Commit Graph

910 Commits

Author SHA1 Message Date
Miroslav Stampar
171cf6f54d Minor fine tuning for SQLi heuristic check 2016-10-04 11:32:06 +02:00
Miroslav Stampar
dc8301689e Implementation for an Issue #2204 2016-10-02 11:13:40 +02:00
Miroslav Stampar
332726356c Minor language update 2016-09-29 14:03:46 +02:00
Miroslav Stampar
381deb68ff Implementation for an Issue #2137 2016-09-27 13:26:11 +02:00
Miroslav Stampar
7151df16f6 Adding extra validation step in case of boolean-based blind (e.g. if unexpected 500 occurs) 2016-09-27 11:21:12 +02:00
Miroslav Stampar
8994bf2dba Further dealing with time-based SQLi (Issue #1973) 2016-09-27 10:32:22 +02:00
Miroslav Stampar
09617c8243 Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973 2016-09-27 10:20:36 +02:00
Miroslav Stampar
556b4d289e Minor cosmetic patch (removing multiple same content '...appears...' messages) 2016-09-26 17:02:40 +02:00
Miroslav Stampar
1b48ff223d Adding initial support for Informix (Issue #552) 2016-09-23 12:33:27 +02:00
Miroslav Stampar
56a918c408 Minor refactoring 2016-09-20 10:03:00 +02:00
Miroslav Stampar
bcd62ecc5b Minor optimization (avoiding unnecessary deepcopies) 2016-09-20 09:56:08 +02:00
Miroslav Stampar
32dd4a938c Minor patch of message 2016-09-09 11:37:16 +02:00
Miroslav Stampar
6b91b7b7fa Minor cosmetics 2016-09-02 16:10:11 +02:00
Miroslav Stampar
cb43c03712 Definite patch for MemoryError(s) (fixes #1991) 2016-06-30 14:57:56 +02:00
Miroslav Stampar
8b4367d354 Revert of last commit 2016-06-26 01:42:21 +02:00
Miroslav Stampar
0a9d69a7d0 Minor patch 2016-06-26 01:10:47 +02:00
Miroslav Stampar
0175acd028 Bug fix (in some cases lack of warning message for SQLi appearing) 2016-06-23 17:52:37 +02:00
Miroslav Stampar
78fdb27a0b More improvements 2016-06-03 15:51:52 +02:00
Miroslav Stampar
350baf0a0a Minor update 2016-06-03 14:29:32 +02:00
Miroslav Stampar
9886b646eb Proper update regarding the last commit 2016-06-03 14:18:28 +02:00
Miroslav Stampar
c5197b99a0 Minor patch and minor improvement 2016-06-03 13:59:32 +02:00
Miroslav Stampar
0e65043c84 Minor adjustment 2016-06-03 09:48:49 +02:00
Miroslav Stampar
229d3a7dd0 Patch for cases when error page looks more like original, than the False one does 2016-05-30 16:46:23 +02:00
Miroslav Stampar
b965e5bf1c Minor refactoring 2016-05-30 16:06:39 +02:00
Miroslav Stampar
3bd74c5351 Minor patch 2016-05-30 15:20:21 +02:00
Miroslav Stampar
55624ec1a2 Minor message update 2016-05-30 14:40:22 +02:00
Miroslav Stampar
83b82a5e98 Bug fix (wrong handler used in case of DBMS resolution) 2016-05-30 10:32:49 +02:00
Miroslav Stampar
69fd900108 Adding waf script for detection of generic/unknown 2016-05-27 16:34:41 +02:00
Miroslav Stampar
de9f23939f Major bug fix in WAF/IDS/IPS detection (question 'do you want..to try to detect backend WAF/IPS/IDS' never worked) 2016-05-27 13:41:03 +02:00
Miroslav Stampar
7a2ac23f0b Adding new waf script (sitelock) 2016-05-27 02:13:01 +02:00
Miroslav Stampar
a5f8cae599 Fixes #1892 2016-05-24 17:58:35 +02:00
Miroslav Stampar
c395958dff Fixes #1888 2016-05-24 14:55:19 +02:00
Miroslav Stampar
