sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
6,399 Commits 4 Branches 117 Tags 97 MiB
34ce774acd
Commit Graph

506 Commits

Author SHA1 Message Date
Miroslav Stampar
0f5d48ff20 minor update 2011-12-05 09:25:56 +00:00
Miroslav Stampar
9bc735963b update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself)) 2011-12-04 22:42:19 +00:00
Miroslav Stampar
b03a5e8928 people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value 2011-12-01 13:30:47 +00:00
Miroslav Stampar
3cd8f47686 minor bug fix 2011-11-29 17:17:06 +00:00
Miroslav Stampar
d958c2fe48 minor fix 2011-11-28 11:21:39 +00:00
Miroslav Stampar
ba4234dc42 switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings) 2011-11-23 21:17:08 +00:00
Miroslav Stampar
4fa24ec704 minor improvement 2011-11-21 17:39:18 +00:00
Miroslav Stampar
65b2b0ad87 adding switch --eval 2011-11-21 16:41:02 +00:00
Miroslav Stampar
df0b451389 minor update 2011-11-20 23:17:57 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
b888829d12 minor update 2011-11-14 11:39:18 +00:00
Miroslav Stampar
ccbd93cc2e fix for redirect/HOST header bug 2011-11-11 11:28:27 +00:00
Miroslav Stampar
1061c06617 improvement of redirecting code 2011-11-11 11:07:49 +00:00
Miroslav Stampar
e183437f0b minor typo 2011-11-10 10:30:53 +00:00
Miroslav Stampar
62f8f8d36c bug fix (thanks to zhen zhou) 2011-11-10 10:22:35 +00:00
Miroslav Stampar
c1486ed4be adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request 2011-10-25 09:53:44 +00:00
Miroslav Stampar
6d64f87190 minor update 2011-10-24 00:46:54 +00:00
Miroslav Stampar
1f7d87c6a4 bug fix for --code (previously redirecting codes where not considered) 2011-10-23 20:48:37 +00:00
Miroslav Stampar
77e630d89e replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-23 20:19:42 +00:00
Miroslav Stampar
3f0517d3f3 support for non-latin (e.g. cyrillic) URLs 2011-10-23 17:02:48 +00:00
Miroslav Stampar
0db0571f35 minor patch 2011-10-21 09:06:00 +00:00
Miroslav Stampar
dd0ed5f5da adding redirect response to the traffic file 2011-09-28 08:13:46 +00:00
Miroslav Stampar
e0f521cf9d minor update regarding --randomize 2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a implemented --randomize switch by request 2011-08-29 12:50:52 +00:00
Miroslav Stampar
75ec146224 minor beautification 2011-08-17 21:17:02 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33 Search for --string and --regexp matches also in HTTP response headers 2011-08-12 15:33:37 +00:00
Bernardo Damele
5e5133b8e7 Should be fixed now 2011-08-12 15:00:11 +00:00
Bernardo Damele
1505cb2a80 typo 2011-08-12 14:51:39 +00:00
Bernardo Damele
702ca22d54 Minor bug fix for URI injections 2011-08-12 14:48:44 +00:00
Bernardo Damele
28bba9f5e6 More verbose warning message 2011-08-12 13:47:38 +00:00
Miroslav Stampar
10bdd90e60 minor speed optimizations (as a result of profiling) 2011-08-12 13:40:37 +00:00
Miroslav Stampar
02bfd05b20 more general approach 2011-07-08 10:03:14 +00:00
Miroslav Stampar
ba2c06c9dc quick fix 2011-07-08 09:01:32 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
75524c283d minor update 2011-06-27 21:59:31 +00:00
Miroslav Stampar
831f083223 minor update 2011-06-27 21:38:12 +00:00
Miroslav Stampar
e9286ddd5b fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 
47: ordinal not in range(128))
 2011-06-24 19:24:11 +00:00
Miroslav Stampar
e76cb19e35 minor patch 2011-06-22 09:11:12 +00:00
Miroslav Stampar
b16b92fe46 minor update 2011-06-21 20:59:34 +00:00
Miroslav Stampar
2220afbdf5 fix by request 2011-06-21 20:50:16 +00:00
Miroslav Stampar
