Miroslav Stampar
fda8752dca
revert of some HTTP headers handling
2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483
More replacements for refactoring.
...
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
875781bf97
another minor fix
2010-11-08 11:55:56 +00:00
Miroslav Stampar
4a4a3051e5
fix
2010-11-08 11:39:07 +00:00
Miroslav Stampar
a3de10e3a2
new option -t
2010-11-08 11:22:47 +00:00
Miroslav Stampar
0d0e2a2228
minor update
2010-11-08 09:49:57 +00:00
Miroslav Stampar
d551423379
further enum refactoring
2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a
refactoring regarding injection place (more left)
2010-11-08 08:02:36 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Bernardo Damele
a96467b3e2
Refactoring
2010-11-07 21:55:24 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
508b9cc763
dynamicity engine update
2010-11-07 00:12:00 +00:00
Miroslav Stampar
ef1809464d
bug fix for that BadStatusLine ( http://bugs.python.org/issue8450 )
2010-11-05 11:58:20 +00:00
Miroslav Stampar
6295a59a30
minor update/fix
2010-11-05 11:39:35 +00:00
Miroslav Stampar
5f7f4bf15b
minor debug update (probably temporary)
2010-11-05 11:04:00 +00:00
Bernardo Damele
b152b1a04d
Cosmetics
2010-11-03 22:07:13 +00:00
Miroslav Stampar
71d0b1bcd7
several bug fixes
2010-11-03 21:51:36 +00:00
Bernardo Damele
3eda4510e2
Properly encode the cookie
2010-10-31 11:26:33 +00:00
Bernardo Damele
3a48bee9b0
Minor code refactoring
2010-10-31 11:03:59 +00:00
Bernardo Damele
8cf0ebde1e
Cosmetics
2010-10-29 23:00:48 +00:00
Miroslav Stampar
cbf38436f2
minor update
2010-10-29 16:15:23 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Miroslav Stampar
895efd28a6
one more update regarding Bug #205
2010-10-28 23:22:13 +00:00
Miroslav Stampar
788eb8fb50
update regarding Bug #205
2010-10-28 22:59:51 +00:00
Miroslav Stampar
228ac0cde5
refactoring regarding --check-payload
2010-10-25 18:38:54 +00:00
Miroslav Stampar
378653a1ec
added IDS payload testing
2010-10-25 15:37:43 +00:00
Miroslav Stampar
2668c95ef4
added default HTTP version used by httplib and urllib2
2010-10-21 09:10:07 +00:00
Miroslav Stampar
8b8fff41fe
cosmetics (adding html parsed DBMS) regarding heuristic check
2010-10-18 12:11:16 +00:00
Bernardo Damele
36bc410333
Minor bug fix
2010-10-18 09:50:23 +00:00
Miroslav Stampar
149837ebf5
added the same for proxy authorization header
2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e
fix for Bug #202
2010-10-18 08:54:08 +00:00
Miroslav Stampar
dcb9c2103a
just in case update
2010-10-15 11:20:19 +00:00
Bernardo Damele
5f6d88a418
Minor comment
2010-10-15 11:17:17 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
162d01abed
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
2010-10-14 11:06:28 +00:00
Miroslav Stampar
dc50543ea4
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
2010-10-13 23:01:23 +00:00
Miroslav Stampar
36ef8ca575
bug fix
2010-10-13 22:42:48 +00:00
Miroslav Stampar
02a14d4c45
added Referer (part of Feature #37 )
2010-10-13 22:08:09 +00:00
Miroslav Stampar
34580f56fc
added --tamper option
2010-10-12 22:45:25 +00:00
Miroslav Stampar
43892cddbb
some updates
2010-10-11 12:26:35 +00:00
Miroslav Stampar
8fcad29bbf
new feature --forms (still unfinished)
2010-10-10 18:56:43 +00:00
Miroslav Stampar
adf2231edb
minor update
2010-10-06 13:38:03 +00:00
Miroslav Stampar
cf17debf79
changed connection message priority to critical (when verbose=0 it's displayed too)
2010-09-27 13:34:52 +00:00
Miroslav Stampar
13bb3a6212
minor update
2010-09-23 14:07:23 +00:00
Miroslav Stampar
da8ae5578b
first commit regarding Feature #144
2010-09-22 11:56:35 +00:00
Miroslav Stampar
975b96ae28
minor refactoring
2010-09-16 09:47:33 +00:00
Miroslav Stampar
1741801ade
implementation of HEAD/Range methods
2010-09-16 09:32:09 +00:00
Miroslav Stampar
b745331974
added null connection check
2010-09-16 08:43:10 +00:00
Miroslav Stampar
ecd6b573f7
added method parameter to the queryPage function
2010-09-15 14:17:17 +00:00
Miroslav Stampar
34a8cd75e3