798b539eec Minor update 2016-05-24 14:50:56 +02:00
Miroslav Stampar
f7cae68378 More formal language 2016-05-22 21:44:17 +02:00
Miroslav Stampar
f6ff1a115a Better (automatic) picking of a --string candidate (especially in case of international pages) 2016-05-22 21:29:08 +02:00
Miroslav Stampar
32ee586e2a Minor language update 2016-05-22 14:30:32 +02:00
Miroslav Stampar
6623c3f877 Pesky bug fix (nobody noticed :) 2016-05-22 14:22:31 +02:00
Miroslav Stampar
30a4173249 I like users which don't know the difference between detection and identification 2016-05-22 12:40:23 +02:00
Miroslav Stampar
5e8b105677 Fixes #1880 2016-05-19 19:46:12 +02:00
Miroslav Stampar
1e07269fe3 Patch for an Issue #1860 2016-05-12 16:42:12 +02:00
Miroslav Stampar
be9381abc5 Implements #1845 2016-05-06 13:06:59 +02:00
Miroslav Stampar
c797129956 Fixes #1833 2016-05-02 11:10:12 +02:00
Miroslav Stampar
9dd5cd8eb6 Removing CloudFlare check 2016-04-29 00:17:07 +02:00
Miroslav Stampar
aa21550712 Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself) 2016-04-15 13:47:19 +02:00
Miroslav Stampar
66061e8c5f Fixes #1811 2016-04-15 12:04:54 +02:00
Miroslav Stampar
0245ce6228 Fixes #1782 2016-03-28 19:55:33 +02:00
Miroslav Stampar
d7cdb6cbd8 Minor update 2016-02-06 20:16:33 +01:00
Miroslav Stampar
62f94f6587 Adding comments (Issue #1681) 2016-01-26 07:52:25 +01:00
Miroslav Stampar
574b3a79aa Adding support for detection of CloudFlare responses 2016-01-21 10:16:23 +01:00
Miroslav Stampar
59695af101 Minor improvement of heuristic checks 2016-01-14 22:21:47 +01:00
Miroslav Stampar
bdcf3fffba Minor update related to the last (error results in OR boolean-based blind should not be the same as True to be able to do proper comparison) 2016-01-14 13:40:50 +01:00
Miroslav Stampar
c7ef9429ae Minor check for problematic injections 2016-01-14 13:16:44 +01:00
Miroslav Stampar
4c1fc095d8 Adding heuristic check for FI vulnerability 2016-01-14 09:59:13 +01:00
Miroslav Stampar
a8c6c6fca1 Minor update related to the last one 2016-01-13 23:47:34 +01:00
Miroslav Stampar
4e29e1b351 Fixing wrong commit #4f939b5719716dfe9bd085c4f67696bc11064edd 2016-01-13 23:34:42 +01:00
Miroslav Stampar
8362bdcf66 Fix for screw up made by #52dd92748a50bcee4fb979ea49185840ff6743b9 2016-01-13 23:16:27 +01:00
Miroslav Stampar
eb989469f3 Minor just in case update 2016-01-12 10:27:04 +01:00
Miroslav Stampar
48ac2101f2 Using only once the dummy checkWaf payload 2016-01-08 23:23:41 +01:00
Miroslav Stampar
d0d676ccce Update of copyright string 2016-01-06 00:06:12 +01:00
Miroslav Stampar
c6d4217495 Minor update (just in case) 2015-12-03 02:08:59 +01:00
Miroslav Stampar
d41cd53d31 Minor style fix (distinguish form from URL testing when --forms --crawl combo used) 2015-10-28 14:03:21 +01:00
Miroslav Stampar
78bbf5d63c Fixes #1451 2015-10-06 14:17:35 +02:00
Miroslav Stampar
53de0e8949 Implements #1442 2015-10-01 11:57:33 +02:00
Miroslav Stampar
81caf14b6d Adding switch --skip-waf 2015-09-21 14:57:44 +02:00
Miroslav Stampar
e81e474646 Minor adjustment 2015-09-21 14:46:34 +02:00
Miroslav Stampar
56f0b811a6 Minor patch 2015-09-21 13:23:56 +02:00
