Miroslav Stampar
|
9a7fd29d4f
|
using pushValue and popValue
|
2010-10-18 22:22:41 +00:00 |
|
Miroslav Stampar
|
a97319656c
|
optimization - now if DBMS was detected by error based HTML parser, then it's moved at the first place for testing
|
2010-10-18 21:47:11 +00:00 |
|
Miroslav Stampar
|
729156e91c
|
proper fix
|
2010-10-18 21:39:46 +00:00 |
|
Miroslav Stampar
|
3d5494845c
|
minor bug fix
|
2010-10-18 21:32:50 +00:00 |
|
Miroslav Stampar
|
8b8fff41fe
|
cosmetics (adding html parsed DBMS) regarding heuristic check
|
2010-10-18 12:11:16 +00:00 |
|
Bernardo Damele
|
1d74036ee3
|
Minor cosmetic fixes
|
2010-10-18 11:34:53 +00:00 |
|
Bernardo Damele
|
36bc410333
|
Minor bug fix
|
2010-10-18 09:50:23 +00:00 |
|
Miroslav Stampar
|
6b70dadfb2
|
minor cosmetics
|
2010-10-18 09:09:22 +00:00 |
|
Miroslav Stampar
|
149837ebf5
|
added the same for proxy authorization header
|
2010-10-18 09:02:56 +00:00 |
|
Miroslav Stampar
|
aaebb4336e
|
fix for Bug #202
|
2010-10-18 08:54:08 +00:00 |
|
Bernardo Damele
|
683184cc8f
|
Minor refactoring
|
2010-10-17 21:06:52 +00:00 |
|
Bernardo Damele
|
cd0fe8dde0
|
Updated sample configuration file and cmdline help
|
2010-10-17 00:07:53 +00:00 |
|
Bernardo Damele
|
64b9f94fcf
|
Renamed --common-prediction switch to --predict-output
|
2010-10-16 23:50:13 +00:00 |
|
Bernardo Damele
|
f54c134d22
|
Minor adjustment
|
2010-10-16 22:43:05 +00:00 |
|
Bernardo Damele
|
6211915da5
|
Cosmetic fix
|
2010-10-16 22:31:16 +00:00 |
|
Bernardo Damele
|
7b71262de6
|
Cosmetic fix
|
2010-10-16 22:07:29 +00:00 |
|
Bernardo Damele
|
a2997a6dce
|
Minor bug fix to --tamper
|
2010-10-16 21:55:34 +00:00 |
|
Bernardo Damele
|
2129935e06
|
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
|
2010-10-16 21:52:16 +00:00 |
|
Bernardo Damele
|
2dae934a2b
|
Minor bug fixes, code refactoring and enhanced --tamper functionality
|
2010-10-16 21:33:15 +00:00 |
|
Bernardo Damele
|
84ed7f192a
|
Cosmetic fixes
|
2010-10-16 15:10:48 +00:00 |
|
Miroslav Stampar
|
1336b97c2c
|
removed --useBetween switch and added new tampering module ./tamper/between.py
|
2010-10-15 23:48:07 +00:00 |
|
Miroslav Stampar
|
1ae4d0fc2a
|
added optimization group
|
2010-10-15 23:26:48 +00:00 |
|
Bernardo Damele
|
e7c8be1d45
|
Minor layout adjustments
|
2010-10-15 15:37:15 +00:00 |
|
Miroslav Stampar
|
c9f0c75030
|
removed --space (usage of tampering modules is now a prefered way to do it)
|
2010-10-15 12:52:33 +00:00 |
|
Miroslav Stampar
|
d0514d18ec
|
removed that spaces from URI payloads
|
2010-10-15 12:49:03 +00:00 |
|
Bernardo Damele
|
bf56f8c63c
|
Cosmetic fix
|
2010-10-15 12:46:41 +00:00 |
|
Miroslav Stampar
|
dcb9c2103a
|
just in case update
|
2010-10-15 11:20:19 +00:00 |
|
Bernardo Damele
|
5f6d88a418
|
Minor comment
|
2010-10-15 11:17:17 +00:00 |
|
Miroslav Stampar
|
2fa8836c01
|
bug fix
|
2010-10-15 11:14:59 +00:00 |
|
Miroslav Stampar
|
d50684a057
|
added one more check
|
2010-10-15 11:05:50 +00:00 |
|
Miroslav Stampar
|
2b476e078c
|
minor cosmetics
|
2010-10-15 10:36:29 +00:00 |
|
Bernardo Damele
|
a80f6110cd
|
don't call variables 'file', it's a reserved word :)
|
2010-10-15 10:29:24 +00:00 |
|
Bernardo Damele
|
c5e385f77a
|
More layout adjustments
|
2010-10-15 10:28:34 +00:00 |
|
Bernardo Damele
|
9fcab68700
|
Minor adjustments
|
2010-10-15 10:28:06 +00:00 |
|
Bernardo Damele
|
48cc8a308d
|
More verbose messages on successful --null-connection
|
2010-10-15 10:24:54 +00:00 |
|
Miroslav Stampar
|
0f48dd6f73
|
fix for skipping non-GET urls
|
2010-10-15 09:54:29 +00:00 |
