Miroslav Stampar
|
527ce070a3
|
minor fix
|
2012-01-16 10:04:18 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
1d0b43b1a2
|
implemented mechanism for merging cookies by request
|
2012-01-11 14:28:08 +00:00 |
|
Miroslav Stampar
|
40398f358c
|
minor update
|
2012-01-05 14:55:23 +00:00 |
|
Miroslav Stampar
|
1f085a0241
|
now [SLEEPTIME] is changeable properly in vivo
|
2012-01-05 14:45:05 +00:00 |
|
Miroslav Stampar
|
ea87c89c25
|
minor fix
|
2012-01-03 23:44:56 +00:00 |
|
Miroslav Stampar
|
63bc4ce116
|
minor patch
|
2011-12-30 14:11:02 +00:00 |
|
Miroslav Stampar
|
c20546dcaa
|
minor refactoring
|
2011-12-26 12:24:39 +00:00 |
|
Miroslav Stampar
|
526aacb640
|
code cleanup
|
2011-12-21 22:59:23 +00:00 |
|
Miroslav Stampar
|
95cd9e2af3
|
adding support for scanning Host header values (-p host)
|
2011-12-20 12:52:41 +00:00 |
|
Miroslav Stampar
|
1b16b5e0f1
|
minor fix
|
2011-12-20 09:10:44 +00:00 |
|
Miroslav Stampar
|
c57941c102
|
minor beautification
|
2011-12-15 23:33:44 +00:00 |
|
Miroslav Stampar
|
563c0c1066
|
adding switch --tor-type
|
2011-12-15 23:19:55 +00:00 |
|
Miroslav Stampar
|
e6820ebbd2
|
minor update
|
2011-12-14 10:26:03 +00:00 |
|
Miroslav Stampar
|
364113441b
|
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
|
2011-12-14 10:19:45 +00:00 |
|
Miroslav Stampar
|
0f5d48ff20
|
minor update
|
2011-12-05 09:25:56 +00:00 |
|
Miroslav Stampar
|
9bc735963b
|
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))
|
2011-12-04 22:42:19 +00:00 |
|
Miroslav Stampar
|
b03a5e8928
|
people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value
|
2011-12-01 13:30:47 +00:00 |
|
Miroslav Stampar
|
3cd8f47686
|
minor bug fix
|
2011-11-29 17:17:06 +00:00 |
|
Miroslav Stampar
|
d958c2fe48
|
minor fix
|
2011-11-28 11:21:39 +00:00 |
|
Miroslav Stampar
|
ba4234dc42
|
switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)
|
2011-11-23 21:17:08 +00:00 |
|
Miroslav Stampar
|
4fa24ec704
|
minor improvement
|
2011-11-21 17:39:18 +00:00 |
|
Miroslav Stampar
|
65b2b0ad87
|
adding switch --eval
|
2011-11-21 16:41:02 +00:00 |
|
Miroslav Stampar
|
df0b451389
|
minor update
|
2011-11-20 23:17:57 +00:00 |
|
Miroslav Stampar
|
440b7efe55
|
minor optimization
|
2011-11-20 20:14:47 +00:00 |
|
Miroslav Stampar
|
b888829d12
|
minor update
|
2011-11-14 11:39:18 +00:00 |
|
Miroslav Stampar
|
ccbd93cc2e
|
fix for redirect/HOST header bug
|
2011-11-11 11:28:27 +00:00 |
|
Miroslav Stampar
|
1061c06617
|
improvement of redirecting code
|
2011-11-11 11:07:49 +00:00 |
|
Miroslav Stampar
|
e183437f0b
|
minor typo
|
2011-11-10 10:30:53 +00:00 |
|
Miroslav Stampar
|
62f8f8d36c
|
bug fix (thanks to zhen zhou)
|
2011-11-10 10:22:35 +00:00 |
|
Miroslav Stampar
|
c1486ed4be
|
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
|
2011-10-25 09:53:44 +00:00 |
|
Miroslav Stampar
|
6d64f87190
|
minor update
|
2011-10-24 00:46:54 +00:00 |
|
Miroslav Stampar
|
1f7d87c6a4
|
bug fix for --code (previously redirecting codes where not considered)
|
2011-10-23 20:48:37 +00:00 |
|
Miroslav Stampar
|
77e630d89e
|
replaced longer CHAR form of escaped MySQL strings with more compact hex form
|
2011-10-23 20:19:42 +00:00 |
|
Miroslav Stampar
|
3f0517d3f3
|
support for non-latin (e.g. cyrillic) URLs
|
2011-10-23 17:02:48 +00:00 |
|
Miroslav Stampar
|
0db0571f35
|
minor patch
|
2011-10-21 09:06:00 +00:00 |
|
Miroslav Stampar
|
dd0ed5f5da
|
adding redirect response to the traffic file
|
2011-09-28 08:13:46 +00:00 |
|
Miroslav Stampar
|
e0f521cf9d
|
minor update regarding --randomize
|
2011-08-29 13:08:25 +00:00 |
|
Miroslav Stampar
|
ac00014c4a
|
