Commit Graph

1203 Commits

Author SHA1 Message Date
Miroslav Stampar
e5863d8b89 Minor patch 2015-08-12 21:43:13 +02:00
Miroslav Stampar
b0bc3149f9 Fixes #1315 2015-07-26 16:18:41 +02:00
Miroslav Stampar
314df093f1 Fixes #1314 2015-07-26 16:06:01 +02:00
Miroslav Stampar
21e8182ac6 Fixes #1305 2015-07-18 17:01:34 +02:00
Miroslav Stampar
16f8e4c8ba Removing unused imports 2015-07-12 12:25:02 +02:00
Miroslav Stampar
10f8c6a0b6 Introducing --offline switch (to perform session only lookups) 2015-07-10 16:10:24 +02:00
Miroslav Stampar
e4b23c9beb Minor fix regarding POST redirects (ML) 2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7 Minor patch for #1260 2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7 Minor patch for #1260 2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda Adding a support for SNI (Issue #1256) 2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028 Minor fix for (hidden) switch '--dummy' 2015-05-29 17:30:02 +02:00
Miroslav Stampar
e8f87bfa41 Minor patches related to the #1206 2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba Fixes related to the #1206 2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9 Conflict fix 2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c Minor update (for Windows-31j charset) 2015-05-09 14:32:55 +02:00
Miroslav Stampar
bb98894dc1 Adding option --safe-req 2015-04-22 16:28:54 +02:00
Miroslav Stampar
c5138d4696 Minor refactoring 2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae Adding an option --safe-post 2015-04-20 23:55:59 +02:00
Miroslav Stampar
99c1cc9937 Fixes #1208 2015-03-26 17:17:46 +01:00
Miroslav Stampar
fc0186e029 Minor update 2015-03-26 12:39:44 +01:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e fix mandatorily depend of websocket #1198 2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6 remove Host header field and add cookie support #1198 2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2 modified error handle #1198 2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7 determine whether it's websocket when connect #1198 2015-03-24 17:19:37 +08:00
Miroslav Stampar
05a496c275 Fixes #1196 2015-03-20 00:56:52 +01:00
Christ van Willegen
80fb2e29cc Fix some spelling errors in help texts (through -> thorough) 2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca Fixes #1185 2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd Minor update (not overriding user given 'Accept-Encoding' header value) 2015-03-03 14:37:36 +01:00
Miroslav Stampar
dde400ab8f More suitable version of 6bcc95a (suggested by user) 2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z]) 2015-02-24 15:05:44 +01:00
Miroslav Stampar
1636088b75 Minor update 2015-02-16 11:48:53 +01:00
Miroslav Stampar
38011743bb Patch for an Issue #1157 2015-02-04 15:01:19 +01:00
Miroslav Stampar
59f0da369d Patch for a bug reported via ML (Accept header ignored in --headers) 2015-02-02 22:07:16 +01:00
Miroslav Stampar
9e90e357cf Patch for an Issue #1146 2015-01-30 21:59:03 +01:00
Miroslav Stampar
e73ac6c8e3 Minor patch on request of an user 2015-01-17 21:47:57 +01:00
Miroslav Stampar
c2b2ccd2b5 Minor bug fix 2015-01-17 17:31:00 +01:00
Miroslav Stampar
54e9a1fb2d Minor style update 2015-01-14 16:11:55 +01:00
Miroslav Stampar
8e03f4db0f Patch for an Issue #1062 2015-01-09 15:33:53 +01:00
Miroslav Stampar
450b3c93cb Potential patch for an Issue #1093 2015-01-07 11:40:11 +01:00
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
c474c16b4a Removing ML email address 2015-01-06 12:30:49 +01:00
Miroslav Stampar
41c2f889b2 Fix related to the SSLv3 disabling 2014-12-30 15:44:55 +01:00
Miroslav Stampar
1e014de6be Patch for an Issue #1066 2014-12-26 22:24:28 +01:00
Miroslav Stampar
6972020faf Bug fix for login-like SQLi (OR with 500 result) 2014-12-18 15:58:19 +01:00
Miroslav Stampar
180ede0cb3 Minor patch 2014-12-15 14:07:28 +01:00
Miroslav Stampar
20c272b77d More generic patch for an Issue #994 2014-12-07 16:14:48 +01:00
Miroslav Stampar
4e7f835eae Patch for an Issue #994 2014-12-07 16:11:07 +01:00
Miroslav Stampar
d3060f20d7 Minor improvement 2014-12-03 13:22:55 +01:00
Miroslav Stampar
17db587e2c Adding some friendly warning messages (regarding blocking) 2014-12-03 10:06:21 +01:00
Miroslav Stampar