|
Miroslav Stampar
|
207bef7f19
|
fix for that SQLite3 vs SQLite2 issue
|
2010-10-15 09:39:41 +00:00 |
|
Miroslav Stampar
|
d0df8cdac9
|
fix for that duplicates
|
2010-10-15 00:34:16 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Bernardo Damele
|
1674142d82
|
Minor cosmetic fixes
|
2010-10-14 15:28:54 +00:00 |
|
Miroslav Stampar
|
2bbe0c9ba6
|
bug fix for Ctrl+C
|
2010-10-14 15:23:42 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
f07608ef4d
|
show static words in a sorted manner
|
2010-10-14 12:38:06 +00:00 |
|
Miroslav Stampar
|
162d01abed
|
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
|
2010-10-14 11:06:28 +00:00 |
|
Miroslav Stampar
|
7e1f784eaa
|
cosmetic update
|
2010-10-14 06:00:10 +00:00 |
|
Miroslav Stampar
|
dc50543ea4
|
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
|
2010-10-13 23:01:23 +00:00 |
|
Miroslav Stampar
|
36ef8ca575
|
bug fix
|
2010-10-13 22:42:48 +00:00 |
|
Miroslav Stampar
|
02a14d4c45
|
added Referer (part of Feature #37)
|
2010-10-13 22:08:09 +00:00 |
|
Miroslav Stampar
|
43a3ac2c3a
|
some bug fixes
|
2010-10-13 20:54:18 +00:00 |
|
Miroslav Stampar
|
f700692c74
|
added missing files for Sybase
|
2010-10-13 18:55:17 +00:00 |
|
Miroslav Stampar
|
562df9c107
|
temporary fix (files left at home)
|
2010-10-13 07:39:48 +00:00 |
|
Miroslav Stampar
|
34580f56fc
|
added --tamper option
|
2010-10-12 22:45:25 +00:00 |
|
Miroslav Stampar
|
9a08f7feb8
|
minor update
|
2010-10-12 20:01:59 +00:00 |
|
Miroslav Stampar
|
d2ec132469
|
added --text-only switch
|
2010-10-12 19:41:29 +00:00 |
|
Miroslav Stampar
|
f9f79ffbaf
|
basic stuff for sybase
|
2010-10-12 19:05:12 +00:00 |
|
Miroslav Stampar
|
9ffa928783
|
added some user interaction when page is dynamic
|
2010-10-12 15:49:04 +00:00 |
|
Miroslav Stampar
|
b748e6ea44
|
minor update
|
2010-10-12 12:52:06 +00:00 |
|
Miroslav Stampar
|
73b77255e3
|
minor cosmetic update
|
2010-10-12 12:32:02 +00:00 |
|
Miroslav Stampar
|
6dcd05c39c
|
minor update
|
2010-10-11 14:38:04 +00:00 |
|
Miroslav Stampar
|
e2bbfbe650
|
bug fix
|
2010-10-11 14:32:02 +00:00 |
|
Miroslav Stampar
|
1369529103
|
minor cosmetic update
|
2010-10-11 13:52:32 +00:00 |
|
Miroslav Stampar
|
43892cddbb
|
some updates
|
2010-10-11 12:26:35 +00:00 |
|
Miroslav Stampar
|
8b0a132fa9
|
minor update
|
2010-10-11 11:47:07 +00:00 |
|
Miroslav Stampar
|
2198a60684
|
bug fix (reported by james@ev6.net)
|
2010-10-10 20:51:11 +00:00 |
|
Miroslav Stampar
|
7a5bb2b0d6
|
update
|
2010-10-10 19:50:10 +00:00 |
|
Miroslav Stampar
|
8fcad29bbf
|
new feature --forms (still unfinished)
|
2010-10-10 18:56:43 +00:00 |
|
Miroslav Stampar
|
18d27cabc5
|
more changes
|
2010-10-07 15:34:17 +00:00 |
|
Miroslav Stampar
|
440ff639bb
|
more refactoring
|
2010-10-07 14:05:34 +00:00 |
|
Miroslav Stampar
|
e80a66acc5
|
minor update
|
2010-10-07 12:21:59 +00:00 |
|
Miroslav Stampar
|
1e9ae40397
|
major refactoring
|
2010-10-07 12:12:26 +00:00 |
|
Miroslav Stampar
|
1bf8939e2f
|
further updates
|
2010-10-06 22:43:04 +00:00 |
|
Miroslav Stampar
|
de6fa1247b
|
moved injections to xml format
|
2010-10-06 22:29:52 +00:00 |
|
Miroslav Stampar
|
adf2231edb
|
minor update
|
2010-10-06 13:38:03 +00:00 |
|
Miroslav Stampar
|
56dbf0038f
|
minor update (for future implementation of more advanced error page logic)
|
2010-10-06 12:10:00 +00:00 |
|
Miroslav Stampar
|
cbe7c902c1
|
just a development start of an error based injection support
|
2010-10-04 13:05:51 +00:00 |
|
Miroslav Stampar
|
0ad8090ad8
|
fix for a google bug reported by Brandon E.