bdb530da1f minor update 2011-06-19 10:11:27 +00:00
Miroslav Stampar
d5bc149636 made changes by buawig request (504 is treated as a classical timeout) 2011-06-19 09:57:41 +00:00
Bernardo Damele
0d8d6a4ace Cosmetics 2011-06-08 16:08:20 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Miroslav Stampar
75c12c5edb fix for a bug reported by cclements@flatearth.​net (TypeError: argument of type 'NoneType' is not iterable) 2011-06-07 21:46:49 +00:00
Miroslav Stampar
a5a70f0895 minor update 2011-05-28 18:21:03 +00:00
Miroslav Stampar
c11ea35d53 adding some user input for "refreshing" cases (like redirect ones) 2011-05-27 22:42:23 +00:00
Miroslav Stampar
cf69809c3c minor update 2011-05-27 16:26:00 +00:00
Miroslav Stampar
61b960f65f minor update related to the last one 2011-05-26 22:05:10 +00:00
Miroslav Stampar
45caadbd4a important update - finally found what was causing headache for UNION payloads in noticeable number of cases 2011-05-26 21:54:19 +00:00
Miroslav Stampar
4f2c999146 fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders) 2011-05-26 13:47:20 +00:00
Miroslav Stampar
f774d8fea0 proper Tor settings (reverted r3915 and implemented it the right way) 2011-05-24 11:06:58 +00:00
Miroslav Stampar
915c206e3d minor fix for socks proxy issues 2011-05-24 09:47:10 +00:00
Miroslav Stampar
ad25bcc2be better way for dealing with relative paths 2011-05-24 05:26:51 +00:00
Miroslav Stampar
a536bf210f improved redirection mechanism 2011-05-23 23:20:03 +00:00
Miroslav Stampar
40971aca94 fixing nasty bug caused by retrying counter 2011-05-22 10:59:56 +00:00
Miroslav Stampar
712e238f33 another minor fix 2011-05-22 10:29:25 +00:00
Miroslav Stampar
2795aeff34 minor fix 2011-05-22 10:27:45 +00:00
Miroslav Stampar
806e898694 no more CRITICAL drop outs in test mode - lots of reports were related to this 2011-05-22 10:21:49 +00:00
Miroslav Stampar
9b2623514a one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables 2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170 type correction and adding global flag kb.ignoreTimeout which could be useful 2011-05-22 08:24:13 +00:00
Miroslav Stampar
27f0e73cc9 refactoring of 'target' flag in connect.py 2011-05-22 07:46:09 +00:00
Miroslav Stampar
25fff8c135 changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux) 2011-05-21 11:46:57 +00:00
Miroslav Stampar
053c245114 few minor fixes 2011-05-13 09:56:12 +00:00
Miroslav Stampar
a7d7be5ce0 bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host) 2011-05-13 01:01:53 +00:00
Miroslav Stampar
0b2da2f9f5 minor beautification for --tor switch 2011-05-12 05:46:17 +00:00
Miroslav Stampar
1dea609019 fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query) 2011-05-10 12:51:37 +00:00
Miroslav Stampar
a64407d9db minor bug fix for multithreading and lots of connection retries 2011-05-10 12:40:01 +00:00
Miroslav Stampar
22a1870c2c adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1 2011-05-10 12:32:07 +00:00
Miroslav Stampar
b324b99f6e minor update of warning message 2011-05-04 10:41:08 +00:00
Miroslav Stampar
1e6c2fea74 update regarding warning for --random-agent during connection timeout in connection test phase 2011-05-03 10:05:42 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
b299912de4 fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost 2011-04-29 16:56:02 +00:00
Miroslav Stampar
6bb4dce3aa minor refactoring 2011-04-29 15:22:32 +00:00
Bernardo Damele
11ecd16099 cosmetics 2011-04-21 10:08:38 +00:00
Miroslav Stampar
fc90974940 revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase) 2011-04-19 14:50:09 +00:00
Miroslav Stampar