7a04595f5e Added a reference url (http charset priority) 2014-12-01 11:15:45 +01:00
Miroslav Stampar
a0d95a8ec4 Refactoring of #952 2014-11-24 12:56:39 +01:00
Miroslav Stampar
27cd9e7064 Merge pull request #952 from Rexikon/patch-1
Update httpshandler.py, AttributeError PROTOCOL_SSLv3
2014-11-24 12:52:27 +01:00
Miroslav Stampar
05f7b1f121 Patch for an Issue #970 2014-11-24 10:55:19 +01:00
Miroslav Stampar
1fc4d0e3c4 Update for an Issue #431 2014-11-21 10:31:55 +01:00
Miroslav Stampar
cf2d5fd453 Update for an Issue #431 2014-11-21 09:41:49 +01:00
Miroslav Stampar
34ce774acd Patch for an Issue #956 2014-11-21 09:41:49 +01:00
Rexikon
4da20679ee Update httpshandler.py
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
2014-11-19 16:36:30 +01:00
Miroslav Stampar
05d5342f20 Update and patch for an Issue #2 2014-11-17 11:50:05 +01:00
Miroslav Stampar
c5df45a14f Minor bug fix (skipping HTML decoding in heuristic mode) 2014-11-11 11:23:14 +01:00
Miroslav Stampar
71c43be53a Patch for an Issue #901 2014-11-05 10:03:19 +01:00
Miroslav Stampar
49d3860b1f Minor fix 2014-10-31 20:22:15 +01:00
Miroslav Stampar
df73be32f1 Fix for an Issue #876 2014-10-28 14:41:21 +01:00
Miroslav Stampar
3b3b8d4ef2 Potential bug fix (escaping formatted regular expressions) 2014-10-28 14:02:55 +01:00
Miroslav Stampar
268e774087 Minor refactoring 2014-10-28 13:44:55 +01:00
Miroslav Stampar
f89e94fb8c Minor refactoring 2014-10-28 13:42:13 +01:00
Miroslav Stampar
6448d3caf4 Implementing support for csrfcookie (Issue #2) 2014-10-24 09:37:51 +02:00
Miroslav Stampar
5e31229d48 Minor cosmetic update 2014-10-23 15:18:22 +02:00
Miroslav Stampar
abbd352392 Support for X-CSRF-TOKEN header (Issue #2) 2014-10-23 14:33:22 +02:00
Miroslav Stampar
fc1b05bec9 Implementation for an Issue #2 2014-10-23 11:23:53 +02:00
Miroslav Stampar
8dcad46805 Update basic.py 2014-10-22 23:16:46 +02:00
Miroslav Stampar
2f18df345e Minor patch 2014-10-22 13:41:36 +02:00
Miroslav Stampar
268095495e Minor patch 2014-10-22 13:32:49 +02:00
Miroslav Stampar
3ebc5faa34 Falling back to partial UNION if large dump connects out 2014-10-21 09:23:34 +02:00
Miroslav Stampar
1e636fb925 Minor patch regarding Issue #840 2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f Fix for an Issue #838 2014-09-26 17:00:50 +02:00
Miroslav Stampar
bfc8ab0e35 Language update 2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved) 2014-09-08 14:33:13 +02:00
Miroslav Stampar
bbf0be1f8d Bug fix (Issue #813) 2014-09-03 22:09:12 +02:00
Miroslav Stampar
9476359255 Bug fix 2014-08-28 12:50:39 +02:00
Miroslav Stampar
e68326c0fe expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work 2014-08-26 22:57:08 +02:00
Miroslav Stampar
dcaad75a1e Fix for an Issue #794 2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306 Minor patch 2014-08-22 14:45:23 +02:00
Miroslav Stampar
58d93ffb2b Fix for falling back to partial union (excluding scalar queries) 2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d Language update 2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692 Minor refactoring 2014-08-20 23:42:40 +02:00
Miroslav Stampar
b4fbb9cafe Minor upgrade 2014-08-20 13:52:48 +02:00
Miroslav Stampar
6caccc3d93 Bug fix for ultra-slow processing of binary data 2014-08-20 01:38:01 +02:00
Miroslav Stampar
3cfa63646b Minor bug fix 2014-07-19 23:17:23 +02:00
Miroslav Stampar
32af0b17b0 Update for an Issue #760 2014-07-10 08:49:20 +02:00
Miroslav Stampar
686fe4d0e9 Another patch for DNS exfiltration and boolean checks 2014-06-27 14:22:00 +02:00
Miroslav Stampar
2f8d17bcb7 Appendix to last commit 2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a Fix for DNS exfiltration of boolean checks 2014-06-27 13:07:34 +02:00
Miroslav Stampar
2a88436417 Patch for an Issue #724 2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac Patch for an Issue #719 2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6 Patch for an Issue #716 2014-06-10 21:57:54 +02:00
Miroslav Stampar
680ab10ca6 Patch for an Issue #703 2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250 Minor fix (related to the unknown encoding reported by ML) 2014-05-22 09:03:14 +02:00
Miroslav Stampar
c181e909b5 Minor fix 2014-05-16 23:47:00 +02:00
Miroslav Stampar