added support for setting HTTP method manualy
2010-09-15 12:45:41 +00:00
Miroslav Stampar
436b7d82fb
fixed a bug reported by Marek Sarvas
2010-08-22 08:52:15 +00:00
Bernardo Damele
fea2414759
Display HTTP request in -v>=3 even if connection failed
2010-06-10 14:42:17 +00:00
Bernardo Damele
5bb8e154eb
Minor code improvements
2010-06-10 14:15:32 +00:00
Miroslav Stampar
36953221f8
few quick changes
2010-06-10 11:34:17 +00:00
Miroslav Stampar
eaef068c90
major bug fix (different HTTP content charsets are now properly handled)
2010-06-09 14:40:36 +00:00
Bernardo Damele
e811101dce
Minor bug fix
2010-05-28 23:39:52 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Bernardo Damele
cda8da288c
Minor adjustment
2010-05-21 12:18:43 +00:00
Miroslav Stampar
f6bffb61d3
minor adjustment
2010-05-21 11:51:43 +00:00
Miroslav Stampar
460a1ba872
fix for my imperfect calculations :)
2010-05-21 11:41:49 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Miroslav Stampar
b8a5a54395
minor update
2010-05-15 20:44:08 +00:00
Miroslav Stampar
4984ceac49
some code refactoring and minor speed up (jump prediction rule)
2010-05-14 15:20:34 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Bernardo Damele
44ea8f1861
Minor adjustment
2010-05-06 11:00:58 +00:00
Bernardo Damele
147e14356d
Major bug fix (reported by Thierry Zoller)
2010-05-06 10:52:40 +00:00
Miroslav Stampar
4928c684b3
one more thing
2010-05-04 08:45:10 +00:00
Miroslav Stampar
789dd6c66f
more quick fixes
2010-05-04 08:43:14 +00:00
Miroslav Stampar
af701cdaa2
better way to handle that last commit problem
2010-05-04 08:36:35 +00:00
Miroslav Stampar
5bc07426e0
added exception handler around block reported by Thierry Zoller
2010-05-04 08:03:48 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Miroslav Stampar
1aeaa5db47
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
2010-04-16 12:44:47 +00:00
Miroslav Stampar
63c70018ca
fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com
2010-04-09 10:16:15 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
bfc12e93c5
ms access returns -1 for True
2010-03-30 11:33:51 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
8e57767c48
Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET
2010-03-23 10:27:39 +00:00
Bernardo Damele
466df89c4a
Fixes #178 and #179 - proper handling of custom redirects
2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b
Revert last commit
2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d
Fix for Issue #177
2010-03-16 13:11:44 +00:00
Bernardo Damele
323cf2b7f2
Fixes #177 - Don't exit at exception if in "multiple targets" mode (-l or -g)
2010-03-16 12:14:02 +00:00
Bernardo Damele
6d0ea86414
Fixes #59 - proper customizable redirect (302 and 301)
2010-03-15 14:24:43 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Miroslav Stampar
a0f5c3d885
minor update
2010-02-25 13:45:28 +00:00
Miroslav Stampar
3e152f8b20
minor code refactoring
2010-02-25 13:33:52 +00:00
Miroslav Stampar
28d5248c04
one more fix regarding localhost/global proxy issue
2010-02-25 13:30:22 +00:00
Miroslav Stampar
542b01993e
minor fix regarding exception handling of multi-part post handler
2010-02-09 14:02:47 +00:00
Miroslav Stampar
7c88e32f9d
bug fix for 404 program termination during shell upload attempt
2010-02-03 16:16:34 +00:00
Miroslav Stampar
98205cc488
another fix for Bug #148
2010-01-23 23:29:34 +00:00
Miroslav Stampar
39652bfbf4
update regarding Unicode char logging (Bug #148 )
2010-01-23 15:36:55 +00:00
Bernardo Damele
574880ba73
Warn user of HTTP error codes in HTTP responses
2010-01-19 10:27:54 +00:00
Bernardo Damele
c18a5cb92f
Fixed a minor bug when displaying requested page in -v >= 3
2010-01-16 21:47:52 +00:00
Miroslav Stampar
26c7b74e65
changes regarding Data (GET/POST/Cookie) encoding (Bug #129 )
2010-01-14 18:05:03 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
9c620da0a5
Minor fix
2009-12-31 12:34:18 +00:00
Bernardo Damele
c1c14dabd9
Minor bug fix
2009-12-21 11:21:18 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00