7abbd0c029 removing a leftover 2011-04-19 14:29:51 +00:00
Miroslav Stampar
96b5fede5a automatic increasing of time delay on lagging connections 2011-04-19 14:28:51 +00:00
Miroslav Stampar
7a06af9a92 added "lagging" critical message 2011-04-19 10:37:20 +00:00
Miroslav Stampar
6463cad8c5 minor update for SOAP payloads 2011-04-18 14:29:52 +00:00
Miroslav Stampar
a7366bf710 SOAP refactoring 2011-04-17 21:39:00 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
83feb097ef greater flexibility for --batch when default is None 2011-04-08 22:29:50 +00:00
Miroslav Stampar
e957c4400c minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding) 2011-04-04 08:04:47 +00:00
Miroslav Stampar
305115a68b important improvement of data handling (POST data and header values) 2011-04-03 15:02:52 +00:00
Miroslav Stampar
dd01d66f13 proper update regarding last commit 2011-03-29 22:10:08 +00:00
Miroslav Stampar
850328df6c minor cosmetics 2011-03-29 22:03:48 +00:00
Miroslav Stampar
9f707febf5 minor update 2011-03-29 15:43:17 +00:00
Miroslav Stampar
d28ca5809b adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page) 2011-03-29 14:16:28 +00:00
Miroslav Stampar
ae53ad4c30 making an update for special case of timed out response 2011-03-28 21:05:04 +00:00
Miroslav Stampar
b53c9a2599 minor fix and some refactoring 2011-03-18 00:24:02 +00:00
Bernardo Damele
9526f0c4c2 Minor layout adjustments 2011-03-17 12:35:40 +00:00
Miroslav Stampar
e64f225e65 minor refactoring 2011-03-11 20:16:34 +00:00
Miroslav Stampar
2fd3f0d7b2 minor update (added comment) 2011-03-11 20:07:52 +00:00
Miroslav Stampar
5eae525010 this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly) 2011-03-11 19:57:44 +00:00
Miroslav Stampar
5c97f9a496 improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries) 2011-03-09 09:36:56 +00:00
Miroslav Stampar
9856cb71de redo of the last commit with comments added 2011-02-28 18:58:05 +00:00
Miroslav Stampar
ade31b2cb0 removal of obsolete item 2011-02-28 18:49:25 +00:00
Miroslav Stampar
21041f8b90 further reflective value handling improvement 2011-02-27 17:43:41 +00:00
Miroslav Stampar
63b8156c00 some update (if header key is non-unicode comformant) 2011-02-25 09:43:04 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
3f8eadf4fe minor refactoring 2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe minor refactoring 2011-02-22 12:54:22 +00:00
Miroslav Stampar
17c39fe231 fix for that non-HTML stuff 2011-02-22 11:32:55 +00:00
Bernardo Damele
60b05ff49f Reflect new switch name 2011-02-19 21:05:15 +00:00
Miroslav Stampar
535eb9f3eb implementation of referer feature 2011-02-11 23:07:03 +00:00
Bernardo Damele
156d8cd99b Directory restyling 2011-02-08 00:15:02 +00:00
Miroslav Stampar
e4933f0c92 refactoring 2011-02-03 23:25:56 +00:00
Miroslav Stampar
402c1b622e removing urlencode from UA 2011-02-02 15:18:06 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Miroslav Stampar
35b6d7278a minor update 2011-01-31 22:50:54 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
fc9c626f9e minor refactoring (removed URL_ENCODE_PAYLOAD) 2011-01-30 17:03:06 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0 minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) 2011-01-27 16:55:58 +00:00
Miroslav Stampar
430fd5cd63 minor fixes 2011-01-25 16:05:06 +00:00
Miroslav Stampar
cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) 2011-01-25 11:02:41 +00:00
Miroslav Stampar
4093599f38 added parseTargetUrl to redirect choice 2011-01-24 14:45:35 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Bernardo Damele