|
2010-10-01 08:03:39 +00:00 |
|
Miroslav Stampar
|
49915f3c33
|
minor update
|
2010-09-30 19:49:14 +00:00 |
|
Miroslav Stampar
|
8abcdae1b5
|
some update
|
2010-09-30 19:45:23 +00:00 |
|
Miroslav Stampar
|
87abec16bd
|
probable fix for a bug reported by Prashant Jadhav
|
2010-09-30 18:52:33 +00:00 |
|
Miroslav Stampar
|
cf8e92699c
|
changes regarding EXISTS feature
|
2010-09-30 12:35:45 +00:00 |
|
Miroslav Stampar
|
c6bf0e43af
|
minor update
|
2010-09-27 13:41:18 +00:00 |
|
Miroslav Stampar
|
cf17debf79
|
changed connection message priority to critical (when verbose=0 it's displayed too)
|
2010-09-27 13:34:52 +00:00 |
|
Miroslav Stampar
|
3cd15960a0
|
more updates
|
2010-09-27 13:26:46 +00:00 |
|
Miroslav Stampar
|
1da672e3c5
|
added default="False" to "store_true" parameters as it's a prefered way by http://docs.python.org/library/optparse.html
|
2010-09-27 13:23:29 +00:00 |
|
Miroslav Stampar
|
3b9fe3e1c8
|
everything is ready for testing (smoke and live)
|
2010-09-27 11:20:48 +00:00 |
|
Miroslav Stampar
|
dc11ae0d65
|
update
|
2010-09-26 14:56:55 +00:00 |
|
Miroslav Stampar
|
35f35605df
|
changes regarding Feature #160
|
2010-09-26 14:02:13 +00:00 |
|
Miroslav Stampar
|
99d9f9e624
|
update for smoke testing
|
2010-09-26 10:47:04 +00:00 |
|
Miroslav Stampar
|
2e5f269650
|
update regarding --space option
|
2010-09-24 22:35:32 +00:00 |
|
Miroslav Stampar
|
9cd5d3bde7
|
added new option --space
|
2010-09-24 21:59:03 +00:00 |
|
Miroslav Stampar
|
327bfcbe97
|
update regarding Feature #61
|
2010-09-24 14:34:05 +00:00 |
|
Miroslav Stampar
|
b6ff03690f
|
update regarding Feature #61
|
2010-09-24 13:34:46 +00:00 |
|
Miroslav Stampar
|
abe1289016
|
minor update
|
2010-09-24 13:20:51 +00:00 |
|
Miroslav Stampar
|
48e0261e68
|
update for Feature #61
|
2010-09-24 13:19:35 +00:00 |
|
Miroslav Stampar
|
ff419f7384
|
more changes regarding path (URI) injection
|
2010-09-24 09:19:14 +00:00 |
|
Miroslav Stampar
|
e4925eb3dd
|
update
|
2010-09-23 21:57:11 +00:00 |
|
Miroslav Stampar
|
13bb3a6212
|
minor update
|
2010-09-23 14:07:23 +00:00 |
|
Miroslav Stampar
|
927ad7bf13
|
update
|
2010-09-22 12:21:21 +00:00 |
|
Miroslav Stampar
|
da8ae5578b
|
first commit regarding Feature #144
|
2010-09-22 11:56:35 +00:00 |
|
Miroslav Stampar
|
540a9b391f
|
stripped some trailing spaces
|
2010-09-16 13:19:13 +00:00 |
|
Miroslav Stampar
|
8cf1aa6abe
|
added keepAlive under -o switch too
|
2010-09-16 10:41:52 +00:00 |
|
Miroslav Stampar
|
4fd7db52dd
|
minor update
|
2010-09-16 10:23:51 +00:00 |
|
Miroslav Stampar
|
6259114c02
|
added optimization switch (-o)
|
2010-09-16 10:12:53 +00:00 |
|
Miroslav Stampar
|
bfffd5e333
|
added --null-connection as an experimental option
|
2010-09-16 10:01:33 +00:00 |
|
Miroslav Stampar
|
975b96ae28
|
minor refactoring
|
2010-09-16 09:47:33 +00:00 |
|
Miroslav Stampar
|
1741801ade
|
implementation of HEAD/Range methods
|
2010-09-16 09:32:09 +00:00 |
|
Miroslav Stampar
|
b745331974
|
added null connection check
|
2010-09-16 08:43:10 +00:00 |
|
Miroslav Stampar
|
ecd6b573f7
|
added method parameter to the queryPage function
|
2010-09-15 14:17:17 +00:00 |
|
Miroslav Stampar
|
9a72a25704
|
again minor update
|
2010-09-15 13:59:55 +00:00 |
|
Miroslav Stampar
|
76233ff5a3
|
added skeleton for live testing
|
2010-09-15 13:55:28 +00:00 |
|
Miroslav Stampar
|
53800ef65f
|
more refactoring
|
2010-09-15 13:32:42 +00:00 |
|
Miroslav Stampar
|
abc12bc361
|
more refactoring
|
2010-09-15 13:28:56 +00:00 |
|
Miroslav Stampar
|
682872689a
|
some more refactoring
|
2010-09-15 12:59:51 +00:00 |
|
Miroslav Stampar
|
91a0b5df3c
|
minor update
|
2010-09-15 12:52:28 +00:00 |
|
Miroslav Stampar
|
b699f98cbb
|
minor refactoring
|
2010-09-15 12:51:02 +00:00 |
|
Miroslav Stampar
|
34a8cd75e3
|