implemented --randomize switch by request
|
2011-08-29 12:50:52 +00:00 |
|
Miroslav Stampar
|
75ec146224
|
minor beautification
|
2011-08-17 21:17:02 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
fff4c34e33
|
Search for --string and --regexp matches also in HTTP response headers
|
2011-08-12 15:33:37 +00:00 |
|
Bernardo Damele
|
5e5133b8e7
|
Should be fixed now
|
2011-08-12 15:00:11 +00:00 |
|
Bernardo Damele
|
1505cb2a80
|
typo
|
2011-08-12 14:51:39 +00:00 |
|
Bernardo Damele
|
702ca22d54
|
Minor bug fix for URI injections
|
2011-08-12 14:48:44 +00:00 |
|
Bernardo Damele
|
28bba9f5e6
|
More verbose warning message
|
2011-08-12 13:47:38 +00:00 |
|
Miroslav Stampar
|
10bdd90e60
|
minor speed optimizations (as a result of profiling)
|
2011-08-12 13:40:37 +00:00 |
|
Miroslav Stampar
|
02bfd05b20
|
more general approach
|
2011-07-08 10:03:14 +00:00 |
|
Miroslav Stampar
|
ba2c06c9dc
|
quick fix
|
2011-07-08 09:01:32 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Miroslav Stampar
|
93b296e02c
|
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
|
2011-07-06 05:44:47 +00:00 |
|
Miroslav Stampar
|
75524c283d
|
minor update
|
2011-06-27 21:59:31 +00:00 |
|
Miroslav Stampar
|
831f083223
|
minor update
|
2011-06-27 21:38:12 +00:00 |
|
Miroslav Stampar
|
e9286ddd5b
|
fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
47: ordinal not in range(128))
|
2011-06-24 19:24:11 +00:00 |
|
Miroslav Stampar
|
e76cb19e35
|
minor patch
|
2011-06-22 09:11:12 +00:00 |
|
Miroslav Stampar
|
b16b92fe46
|
minor update
|
2011-06-21 20:59:34 +00:00 |
|
Miroslav Stampar
|
2220afbdf5
|
fix by request
|
2011-06-21 20:50:16 +00:00 |
|
Miroslav Stampar
|
bdb530da1f
|
minor update
|
2011-06-19 10:11:27 +00:00 |
|
Miroslav Stampar
|
d5bc149636
|
made changes by buawig request (504 is treated as a classical timeout)
|
2011-06-19 09:57:41 +00:00 |
|
Bernardo Damele
|
0d8d6a4ace
|
Cosmetics
|
2011-06-08 16:08:20 +00:00 |
|
Miroslav Stampar
|
4a9640160e
|
more concise
|
2011-06-08 14:35:23 +00:00 |
|
Miroslav Stampar
|
6b81eef65a
|
refactoring
|
2011-06-08 14:30:12 +00:00 |
|
Miroslav Stampar
|
75c12c5edb
|
fix for a bug reported by cclements@flatearth.net (TypeError: argument of type 'NoneType' is not iterable)
|
2011-06-07 21:46:49 +00:00 |
|
Miroslav Stampar
|
a5a70f0895
|
minor update
|
2011-05-28 18:21:03 +00:00 |
|
Miroslav Stampar
|
c11ea35d53
|
adding some user input for "refreshing" cases (like redirect ones)
|
2011-05-27 22:42:23 +00:00 |
|
Miroslav Stampar
|
cf69809c3c
|
minor update
|
2011-05-27 16:26:00 +00:00 |
|
Miroslav Stampar
|
61b960f65f
|
minor update related to the last one
|
2011-05-26 22:05:10 +00:00 |
|
Miroslav Stampar
|
45caadbd4a
|
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
|
2011-05-26 21:54:19 +00:00 |
|
Miroslav Stampar
|
4f2c999146
|
fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders)
|
2011-05-26 13:47:20 +00:00 |
|
Miroslav Stampar
|
f774d8fea0
|
proper Tor settings (reverted r3915 and implemented it the right way)
|
2011-05-24 11:06:58 +00:00 |
|
Miroslav Stampar
|
915c206e3d
|
minor fix for socks proxy issues
|
2011-05-24 09:47:10 +00:00 |
|
Miroslav Stampar
|
ad25bcc2be
|
better way for dealing with relative paths
|
2011-05-24 05:26:51 +00:00 |
|
Miroslav Stampar
|
a536bf210f
|
improved redirection mechanism
|
2011-05-23 23:20:03 +00:00 |
|
Miroslav Stampar
|
40971aca94
|
fixing nasty bug caused by retrying counter
|
2011-05-22 10:59:56 +00:00 |
|
Miroslav Stampar
|
712e238f33
|
another minor fix
|
2011-05-22 10:29:25 +00:00 |
|
Miroslav Stampar
|
2795aeff34
|
minor fix
|
2011-05-22 10:27:45 +00:00 |
|
Miroslav Stampar