1c86ec374e Code refactoring and cosmetics 2011-01-07 15:41:09 +00:00
Miroslav Stampar
709a7d156b fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...) 2011-01-04 12:51:51 +00:00
Miroslav Stampar
d288c6d6e3 minor update 2011-01-04 08:40:41 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
07129371bf bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests) 2011-01-03 13:04:20 +00:00
Miroslav Stampar
da138c46c1 added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly) 2011-01-02 07:37:47 +00:00
Miroslav Stampar
ef27fd5ea1 there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) (http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html, http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html) 2011-01-01 15:20:29 +00:00
Miroslav Stampar
93838fb155 "patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError) 2010-12-28 14:40:34 +00:00
Miroslav Stampar
f2373121d0 noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more) 2010-12-26 14:36:51 +00:00
Miroslav Stampar
569e060aab important improvement 2010-12-26 13:20:52 +00:00
Miroslav Stampar
b472b96f92 bug fix, refactoring and improved extractErrorMessage capabilities 2010-12-25 10:16:20 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
a09716a701 minor update 2010-12-24 10:07:56 +00:00
Miroslav Stampar
cb17e61f35 bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959) 2010-12-24 02:54:26 +00:00
Miroslav Stampar
017ea9e686 update 2010-12-23 14:06:22 +00:00
Miroslav Stampar
8fc60215ed lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called. 2010-12-22 19:12:46 +00:00
Bernardo Damele
250608660d Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not) 2010-12-22 13:41:36 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Miroslav Stampar
d554460aec minor fix 2010-12-21 01:09:39 +00:00
Miroslav Stampar
416755c0b7 minor adjustments 2010-12-21 00:25:03 +00:00
Miroslav Stampar
29001a4fce minor update 2010-12-20 23:21:01 +00:00
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
c948bced61 should solve the problem with timeout problems in time-based payloads 2010-12-20 16:45:41 +00:00
Miroslav Stampar
eaf8929085 more minor updates 2010-12-20 10:48:53 +00:00
Miroslav Stampar
108a96c6b4 some fixes 2010-12-17 21:45:20 +00:00
Miroslav Stampar
f7344a5fc3 update 2010-12-11 21:28:11 +00:00
Miroslav Stampar
435f48b8cc polite cosmetics 2010-12-10 15:28:56 +00:00
Bernardo Damele
9230877d98 cosmetics 2010-12-09 13:57:38 +00:00
Miroslav Stampar
196131bbca minor cosmetics 2010-12-09 10:42:00 +00:00
Miroslav Stampar
3fd1c37d53 update 2010-12-09 07:49:18 +00:00
Miroslav Stampar
40fadf2f35 minor update 2010-12-08 14:33:10 +00:00
Miroslav Stampar
01cf1394a4 code refactoring 2010-12-08 14:26:40 +00:00
Miroslav Stampar
47bb31fb47 code refactoring 2010-12-08 11:30:25 +00:00
Miroslav Stampar
1ae2fa7f1a update regarding time based payloads 2010-12-08 11:26:54 +00:00
Miroslav Stampar
a4a63f5b1e minor update 2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) 2010-12-07 23:32:33 +00:00
Miroslav Stampar
dc651d59ec little mathematics here and there (used "Rules for normally distributed data") 2010-12-07 19:19:12 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Miroslav Stampar
0dc630203f code refactoring 2010-12-07 13:34:06 +00:00
Miroslav Stampar
9e5f933ace some updates 2010-12-04 15:47:02 +00:00
Bernardo Damele
5d37df6104 Ugly code to set the cookies when got them from a 302 redirect too 2010-12-03 17:41:10 +00:00
Miroslav Stampar
e735f2960a minor update 2010-11-29 15:25:45 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. 