added support for setting HTTP method manualy
|
2010-09-15 12:45:41 +00:00 |
|
Miroslav Stampar
|
798ab4989b
|
fix for a Bug #200
|
2010-09-14 10:35:01 +00:00 |
|
Miroslav Stampar
|
77a53228c5
|
changes regarding dynamic content recognition
|
2010-09-13 21:01:46 +00:00 |
|
Miroslav Stampar
|
c886659f82
|
fix
|
2010-09-13 15:24:56 +00:00 |
|
Miroslav Stampar
|
827cd1d56b
|
minor fix
|
2010-09-13 15:22:29 +00:00 |
|
Miroslav Stampar
|
2350a3c74d
|
minor change
|
2010-09-13 15:20:13 +00:00 |
|
Miroslav Stampar
|
cdc6bdcbe8
|
changes
|
2010-09-13 15:19:47 +00:00 |
|
Miroslav Stampar
|
19fb2e3dcf
|
fix for Bug #165
|
2010-09-13 13:31:01 +00:00 |
|
Miroslav Stampar
|
61120b0bac
|
minor comment added
|
2010-09-09 14:08:53 +00:00 |
|
Miroslav Stampar
|
53289c6a42
|
fix for bug reported by Marek Sarvas (unicode)
|
2010-09-09 14:03:45 +00:00 |
|
Miroslav Stampar
|
1b3d287a09
|
fix for a bug reported by shaohua pan (and one other bug)
|
2010-09-07 10:21:42 +00:00 |
|
Miroslav Stampar
|
27d76847fe
|
fix for bug reported by Truong Duc Luong
|
2010-09-01 08:46:21 +00:00 |
|
Miroslav Stampar
|
e810fe7b0b
|
no need for obsolete (and hard to find) sqlite module when sqlite3 handles both database versions
|
2010-08-31 13:37:53 +00:00 |
|
Miroslav Stampar
|
f5953bacc0
|
fix for direct connection parsing (now on windows machines python sqlmap.py -d access://C:\testdb.mdb is valid, while before it wasn't)
|
2010-08-30 16:35:28 +00:00 |
|
Miroslav Stampar
|
48cc87f6a9
|
added support for fingerprinting SAP MaxDB (Issue 143)
|
2010-08-30 13:29:19 +00:00 |
|
Miroslav Stampar
|
436b7d82fb
|
fixed a bug reported by Marek Sarvas
|
2010-08-22 08:52:15 +00:00 |
|
Miroslav Stampar
|
2cd8f31003
|
some doc test samples included
|
2010-08-20 21:27:47 +00:00 |
|
Miroslav Stampar
|
4edf6ebe00
|
update for smoke tests
|
2010-08-20 21:01:51 +00:00 |
|
Miroslav Stampar
|
8aa12db425
|
added option --proxy-cred for setting proxy credentials (Feature #195)
|
2010-08-18 22:45:00 +00:00 |
|
Miroslav Stampar
|
70197affa0
|
little update (--ratio has a bigger priority then resumed value)
|
2010-08-10 19:57:59 +00:00 |
|
Miroslav Stampar
|
057ec8a6b2
|
added --ratio option for direct manipulation of conf.matchRatio parameter
|
2010-08-10 19:53:29 +00:00 |
|
Miroslav Stampar
|
02523dbfb5
|
fix of fix
|
2010-08-09 22:13:56 +00:00 |
|
Miroslav Stampar
|
6eab7997d1
|
fix for bug reported by dragoun dash (TypeError: sequence item 0: expected string, NoneType found)
|
2010-08-08 22:25:33 +00:00 |
|
Miroslav Stampar
|
e0fe5d1504
|
bug fix for error reported by Marek Sarvas (error data)
|
2010-08-08 21:48:22 +00:00 |
|
Miroslav Stampar
|
0cab4a5355
|
fix for bug reported by m4l1c3 (UnicodeEncodeError)
|
2010-08-08 21:22:37 +00:00 |
|
Miroslav Stampar
|
8cb95583e3
|
some more adjustments
|
2010-07-30 12:59:44 +00:00 |
|
Miroslav Stampar
|
7dcc2031ac
|
smoke test adjustments
|
2010-07-30 12:57:58 +00:00 |
|
Miroslav Stampar
|
092829c189
|
implemented basic smoke testing mechanism
|
2010-07-30 12:49:25 +00:00 |
|
Miroslav Stampar
|
28d9115373
|
fix for Feature #187 (Skip duplicates parameters in -g)
|
2010-07-29 20:01:04 +00:00 |
|
Miroslav Stampar
|
6a6ff09c9a
|
fix for a bug reported by Marek Sarvas
|
2010-07-26 08:11:28 +00:00 |
|
Miroslav Stampar
|
c39d819dd2
|
fix for a resume bug reported by Augusto Urbieta
|
2010-07-20 08:13:02 +00:00 |
|
Miroslav Stampar
|
d2f88b6ebe
|
detecting infinite redirect loops (Feature #192)
|
2010-07-19 12:38:30 +00:00 |
|
Miroslav Stampar
|
b37dca1c2c
|
minor adjustment
|
2010-07-19 09:06:19 +00:00 |
|
Miroslav Stampar
|
9edd468caf
|
multithreading save to session on abort
|
2010-07-19 08:37:45 +00:00 |
|
Miroslav Stampar
|
48a67d6d51
|
fix for "unknown charset 'windows-874'" reported by Phat R.