Miroslav Stampar
c05c0ff435 Minor patch with imports 2015-09-10 15:55:49 +02:00
Miroslav Stampar
f494004f44 Switching to the getSafeExString (where it can be used) 2015-09-10 15:51:33 +02:00
Miroslav Stampar
c1f829d131 Removing last remnants of bad handling the exceptions as strings 2015-09-08 11:15:31 +02:00
Miroslav Stampar
e623ee66ad Better approach for #1320 2015-07-30 23:29:31 +02:00
Miroslav Stampar
58002c5057 Minor cosmetics 2015-07-23 09:55:59 +02:00
Miroslav Stampar
21e8182ac6 Fixes #1305 2015-07-18 17:01:34 +02:00
Miroslav Stampar
00f190fc92 Fixes #1303 2015-07-17 10:14:35 +02:00
Miroslav Stampar
16f8e4c8ba Removing unused imports 2015-07-12 12:25:02 +02:00
Miroslav Stampar
10f8c6a0b6 Introducing --offline switch (to perform session only lookups) 2015-07-10 16:10:24 +02:00
Miroslav Stampar
9bdbdc136f Minor cosmetics update 2015-07-10 11:33:12 +02:00
Miroslav Stampar
0ba264bfa0 Minor patch 2015-07-10 09:51:11 +02:00
Miroslav Stampar
4baaa4a5ad Minor improvement 2015-07-10 09:24:14 +02:00
Miroslav Stampar
9ff115ce71 Minor patch 2015-07-10 01:33:53 +02:00
Miroslav Stampar
02470ea683 Further decreasing number of testing payloads 2015-07-10 01:19:46 +02:00
Miroslav Stampar
48b627f3ff Prevent double tests (e.g. in same final tests where suffix is cut by the comment) 2015-07-10 00:54:02 +02:00
Miroslav Stampar
ca2f63c672 Test speed up in case of boolean based blind 2015-07-10 00:37:59 +02:00
Miroslav Stampar
96327b6701 Fixes #1290 2015-07-05 01:47:01 +02:00
Miroslav Stampar
1f71d809d4 Fixes #1288 2015-07-03 08:55:33 +02:00
Miroslav Stampar
08caca387b Minor patch of automatic WAF heuristic check 2015-05-29 16:01:41 +02:00
Miroslav Stampar
17bfda1b9c Adding new switch ('--skip-static') 2015-05-18 20:57:15 +02:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
Miroslav Stampar
adc8ac267d Fixes #1190 2015-03-10 09:23:26 +01:00
Bernardo Damele
8281fe48e5 bug fix: test for boundaries with high levels if the test was extended 2015-03-01 11:02:05 +00:00
Bernardo Damele
2f08c8b666 bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup 2015-02-27 13:57:28 +00:00
Bernardo Damele
475cc8b24b trivial code cleanup 2015-02-21 13:12:30 +00:00
Bernardo Damele
d235ee375b code cleanup 2015-02-21 12:59:44 +00:00
Bernardo Damele
52dd92748a rework some of the logic of the detection phase based on identified DBMS along the way 2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719 avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables 2015-02-20 18:36:34 +00:00
Bernardo Damele
214b9360e9 Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup 2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5 trivial code cleanup 2015-02-20 15:42:28 +00:00
Bernardo Damele
201b605f9b Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already 2015-02-20 10:21:44 +00:00
Bernardo Damele
e17d212c23 bug fix introduced with 863d5a6281 2015-02-15 20:07:52 +00:00
Bernardo Damele
863d5a6281 --test-filter now ignores values of --risk and --level 2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427 Closes #1163 2015-02-13 10:59:03 +01:00