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
 2010-11-28 18:10:54 +00:00
Bernardo Damele
253eafb643 paranoid cosmetics 2010-11-24 12:03:01 +00:00
Miroslav Stampar
3d25071d06 another minor improvement regarding logging of http traffic 2010-11-17 12:16:48 +00:00
Miroslav Stampar
3e569a1693 minor update 2010-11-17 12:04:33 +00:00
Miroslav Stampar
3487429eac minor cosmetics 2010-11-16 14:41:46 +00:00
Miroslav Stampar
3640dbf745 fix for --parse-errors (on IIS HTTP error is raised which need to be processed) 2010-11-16 14:33:30 +00:00
Miroslav Stampar
6232397129 minor update 2010-11-16 10:52:49 +00:00
Miroslav Stampar
6ef3846400 update regarding error parsing (and reporting) 2010-11-16 10:42:42 +00:00
Bernardo Damele
71cb982039 Another bug fix to --union-test 2010-11-15 21:42:56 +00:00
Miroslav Stampar
06a872fc99 update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read)) 2010-11-12 22:57:33 +00:00
Miroslav Stampar
697b32554c fix for a bug "ordinal not in range(128)" reported by bugtrace 2010-11-12 11:48:25 +00:00
Bernardo Damele
a14e4d9668 Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually. 2010-11-12 10:16:39 +00:00
Miroslav Stampar
fda8752dca revert of some HTTP headers handling 2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483 More replacements for refactoring. 
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
 2010-11-08 12:36:48 +00:00
Miroslav Stampar
875781bf97 another minor fix 2010-11-08 11:55:56 +00:00
Miroslav Stampar
4a4a3051e5 fix 2010-11-08 11:39:07 +00:00
Miroslav Stampar
a3de10e3a2 new option -t 2010-11-08 11:22:47 +00:00
Miroslav Stampar
0d0e2a2228 minor update 2010-11-08 09:49:57 +00:00
Miroslav Stampar
d551423379 further enum refactoring 2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a refactoring regarding injection place (more left) 2010-11-08 08:02:36 +00:00
Bernardo Damele
b6da946883 Added one new verbose level, -v 3 now shows the full injected payload. 
Fixed also -d verbose output.
 2010-11-07 22:34:29 +00:00
Bernardo Damele
a96467b3e2 Refactoring 2010-11-07 21:55:24 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
508b9cc763 dynamicity engine update 2010-11-07 00:12:00 +00:00
Miroslav Stampar
ef1809464d bug fix for that BadStatusLine (http://bugs.python.org/issue8450) 2010-11-05 11:58:20 +00:00
Miroslav Stampar
6295a59a30 minor update/fix 2010-11-05 11:39:35 +00:00
Miroslav Stampar
5f7f4bf15b minor debug update (probably temporary) 2010-11-05 11:04:00 +00:00
Bernardo Damele
b152b1a04d Cosmetics 2010-11-03 22:07:13 +00:00
Miroslav Stampar
71d0b1bcd7 several bug fixes 2010-11-03 21:51:36 +00:00
Bernardo Damele
3eda4510e2 Properly encode the cookie 2010-10-31 11:26:33 +00:00
Bernardo Damele
3a48bee9b0 Minor code refactoring 2010-10-31 11:03:59 +00:00
Bernardo Damele
8cf0ebde1e Cosmetics 2010-10-29 23:00:48 +00:00
Miroslav Stampar
cbf38436f2 minor update 2010-10-29 16:15:23 +00:00
Miroslav Stampar
5a38ac7ea9 important update regarding (Bug #209) - probably more will be needed 2010-10-29 16:11:50 +00:00
Miroslav Stampar
895efd28a6 one more update regarding Bug #205 2010-10-28 23:22:13 +00:00
Miroslav Stampar
788eb8fb50 update regarding Bug #205 2010-10-28 22:59:51 +00:00
Miroslav Stampar
228ac0cde5 refactoring regarding --check-payload 2010-10-25 18:38:54 +00:00
Miroslav Stampar
378653a1ec added IDS payload testing 2010-10-25 15:37:43 +00:00
Miroslav Stampar
2668c95ef4 added default HTTP version used by httplib and urllib2 2010-10-21 09:10:07 +00:00