|
2010-07-15 08:44:42 +00:00 |
|
Bernardo Damele
|
49af0c43a5
|
Forgot
|
2010-07-01 15:26:18 +00:00 |
|
Bernardo Damele
|
7349f3a70f
|
Closes #197
|
2010-07-01 15:25:57 +00:00 |
|
Miroslav Stampar
|
bb9401ba52
|
minor minor fixup
|
2010-07-01 14:14:43 +00:00 |
|
Miroslav Stampar
|
9d28ae23ca
|
fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)
|
2010-07-01 14:11:45 +00:00 |
|
Bernardo Damele
|
8dfe08a353
|
Minor bug fix to -d
|
2010-07-01 10:44:31 +00:00 |
|
Miroslav Stampar
|
0d08903bc3
|
some charset fix up
|
2010-06-30 12:09:33 +00:00 |
|
Bernardo Damele
|
24428c1a1b
|
Added warning message if both --proxy and --keep-alive are provided
|
2010-06-30 11:41:42 +00:00 |
|
Bernardo Damele
|
d40a238335
|
Make --keep-alive public
|
2010-06-30 11:29:35 +00:00 |
|
Bernardo Damele
|
8625763c07
|
Minor code refactoring
|
2010-06-30 11:22:25 +00:00 |
|
Bernardo Damele
|
c33f3ef844
|
Minor adjustment to HTTP headers handling
|
2010-06-29 23:51:44 +00:00 |
|
Bernardo Damele
|
fb9f669544
|
More verbose comments
|
2010-06-29 21:10:33 +00:00 |
|
Bernardo Damele
|
8576817a2b
|
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196.
|
2010-06-29 21:07:23 +00:00 |
|
Bernardo Damele
|
ea45d75f2d
|
Major bug fix to parse and store all HTTP headers from the request file (-r)
|
2010-06-29 21:06:03 +00:00 |
|
Bernardo Damele
|
7cad3cbda6
|
Minor code refactoring
|
2010-06-28 13:47:20 +00:00 |
|
Bernardo Damele
|
9ea72f9640
|
Minor bug fixes to -d
|
2010-06-25 13:24:43 +00:00 |
|
Miroslav Stampar
|
ccfc9b0fec
|
fix for that bug linux man reported (UnicodeEncodeError inside raw_input)
|
2010-06-23 07:30:15 +00:00 |
|
Bernardo Damele
|
17e228024b
|
Minor enhancements and bug fixes to "good samaritan" feature - see #4
|
2010-06-21 14:40:12 +00:00 |
|
Bernardo Damele
|
b98f6ac71c
|
Minor layout adjustment
|
2010-06-17 13:27:43 +00:00 |
|
Bernardo Damele
|
fd76f048b6
|
Added common pattern value support to bisection algorithm
|
2010-06-17 11:38:32 +00:00 |
|
Bernardo Damele
|
9bce22683b
|
Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)
|
2010-06-11 10:08:19 +00:00 |
|
Bernardo Damele
|
c23ea4c749
|
--keep-alive is not compatible with --proxy
|
2010-06-10 21:19:45 +00:00 |
|
Bernardo Damele
|
75dc44deb8
|
Minor adjustments
|
2010-06-10 15:34:28 +00:00 |
|
Miroslav Stampar
|
35642a0450
|
some more adjustments
|
2010-06-10 15:03:08 +00:00 |
|
Miroslav Stampar
|
1b30c46348
|
fix for an bug reported by David Guimaraes
|
2010-06-10 14:52:33 +00:00 |
|
Bernardo Damele
|
fea2414759
|
Display HTTP request in -v>=3 even if connection failed
|
2010-06-10 14:42:17 +00:00 |
|
Bernardo Damele
|
5bb8e154eb
|
Minor code improvements
|
2010-06-10 14:15:32 +00:00 |
|
Bernardo Damele
|
d3c8e461cf
|
Minor layout adjustments
|
2010-06-10 14:14:56 +00:00 |
|
Miroslav Stampar
|
ac55e1b75f
|
fix for localhost firebird direct db access
|
2010-06-10 12:02:48 +00:00 |
|
Miroslav Stampar
|
36953221f8
|
few quick changes
|
2010-06-10 11:34:17 +00:00 |
|
Miroslav Stampar
|
c398353e06
|
support for loading 'faulty character set' session files
|
2010-06-09 16:07:47 +00:00 |
|
Miroslav Stampar
|
eaef068c90
|
major bug fix (different HTTP content charsets are now properly handled)
|
2010-06-09 14:40:36 +00:00 |
|
Miroslav Stampar
|
38e5e342f8
|
added prettyprint module with fixed toprettyxml() method
|
2010-06-07 09:03:03 +00:00 |
|
Miroslav Stampar
|
9e76b847b3
|
fix regarding bug discovered by Andreas Constantinides
|
2010-06-04 17:07:17 +00:00 |
|
Miroslav Stampar
|
7fbeebc4d9
|
grammar fix
|
2010-06-03 08:55:13 +00:00 |
|
Miroslav Stampar
|
464f171a8c
|
added reusage of xml output and removed toprettyxml which has lots and lots of problems (output once stored is not usable any more from any xml parser/reader because it adds whitespaces all over the output just to be more 'human' readable)
|
2010-06-03 07:36:30 +00:00 |
|
Miroslav Stampar
|
bf071d33d2
|
some comments added
|
2010-06-02 15:18:33 +00:00 |
|
Miroslav Stampar
|
c470255c18
|
minor update
|
2010-06-02 14:56:39 +00:00 |
|
Miroslav Stampar
|
12a5ec9f3d
|
more unicode refactoring
|
2010-06-02 12:45:40 +00:00 |
|
Miroslav Stampar
|
2fb8bf3b6a
|
more dump/unicode cleanup
|
2010-06-02 12:31:36 +00:00 |
|
Bernardo Damele
|
64ad3b03be
|
Minor bug fix
|
2010-06-02 11:01:41 +00:00 |
|
Miroslav Stampar
|
17e0e83990
|
minor unimportant update
|
2010-06-02 08:34:57 +00:00 |
|
Miroslav Stampar
|
32a0ba9296
|
fixing unicode mess
|
2010-06-02 08:28:38 +00:00 |
|
Miroslav Stampar
|
eb94edc48c
|
added keepalive module
|
2010-06-01 12:21:10 +00:00 |
|
Miroslav Stampar
|
af2f184464
|
some comments regarding inference.py
|
2010-05-31 15:20:20 +00:00 |
|
Bernardo Damele
|
6df2d98fc9
|
Minor bug fix in common.py goGoodSamaritan().