2e96e3c924 Adding a hidden switch --ignore-401 2014-04-29 23:26:45 +02:00
Miroslav Stampar
2d3a74a0fe Patch for an Issue #667 2014-04-07 21:01:40 +02:00
Miroslav Stampar
bf18b025d6 Minor removal of redundant code 2014-04-06 18:09:54 +02:00
Miroslav Stampar
7cc4159316 Renaming conf.cDel to conf.cookieDel 2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Miroslav Stampar
492a410bcc Minor fix 2014-04-04 16:14:53 +02:00
Miroslav Stampar
e7e8a3965a Minor fix 2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd Patch related to the Issue #661 2014-04-02 22:34:37 +02:00
Miroslav Stampar
e8c1c90f2e Whitespace was being double encoded in case of spaceplus (' '->%2B) 2014-03-25 22:02:14 +01:00
Miroslav Stampar
106102bd3c Fix for an Issue #648 2014-03-21 20:28:29 +01:00
Miroslav Stampar
be3fd8bb29 Fix for an Issue #638 2014-03-14 16:44:56 +01:00
Miroslav Stampar
f1f53a5841 Minor cosmetic update 2014-03-06 21:08:31 +01:00
Miroslav Stampar
cc62a8adc9 Bug fix for JSON-like data (proper escaping of quotes) 2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc Adding support for JSON-like data with single quote 2014-02-26 08:56:17 +01:00
Miroslav Stampar
fc02badf40 Minor update 2014-01-23 08:33:21 +01:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
36f3ab5798 Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True) 2014-01-09 15:46:55 +01:00
Miroslav Stampar
5437f8bf36 Fix for an Issue #85 2014-01-02 12:09:58 +01:00
Miroslav Stampar
4de83daf03 Minor style update 2014-01-02 11:06:19 +01:00
Miroslav Stampar
b0ca34ff27 Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None) 2013-12-04 10:09:54 +01:00
Bernardo Damele
59b6791faa minor improvement 2013-11-19 00:24:47 +00:00
Miroslav Stampar
8dac47f7e5 Minor patch (for recognition of x-mac-turkish codec) 2013-10-21 20:04:48 +02:00
Miroslav Stampar
344d3f4b5f Minor patch 2013-10-12 21:05:18 +02:00
Miroslav Stampar
18d9e1dbc3 Minor update due to reported (debug) problems with SSLv23 2013-10-04 10:53:49 +02:00
Miroslav Stampar
a3defc175d Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself) 2013-09-11 23:17:18 +02:00
Miroslav Stampar
81409ce6da Minor patch 2013-09-02 10:54:32 +02:00
Miroslav Stampar
dd39913cf6 Improvement for an --eval mechanism 2013-08-31 00:28:51 +02:00
Miroslav Stampar
3a57af1452 Minor fix 2013-08-30 15:26:03 +02:00
Miroslav Stampar
88b992ad83 Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly) 2013-08-23 11:54:08 +02:00
Miroslav Stampar
23f2c5f166 Finishing implementation for an Issue #58 2013-08-20 19:35:49 +02:00
Miroslav Stampar
4929cff0c0 Minor update 2013-08-13 06:42:49 +02:00
Miroslav Stampar
b2855e0281 Minor patch 2013-08-12 14:25:51 +02:00
Miroslav Stampar
a711c9ed36 Minor cleanup and initial work for #58 2013-08-09 14:13:48 +02:00
Miroslav Stampar
32c1cb20f5 Fix for an Issue #497 2013-08-01 19:48:20 +02:00
Miroslav Stampar
953b5815d8 Implementation for an Issue #496 2013-07-31 21:15:03 +02:00
Miroslav Stampar
6b826ef64d Reintroducing option --cookie-del 2013-07-31 20:41:19 +02:00
Miroslav Stampar
ca44b23d20 Implementation for --eval to support cookies 2013-07-31 17:29:16 +02:00
Miroslav Stampar
eaacbe0b12 Minor language fix 2013-07-31 09:24:34 +02:00
Miroslav Stampar
f54082111d Better way how to deal with required extensions 2013-07-13 19:25:49 +02:00
Miroslav Stampar
3f6d4083a7 Minor language update 2013-07-13 17:19:16 +02:00
Miroslav Stampar
31efabfca1 Appropriate error messaging when one of core libraries are missing due to erroneous Python build 2013-07-13 16:07:36 +02:00
Miroslav Stampar
4d9f8ad0dd Commit related to the last one 2013-07-13 12:00:03 +02:00
stamparm
a53823f9b7 Minor refactoring 2013-06-19 10:59:26 +02:00
Miroslav Stampar
f185e5cdd5 Fix for an Issue #463 2013-06-10 22:26:34 +02:00
Miroslav Stampar
6f49b96a2d Fix for an Issue #462 2013-06-10 12:20:58 +02:00
Miroslav Stampar
39612b5d87 Fix for an Issue #457 2013-06-04 23:46:39 +02:00
Miroslav Stampar
3e0f747fad Minor fix 2013-06-04 00:05:25 +02:00
Miroslav Stampar
edc9da1226 Minor refactoring 2013-06-03 15:14:56 +02:00
stamparm
6b280d8da4 Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup) 2013-05-28 14:40:45 +02:00
stamparm
659c0bb418 Minor fix 2013-05-27 10:38:47 +02:00
stamparm
4b2cf07262 Minor style update 2013-05-20 16:15:35 +02:00