Miroslav Stampar
8b8fff41fe cosmetics (adding html parsed DBMS) regarding heuristic check 2010-10-18 12:11:16 +00:00
Bernardo Damele
36bc410333 Minor bug fix 2010-10-18 09:50:23 +00:00
Miroslav Stampar
149837ebf5 added the same for proxy authorization header 2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e fix for Bug #202 2010-10-18 08:54:08 +00:00
Miroslav Stampar
dcb9c2103a just in case update 2010-10-15 11:20:19 +00:00
Bernardo Damele
5f6d88a418 Minor comment 2010-10-15 11:17:17 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
162d01abed commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 11:06:28 +00:00
Miroslav Stampar
dc50543ea4 major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects) 2010-10-13 23:01:23 +00:00
Miroslav Stampar
36ef8ca575 bug fix 2010-10-13 22:42:48 +00:00
Miroslav Stampar
02a14d4c45 added Referer (part of Feature #37) 2010-10-13 22:08:09 +00:00
Miroslav Stampar
34580f56fc added --tamper option 2010-10-12 22:45:25 +00:00
Miroslav Stampar
43892cddbb some updates 2010-10-11 12:26:35 +00:00
Miroslav Stampar
8fcad29bbf new feature --forms (still unfinished) 2010-10-10 18:56:43 +00:00
Miroslav Stampar
adf2231edb minor update 2010-10-06 13:38:03 +00:00
Miroslav Stampar
cf17debf79 changed connection message priority to critical (when verbose=0 it's displayed too) 2010-09-27 13:34:52 +00:00
Miroslav Stampar
13bb3a6212 minor update 2010-09-23 14:07:23 +00:00
Miroslav Stampar
da8ae5578b first commit regarding Feature #144 2010-09-22 11:56:35 +00:00
Miroslav Stampar
975b96ae28 minor refactoring 2010-09-16 09:47:33 +00:00
Miroslav Stampar
1741801ade implementation of HEAD/Range methods 2010-09-16 09:32:09 +00:00
Miroslav Stampar
b745331974 added null connection check 2010-09-16 08:43:10 +00:00
Miroslav Stampar
ecd6b573f7 added method parameter to the queryPage function 2010-09-15 14:17:17 +00:00
Miroslav Stampar
34a8cd75e3 added support for setting HTTP method manualy 2010-09-15 12:45:41 +00:00
Miroslav Stampar
436b7d82fb fixed a bug reported by Marek Sarvas 2010-08-22 08:52:15 +00:00
Bernardo Damele
fea2414759 Display HTTP request in -v>=3 even if connection failed 2010-06-10 14:42:17 +00:00
Bernardo Damele
5bb8e154eb Minor code improvements 2010-06-10 14:15:32 +00:00
Miroslav Stampar
36953221f8 few quick changes 2010-06-10 11:34:17 +00:00
Miroslav Stampar
eaef068c90 major bug fix (different HTTP content charsets are now properly handled) 2010-06-09 14:40:36 +00:00
Bernardo Damele
e811101dce Minor bug fix 2010-05-28 23:39:52 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Bernardo Damele
cda8da288c Minor adjustment 2010-05-21 12:18:43 +00:00
Miroslav Stampar
f6bffb61d3 minor adjustment 2010-05-21 11:51:43 +00:00
Miroslav Stampar
460a1ba872 fix for my imperfect calculations :) 2010-05-21 11:41:49 +00:00
Miroslav Stampar
68e13c3872 periodical commit 2010-05-21 09:35:36 +00:00
Miroslav Stampar
b8a5a54395 minor update 2010-05-15 20:44:08 +00:00
Miroslav Stampar
4984ceac49 some code refactoring and minor speed up (jump prediction rule) 2010-05-14 15:20:34 +00:00
Miroslav Stampar
5396f13bab added CPU throttling for lowering sqlmap's CPU intensivity 2010-05-13 15:19:28 +00:00
Bernardo Damele
44ea8f1861 Minor adjustment 2010-05-06 11:00:58 +00:00
Bernardo Damele
147e14356d Major bug fix (reported by Thierry Zoller) 2010-05-06 10:52:40 +00:00
Miroslav Stampar
4928c684b3 one more thing 2010-05-04 08:45:10 +00:00
Miroslav Stampar
789dd6c66f more quick fixes 2010-05-04 08:43:14 +00:00