Minor code cleanup and adjustments.
|
2010-05-31 15:05:29 +00:00 |
|
Miroslav Stampar
|
db7ede96fd
|
more updates/fixes
|
2010-05-31 11:11:53 +00:00 |
|
Miroslav Stampar
|
4bb5885413
|
some changes regarding --common-outputs feature
|
2010-05-31 09:41:41 +00:00 |
|
Miroslav Stampar
|
0450df8a77
|
added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session)
|
2010-05-31 08:13:08 +00:00 |
|
Bernardo Damele
|
b798222dd7
|
Minor fixes
|
2010-05-30 14:53:13 +00:00 |
|
Bernardo Damele
|
8be91a98cc
|
Minor bug fix and adjustment
|
2010-05-29 15:28:37 +00:00 |
|
Bernardo Damele
|
e98b049e7f
|
Added unicode support also to PostgreSQL connector - see #184.
|
2010-05-29 11:46:41 +00:00 |
|
Bernardo Damele
|
89c721a451
|
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
|
2010-05-29 10:10:28 +00:00 |
|
Bernardo Damele
|
84778f0e6c
|
Minor fix, leave like this
|
2010-05-29 08:58:55 +00:00 |
|
Miroslav Stampar
|
a4155269c5
|
bug fix (unicode(unicode) results in “TypeError: decoding Unicode is not supported” (http://www.red-mercury.com/blog/eclectic-tech/python-mystery-of-the-day/)
|
2010-05-29 07:25:38 +00:00 |
|
Miroslav Stampar
|
d3e527aba3
|
minor update
|
2010-05-29 07:13:54 +00:00 |
|
Bernardo Damele
|
e811101dce
|
Minor bug fix
|
2010-05-28 23:39:52 +00:00 |
|
Bernardo Damele
|
10521b68eb
|
Major bug fix in multipartpost and minor adjustments elsewhere
|
2010-05-28 23:12:20 +00:00 |
|
Bernardo Damele
|
06af405efd
|
Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
|
2010-05-28 16:43:04 +00:00 |
|
Bernardo Damele
|
a138dbe5f6
|
Minor bug fixes and code refactoring
|
2010-05-28 15:57:43 +00:00 |
|
Miroslav Stampar
|
919a8345d6
|
minor fix
|
2010-05-28 15:30:02 +00:00 |
|
Miroslav Stampar
|
ad3c425a18
|
quick fix
|
2010-05-28 15:26:55 +00:00 |
|
Miroslav Stampar
|
ac6ce478a0
|
just removing unneded and possible future source of confusion
|
2010-05-28 14:19:12 +00:00 |
|
Miroslav Stampar
|
accaf0b3bd
|
minor refactoring
|
2010-05-28 14:07:48 +00:00 |
|
Miroslav Stampar
|
0f5768cddf
|
more and more fixes
|
2010-05-28 14:04:34 +00:00 |
|
Miroslav Stampar
|
a3db3c03c1
|
str() -> unicode()
|
2010-05-28 13:05:02 +00:00 |
|
Miroslav Stampar
|
f24187f251
|
few fixes here and there
|
2010-05-28 12:47:03 +00:00 |
|
Bernardo Damele
|
7e78876f6a
|
Minor bug fix to parse properly also unicode characters from configuration file
|
2010-05-28 12:07:30 +00:00 |
|
Miroslav Stampar
|
94354d0862
|
removing previous fix
|
2010-05-28 11:53:27 +00:00 |
|
Miroslav Stampar
|
37b8d0c480
|
utf8 decoding of program arguments
|
2010-05-28 11:48:44 +00:00 |
|
Bernardo Damele
|
f26de89216
|
Minor bug fix to correctly deal with unicode queries with -d
|
2010-05-28 11:32:10 +00:00 |
|
Miroslav Stampar
|
655bd79fc4
|
some renaming
|
2010-05-28 10:50:54 +00:00 |
|
Miroslav Stampar
|
838762fb00
|
previous quick fix removal
|
2010-05-28 10:38:23 +00:00 |
|
Miroslav Stampar
|
7ef286a76f
|
some speed up
|
2010-05-28 10:33:09 +00:00 |
|
Miroslav Stampar
|
48c0f4f053
|
minor fix
|
2010-05-28 10:17:03 +00:00 |
|
Miroslav Stampar
|
4eccf1a25d
|
quick fix
|
2010-05-28 10:01:19 +00:00 |
|
Miroslav Stampar
|
f36e093fa7
|
minor update
|
2010-05-28 09:13:50 +00:00 |
|
Bernardo Damele
|
7e925bcfe8
|
Adapted code following last commit
|
2010-05-27 16:46:17 +00:00 |
|
Bernardo Damele
|
9de1671b8f
|
Code refactoring and minor bug fixes.