|
806e898694
|
no more CRITICAL drop outs in test mode - lots of reports were related to this
|
2011-05-22 10:21:49 +00:00 |
|
Miroslav Stampar
|
9b2623514a
|
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
|
2011-05-22 09:48:46 +00:00 |
|
Miroslav Stampar
|
2ea613b170
|
type correction and adding global flag kb.ignoreTimeout which could be useful
|
2011-05-22 08:24:13 +00:00 |
|
Miroslav Stampar
|
27f0e73cc9
|
refactoring of 'target' flag in connect.py
|
2011-05-22 07:46:09 +00:00 |
|
Miroslav Stampar
|
25fff8c135
|
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
|
2011-05-21 11:46:57 +00:00 |
|
Miroslav Stampar
|
053c245114
|
few minor fixes
|
2011-05-13 09:56:12 +00:00 |
|
Miroslav Stampar
|
a7d7be5ce0
|
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)
|
2011-05-13 01:01:53 +00:00 |
|
Miroslav Stampar
|
0b2da2f9f5
|
minor beautification for --tor switch
|
2011-05-12 05:46:17 +00:00 |
|
Miroslav Stampar
|
1dea609019
|
fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query)
|
2011-05-10 12:51:37 +00:00 |
|
Miroslav Stampar
|
a64407d9db
|
minor bug fix for multithreading and lots of connection retries
|
2011-05-10 12:40:01 +00:00 |
|
Miroslav Stampar
|
22a1870c2c
|
adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1
|
2011-05-10 12:32:07 +00:00 |
|
Miroslav Stampar
|
b324b99f6e
|
minor update of warning message
|
2011-05-04 10:41:08 +00:00 |
|
Miroslav Stampar
|
1e6c2fea74
|
update regarding warning for --random-agent during connection timeout in connection test phase
|
2011-05-03 10:05:42 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Miroslav Stampar
|
b299912de4
|
fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost
|
2011-04-29 16:56:02 +00:00 |
|
Miroslav Stampar
|
6bb4dce3aa
|
minor refactoring
|
2011-04-29 15:22:32 +00:00 |
|
Bernardo Damele
|
11ecd16099
|
cosmetics
|
2011-04-21 10:08:38 +00:00 |
|
Miroslav Stampar
|
fc90974940
|
revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)
|
2011-04-19 14:50:09 +00:00 |
|
Miroslav Stampar
|
7abbd0c029
|
removing a leftover
|
2011-04-19 14:29:51 +00:00 |
|
Miroslav Stampar
|
96b5fede5a
|
automatic increasing of time delay on lagging connections
|
2011-04-19 14:28:51 +00:00 |
|
Miroslav Stampar
|
7a06af9a92
|
added "lagging" critical message
|
2011-04-19 10:37:20 +00:00 |
|
Miroslav Stampar
|
6463cad8c5
|
minor update for SOAP payloads
|
2011-04-18 14:29:52 +00:00 |
|
Miroslav Stampar
|
a7366bf710
|
SOAP refactoring
|
2011-04-17 21:39:00 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
83feb097ef
|
greater flexibility for --batch when default is None
|
2011-04-08 22:29:50 +00:00 |
|
Miroslav Stampar
|
e957c4400c
|
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
|
2011-04-04 08:04:47 +00:00 |
|
Miroslav Stampar
|
305115a68b
|
important improvement of data handling (POST data and header values)
|
2011-04-03 15:02:52 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
850328df6c
|
minor cosmetics
|
2011-03-29 22:03:48 +00:00 |
|
Miroslav Stampar
|
9f707febf5
|
minor update
|
2011-03-29 15:43:17 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
ae53ad4c30
|
making an update for special case of timed out response
|
2011-03-28 21:05:04 +00:00 |
|
Miroslav Stampar
|
b53c9a2599
|
minor fix and some refactoring
|
2011-03-18 00:24:02 +00:00 |
|
Bernardo Damele
|
9526f0c4c2
|
Minor layout adjustments
|
2011-03-17 12:35:40 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
2fd3f0d7b2
|
minor update (added comment)
|
2011-03-11 20:07:52 +00:00 |
|
Miroslav Stampar
|
5eae525010
|
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
