260 Commits

Author	SHA1	Message	Date
Miroslav Stampar	2fa066f892	added support for WebScarab logs	2011-01-20 15:55:50 +00:00
Miroslav Stampar	f6f4b5e9dd	bug fix for charset used in inference for pages retrieved with --null-connection	2011-01-20 11:01:01 +00:00
Bernardo Damele	bade0e3124	Major code refactoring - centralized all kb.dbms* info for both retrieval and set.	2011-01-19 23:06:15 +00:00
Miroslav Stampar	c106dc829a	more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)	2011-01-19 22:08:56 +00:00
Bernardo Damele	47565f9459	Minor code refactoring	2011-01-17 21:13:59 +00:00
Miroslav Stampar	30d6791968	update regarding time based data retrieval	2011-01-16 17:52:42 +00:00
Miroslav Stampar	71391874eb	slightly faster and thread safer inference	2011-01-16 10:52:42 +00:00
Miroslav Stampar	fb9d7cdfaa	refactoring, code clearing and removal of obsolete switch --longest-common	2011-01-14 14:37:03 +00:00
Bernardo Damele	3c95d71ea5	Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase	2011-01-14 11:55:20 +00:00
Bernardo Damele	2ac8debea0	Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. ... Minor bug fixes thanks to previous refactoring too.	2011-01-13 17:36:54 +00:00
Bernardo Damele	af9725214a	Properly deal with partial (single entry) UNION injections. ... Got rid of kb.union*, now it's all stored/used from kb.injection. Minor bug fix with where=2 detection phase.	2011-01-12 12:01:32 +00:00
Bernardo Damele	8a67aea754	One more step to fully working UNION exploitation after merge into detection phase	2011-01-12 01:13:32 +00:00
Bernardo Damele	5c7c3c76c3	Fixed previous bug in getErrorParsedDBMSes() call in detection phase. ... Added minor support to escape quotes in UNION payloads during detection phase.	2011-01-11 23:47:32 +00:00
Bernardo Damele	06230e4d92	Minor code refactoring and cosmetics	2011-01-11 21:46:21 +00:00
Miroslav Stampar	394b6bc029	reverting some changes	2011-01-11 12:11:33 +00:00
Miroslav Stampar	690281dce1	didn't know this to be honest	2011-01-11 10:17:22 +00:00
Miroslav Stampar	77b51dae57	adding openFile method with an exception block around file opening part	2011-01-08 09:30:10 +00:00
Miroslav Stampar	c17714c423	suppress session in case of brute methods	2011-01-07 16:47:46 +00:00
Miroslav Stampar	b313a20a3f	some fixes	2011-01-07 16:39:47 +00:00
Miroslav Stampar	a8d660db54	fixes for bugs reported by pragmatk@gmail.com	2011-01-06 16:59:58 +00:00
Miroslav Stampar	0eabca9fd4	update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)	2011-01-03 22:31:29 +00:00
Miroslav Stampar	08ccbf2c1e	important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)	2011-01-03 22:02:58 +00:00
Miroslav Stampar	da138c46c1	added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)	2011-01-02 07:37:47 +00:00
Miroslav Stampar	212035e64d	user can now choose if he wants to skip non-heuristic based DBMS tests	2011-01-01 23:38:11 +00:00
Miroslav Stampar	9fb0e0fc85	resume of brute forced data is now available	2010-12-27 14:17:20 +00:00
Miroslav Stampar	51a492e17d	pretty important commit (now dumped tables are prone to dictionary attack)	2010-12-27 10:56:28 +00:00
Miroslav Stampar	269d6bde24	this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)	2010-12-27 00:14:29 +00:00
Miroslav Stampar	562a6440d1	fix for a bug reported by nightman (same as http://bugs.python.org/issue8797)	2010-12-26 09:33:04 +00:00
Miroslav Stampar	2c23a59ba5	fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)	2010-12-24 12:13:48 +00:00
Miroslav Stampar	aab14fa2d3	minor refactoring/cosmetics	2010-12-24 11:06:57 +00:00
Miroslav Stampar	d9f08e4aa3	randomization of user agents	2010-12-24 10:04:27 +00:00
Miroslav Stampar	017ea9e686	update	2010-12-23 14:06:22 +00:00
Miroslav Stampar	73f33c1999	bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)	2010-12-23 11:28:13 +00:00
Miroslav Stampar	d974a966b8	minor fix for end phase (Ctrl+C)	2010-12-21 23:55:55 +00:00
Miroslav Stampar	fb75d0636b	minor update	2010-12-21 23:42:59 +00:00
Miroslav Stampar	385e208f38	code refactoring regarding standard output suppression and some threading issues	2010-12-21 14:21:24 +00:00
Miroslav Stampar	8fd3e7ba1f	thread based data added	2010-12-20 22:45:01 +00:00
Miroslav Stampar	5852bad963	some refactoring	2010-12-20 18:56:06 +00:00
Miroslav Stampar	19d8733e9a	this is strictly for educational purposes	2010-12-20 17:30:47 +00:00
Miroslav Stampar	13d5b2c0ff	code refactoring	2010-12-20 09:44:21 +00:00
Miroslav Stampar	36862e2efa	update	2010-12-18 15:57:47 +00:00
Miroslav Stampar	e355f92f22	bug fix	2010-12-18 10:02:01 +00:00
Miroslav Stampar	fe67d3827c	code refactoring and some fixes	2010-12-18 09:51:34 +00:00
Miroslav Stampar	a19cb2c13a	code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")	2010-12-17 21:29:09 +00:00
Miroslav Stampar	de54219571	code refactoring	2010-12-15 12:50:56 +00:00
Miroslav Stampar	c1c525aaea	quick fix of a fix	2010-12-15 12:10:33 +00:00
Miroslav Stampar	7cfeb5447b	minor update	2010-12-15 11:46:28 +00:00
Miroslav Stampar	4dec24d056	quick fix for a bug reported by Andreas Constantinides (KeyError: 5)	2010-12-15 11:30:29 +00:00
Miroslav Stampar	c3d0295d21	minor update (checking for --time-sec value)	2010-12-14 12:37:21 +00:00
Miroslav Stampar	b75d7fa348	minor cache based optimization	2010-12-14 12:22:17 +00:00