|
2010-05-27 16:45:09 +00:00 |
|
Miroslav Stampar
|
c431a74d9e
|
minor fix/adjustment regarding getCompiledRegex
|
2010-05-27 11:52:18 +00:00 |
|
Miroslav Stampar
|
ce29c841cf
|
some comments added
|
2010-05-26 11:14:22 +00:00 |
|
Miroslav Stampar
|
1a3dfd8ced
|
some more changes
|
2010-05-26 11:01:26 +00:00 |
|
Miroslav Stampar
|
bbdbe44e3f
|
fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)
|
2010-05-26 10:41:37 +00:00 |
|
Miroslav Stampar
|
7f0db26e99
|
more code updates regarding good samaritan (common output) feature
|
2010-05-26 09:48:20 +00:00 |
|
Miroslav Stampar
|
8ed76b3024
|
minor update regarding good samaritan
|
2010-05-25 14:51:02 +00:00 |
|
Miroslav Stampar
|
065d5b02ec
|
added singleValue parameter for good samaritan (same thing Bernardo wanted :)
|
2010-05-25 13:51:03 +00:00 |
|
Miroslav Stampar
|
056d1ad76e
|
new commit regarding good samaritan feature
|
2010-05-25 13:06:23 +00:00 |
|
Miroslav Stampar
|
dc83f794ea
|
fix regarding proper string isinstance checking (including unicode)
|
2010-05-25 10:09:35 +00:00 |
|
Miroslav Stampar
|
1f07db875d
|
fix for that float() report from Shaohua Pan
|
2010-05-24 20:12:37 +00:00 |
|
Bernardo Damele
|
a43eb64c5d
|
Minor refactoring
|
2010-05-24 15:46:12 +00:00 |
|
Miroslav Stampar
|
f718425cf4
|
minor fix
|
2010-05-24 11:18:47 +00:00 |
|
Miroslav Stampar
|
0197f8db5c
|
code refactoring regarding issue #184
|
2010-05-24 11:12:40 +00:00 |
|
Miroslav Stampar
|
e9be60e1ac
|
added support for proper unicode session(s) storage/retrieval
|
2010-05-24 11:00:49 +00:00 |
|
Miroslav Stampar
|
f34e6badfd
|
removed pdb
|
2010-05-24 09:29:16 +00:00 |
|
Miroslav Stampar
|
f0d3e6c565
|
fix
|
2010-05-24 09:28:20 +00:00 |
|
Miroslav Stampar
|
887352746b
|
some speedup (usage of xrange (virtual range) instead of range)
|
2010-05-23 22:14:57 +00:00 |
|
Miroslav Stampar
|
2c2d6d3623
|
operator fix
|
2010-05-23 21:35:42 +00:00 |
|
Miroslav Stampar
|
7dc1bf0324
|
quick (probably not final) fix for unicode inference (not yet tested)
|
2010-05-23 21:32:51 +00:00 |
|
Bernardo Damele
|
03fb84e29f
|
Minor enhancement to internal --profile function
|
2010-05-21 15:06:05 +00:00 |
|
Miroslav Stampar
|
20d05cc404
|
way to handle re.I (ignore case) while using getCompiledRegex
|
2010-05-21 15:03:40 +00:00 |
|
Miroslav Stampar
|
5d5ebd49b6
|
introducing regex caching mechanism
|
2010-05-21 14:42:59 +00:00 |
|
Miroslav Stampar
|
14cab8527e
|
minor adjustment
|
2010-05-21 14:25:38 +00:00 |
|
Miroslav Stampar
|
3110bb10fc
|
added test for site existance
|
2010-05-21 13:36:49 +00:00 |
|
Bernardo Damele
|
7ee20480a4
|
Added a TODO note
|
2010-05-21 13:24:23 +00:00 |
|
Bernardo Damele
|
319adef8c4
|
Minor adjustment
|
2010-05-21 13:19:50 +00:00 |
|
Miroslav Stampar
|
050015d2bb
|
minor adjustments
|
2010-05-21 13:15:21 +00:00 |
|
Miroslav Stampar
|
5a5b31ad53
|
minor code adjustment
|
2010-05-21 13:03:57 +00:00 |
|
Miroslav Stampar
|
64f2afe585
|
in a mood for more changes
|
2010-05-21 12:44:09 +00:00 |
|
Miroslav Stampar
|
219628aa01
|
quick fixes
|
2010-05-21 12:25:49 +00:00 |
|
Miroslav Stampar
|
78547bb79e
|
quick fix
|
2010-05-21 12:19:20 +00:00 |
|
Bernardo Damele
|
cda8da288c
|
Minor adjustment
|
2010-05-21 12:18:43 +00:00 |
|
Bernardo Damele
|
a21a7fc56d
|
Minor code refactoring
|
2010-05-21 12:09:31 +00:00 |
|
Miroslav Stampar
|
f6bffb61d3
|
minor adjustment
|
2010-05-21 11:51:43 +00:00 |
|
Miroslav Stampar
|
460a1ba872
|
fix for my imperfect calculations :)
|
2010-05-21 11:41:49 +00:00 |
|
Miroslav Stampar
|
9b91b30b69
|
minor refactoring
|
2010-05-21 10:41:30 +00:00 |
|
Miroslav Stampar
|
5f44696530
|
changes regarding putting of gprof2dot script inside extras and its usage
|
2010-05-21 10:30:11 +00:00 |
|
Miroslav Stampar
|
68e13c3872
|
periodical commit
|
2010-05-21 09:35:36 +00:00 |
|
Bernardo Damele
|
9c1d82c9f7
|
Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191.