|
2011-03-11 19:57:44 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
9856cb71de
|
redo of the last commit with comments added
|
2011-02-28 18:58:05 +00:00 |
|
Miroslav Stampar
|
ade31b2cb0
|
removal of obsolete item
|
2011-02-28 18:49:25 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Miroslav Stampar
|
63b8156c00
|
some update (if header key is non-unicode comformant)
|
2011-02-25 09:43:04 +00:00 |
|
Miroslav Stampar
|
aa88361ab1
|
incorporation of method for neutralization of reflective values
|
2011-02-25 09:22:44 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
dcad5410fe
|
minor refactoring
|
2011-02-22 12:54:22 +00:00 |
|
Miroslav Stampar
|
17c39fe231
|
fix for that non-HTML stuff
|
2011-02-22 11:32:55 +00:00 |
|
Bernardo Damele
|
60b05ff49f
|
Reflect new switch name
|
2011-02-19 21:05:15 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Bernardo Damele
|
156d8cd99b
|
Directory restyling
|
2011-02-08 00:15:02 +00:00 |
|
Miroslav Stampar
|
e4933f0c92
|
refactoring
|
2011-02-03 23:25:56 +00:00 |
|
Miroslav Stampar
|
402c1b622e
|
removing urlencode from UA
|
2011-02-02 15:18:06 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
35b6d7278a
|
minor update
|
2011-01-31 22:50:54 +00:00 |
|
Miroslav Stampar
|
60a2364f2b
|
now union technique parses headers too
|
2011-01-31 12:41:39 +00:00 |
|
Miroslav Stampar
|
fc9c626f9e
|
minor refactoring (removed URL_ENCODE_PAYLOAD)
|
2011-01-30 17:03:06 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
81722b6881
|
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
|
2011-01-27 18:36:28 +00:00 |
|
Miroslav Stampar
|
03413bd5e0
|
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
|
2011-01-27 16:55:58 +00:00 |
|
Miroslav Stampar
|
430fd5cd63
|
minor fixes
|
2011-01-25 16:05:06 +00:00 |
|
Miroslav Stampar
|
cab86871fe
|
fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)
|
2011-01-25 11:02:41 +00:00 |
|
Miroslav Stampar
|
4093599f38
|
added parseTargetUrl to redirect choice
|
2011-01-24 14:45:35 +00:00 |
|
Miroslav Stampar
|
1fa8f0cba7
|
code reviewing part 2
|
2011-01-15 12:53:40 +00:00 |
|
Miroslav Stampar
|
fb9d7cdfaa
|
refactoring, code clearing and removal of obsolete switch --longest-common
|
2011-01-14 14:37:03 +00:00 |
|
Bernardo Damele
|
06230e4d92
|
Minor code refactoring and cosmetics
|
2011-01-11 21:46:21 +00:00 |
|
Bernardo Damele
|
1c86ec374e
|
Code refactoring and cosmetics
|
2011-01-07 15:41:09 +00:00 |
|
Miroslav Stampar
|
709a7d156b
|
fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)
|
2011-01-04 12:51:51 +00:00 |
|
Miroslav Stampar
|
d288c6d6e3
|
minor update
|
2011-01-04 08:40:41 +00:00 |
|
Miroslav Stampar
|
08ccbf2c1e
|
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
|
2011-01-03 22:02:58 +00:00 |
|
Miroslav Stampar
|
07129371bf
|
bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)
|
2011-01-03 13:04:20 +00:00 |
|
Miroslav Stampar
|
da138c46c1
|
added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)
|
2011-01-02 07:37:47 +00:00 |
|
Miroslav Stampar
|
ef27fd5ea1
|
there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) (http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html, http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html)
|
2011-01-01 15:20:29 +00:00 |
|
Miroslav Stampar
|
93838fb155
|
"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)
|
2010-12-28 14:40:34 +00:00 |
|
Miroslav Stampar
|
f2373121d0
|
noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more)
|
2010-12-26 14:36:51 +00:00 |
|
Miroslav Stampar
|
569e060aab
|
important improvement
|
2010-12-26 13:20:52 +00:00 |
|