:37 +01:00 |
|
Miroslav Stampar
|
a603002acd
|
Adding a choice to automatically turn on --identify-waf if protection has been detected
|
2015-01-20 09:38:18 +01:00 |
|
Miroslav Stampar
|
45bdefd29b
|
Update of copyright
|
2015-01-06 15:02:16 +01:00 |
|
Miroslav Stampar
|
6fc41ca940
|
Heuristically checking for WAF/IDS/IPS by default
|
2015-01-06 14:01:47 +01:00 |
|
Miroslav Stampar
|
e6de92ce88
|
Minor patch (unicode related)
|
2014-12-15 13:36:08 +01:00 |
|
Miroslav Stampar
|
1e06e7c386
|
Adding a debug message during name resolution
|
2014-12-11 13:29:26 +01:00 |
|
Miroslav Stampar
|
9b32e69f26
|
Adding new WAF script (UrlScan)
|
2014-12-04 10:06:15 +01:00 |
|