|
2010-05-20 10:52:14 +00:00 |
|
Bernardo Damele
|
72fda2a3e4
|
Minor bug fix to correctly resuming --union-test results from session file.
|
2010-05-19 14:21:59 +00:00 |
|
Bernardo Damele
|
e0e2349529
|
Refactor to --search -C and minor bug fix - See #190.
|
2010-05-17 16:16:49 +00:00 |
|
Miroslav Stampar
|
e938331d8e
|
better regex used avoiding garbage google images
|
2010-05-15 22:02:28 +00:00 |
|
Miroslav Stampar
|
d20b99ed65
|
fix (google is changing that class r to class "r")
|
2010-05-15 21:51:31 +00:00 |
|
Miroslav Stampar
|
b8a5a54395
|
minor update
|
2010-05-15 20:44:08 +00:00 |
|
Miroslav Stampar
|
4984ceac49
|
some code refactoring and minor speed up (jump prediction rule)
|
2010-05-14 15:20:34 +00:00 |
|
Miroslav Stampar
|
ed20f1cf33
|
some more speed up (one time compilation of popular regexes)
|
2010-05-14 14:48:54 +00:00 |
|
Miroslav Stampar
|
3ead88c364
|
minor tweak
|
2010-05-14 14:36:54 +00:00 |
|
Miroslav Stampar
|
131789a6e4
|
some code refactoring
|
2010-05-14 14:21:13 +00:00 |
|
Miroslav Stampar
|
19a82e151c
|
minor cleanup
|
2010-05-14 14:03:33 +00:00 |
|
Miroslav Stampar
|
7107e8fd6a
|
optimization of CPU intensive sanitizeAsciiString
|
2010-05-14 13:55:25 +00:00 |
|
Miroslav Stampar
|
5396f13bab
|
added CPU throttling for lowering sqlmap's CPU intensivity
|
2010-05-13 15:19:28 +00:00 |
|
Miroslav Stampar
|
d96723a135
|
fix for Feature #157
|
2010-05-13 11:17:24 +00:00 |
|
Miroslav Stampar
|
ca3e12ae73
|
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
|
2010-05-13 11:05:35 +00:00 |
|
Miroslav Stampar
|
0a4c1f8aec
|
unfix (conf.timeSec is an integer - my fault)
|
2010-05-13 09:34:08 +00:00 |
|
Miroslav Stampar
|
2fdac83607
|
minor fix
|
2010-05-13 08:27:51 +00:00 |
|
Bernardo Damele
|
9efe001515
|
SQLite does not support BETWEEN
|
2010-05-12 22:02:47 +00:00 |
|
Miroslav Stampar
|
893bc04fe4
|
changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm)
|
2010-05-12 11:30:32 +00:00 |
|
Bernardo Damele
|
8b74c405f5
|
Minor output bug fix
|
2010-05-11 14:15:03 +00:00 |
|
Bernardo Damele
|
457d32c73e
|
Proper displaying of debug messages (-v >= 2)
|
2010-05-11 13:58:53 +00:00 |
|
Miroslav Stampar
|
1a8beebc8c
|
minor fix
|
2010-05-11 13:55:30 +00:00 |
|
Miroslav Stampar
|
1e5ecbaa97
|
speedup of initial session file handling
|
2010-05-11 13:36:30 +00:00 |
|
Miroslav Stampar
|
6752e66164
|
added charsetType=2 (integer) to queryOutputLength
|
2010-05-11 12:23:38 +00:00 |
|
Miroslav Stampar
|
430a25407b
|
fixed that thread partial output problem (one character behind) reported by Kasper Fons
|
2010-05-11 11:06:21 +00:00 |
|
Bernardo Damele
|
4c91b5a896
|
Minor fix
|
2010-05-10 14:18:41 +00:00 |
|
Bernardo Damele
|
65a05452f7
|
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190:
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
|
2010-05-07 13:40:57 +00:00 |
|
Bernardo Damele
|
44ea8f1861
|
Minor adjustment
|
2010-05-06 11:00:58 +00:00 |
|
Bernardo Damele
|
147e14356d
|
Major bug fix (reported by Thierry Zoller)
|
2010-05-06 10:52:40 +00:00 |
|
Miroslav Stampar
|
4928c684b3
|
one more thing
|
2010-05-04 08:45:10 +00:00 |
|
Miroslav Stampar
|
789dd6c66f
|
more quick fixes
|
2010-05-04 08:43:14 +00:00 |
|
Miroslav Stampar
|
af701cdaa2
|
better way to handle that last commit problem
|
2010-05-04 08:36:35 +00:00 |
|
Miroslav Stampar
|
5bc07426e0
|
added exception handler around block reported by Thierry Zoller
|
2010-05-04 08:03:48 +00:00 |
|
Bernardo Damele
|
90d9900371
|
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
|
2010-04-30 15:48:40 +00:00 |
|