189 Commits

Author	SHA1	Message	Date
Miroslav Stampar	81722b6881	major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)	2011-01-27 18:36:28 +00:00
Miroslav Stampar	03413bd5e0	minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)	2011-01-27 16:55:58 +00:00
Miroslav Stampar	430fd5cd63	minor fixes	2011-01-25 16:05:06 +00:00
Miroslav Stampar	cab86871fe	fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)	2011-01-25 11:02:41 +00:00
Miroslav Stampar	4093599f38	added parseTargetUrl to redirect choice	2011-01-24 14:45:35 +00:00
Miroslav Stampar	1fa8f0cba7	code reviewing part 2	2011-01-15 12:53:40 +00:00
Miroslav Stampar	fb9d7cdfaa	refactoring, code clearing and removal of obsolete switch --longest-common	2011-01-14 14:37:03 +00:00
Bernardo Damele	06230e4d92	Minor code refactoring and cosmetics	2011-01-11 21:46:21 +00:00
Bernardo Damele	1c86ec374e	Code refactoring and cosmetics	2011-01-07 15:41:09 +00:00
Miroslav Stampar	709a7d156b	fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)	2011-01-04 12:51:51 +00:00
Miroslav Stampar	d288c6d6e3	minor update	2011-01-04 08:40:41 +00:00
Miroslav Stampar	08ccbf2c1e	important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)	2011-01-03 22:02:58 +00:00
Miroslav Stampar	07129371bf	bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)	2011-01-03 13:04:20 +00:00
Miroslav Stampar	da138c46c1	added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)	2011-01-02 07:37:47 +00:00
Miroslav Stampar	ef27fd5ea1	there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) (http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html, http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html)	2011-01-01 15:20:29 +00:00
Miroslav Stampar	93838fb155	"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)	2010-12-28 14:40:34 +00:00
Miroslav Stampar	f2373121d0	noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more)	2010-12-26 14:36:51 +00:00
Miroslav Stampar	569e060aab	important improvement	2010-12-26 13:20:52 +00:00
Miroslav Stampar	b472b96f92	bug fix, refactoring and improved extractErrorMessage capabilities	2010-12-25 10:16:20 +00:00
Miroslav Stampar	2c23a59ba5	fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)	2010-12-24 12:13:48 +00:00
Miroslav Stampar	a09716a701	minor update	2010-12-24 10:07:56 +00:00
Miroslav Stampar	cb17e61f35	bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959)	2010-12-24 02:54:26 +00:00
Miroslav Stampar	017ea9e686	update	2010-12-23 14:06:22 +00:00
Miroslav Stampar	8fc60215ed	lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.	2010-12-22 19:12:46 +00:00
Bernardo Damele	250608660d	Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not)	2010-12-22 13:41:36 +00:00
Miroslav Stampar	385e208f38	code refactoring regarding standard output suppression and some threading issues	2010-12-21 14:21:24 +00:00
Miroslav Stampar	6b37ddada4	removed some blank trailing spaces (with extra/shutils/blanks.sh)	2010-12-21 10:31:56 +00:00
Miroslav Stampar	d554460aec	minor fix	2010-12-21 01:09:39 +00:00
Miroslav Stampar	416755c0b7	minor adjustments	2010-12-21 00:25:03 +00:00
Miroslav Stampar	29001a4fce	minor update	2010-12-20 23:21:01 +00:00
Miroslav Stampar	8fd3e7ba1f	thread based data added	2010-12-20 22:45:01 +00:00
Miroslav Stampar	c948bced61	should solve the problem with timeout problems in time-based payloads	2010-12-20 16:45:41 +00:00
Miroslav Stampar	eaf8929085	more minor updates	2010-12-20 10:48:53 +00:00
Miroslav Stampar	108a96c6b4	some fixes	2010-12-17 21:45:20 +00:00
Miroslav Stampar	f7344a5fc3	update	2010-12-11 21:28:11 +00:00
Miroslav Stampar	435f48b8cc	polite cosmetics	2010-12-10 15:28:56 +00:00
Bernardo Damele	9230877d98	cosmetics	2010-12-09 13:57:38 +00:00
Miroslav Stampar	196131bbca	minor cosmetics	2010-12-09 10:42:00 +00:00
Miroslav Stampar	3fd1c37d53	update	2010-12-09 07:49:18 +00:00
Miroslav Stampar	40fadf2f35	minor update	2010-12-08 14:33:10 +00:00
Miroslav Stampar	01cf1394a4	code refactoring	2010-12-08 14:26:40 +00:00
Miroslav Stampar	47bb31fb47	code refactoring	2010-12-08 11:30:25 +00:00
Miroslav Stampar	1ae2fa7f1a	update regarding time based payloads	2010-12-08 11:26:54 +00:00
Miroslav Stampar	a4a63f5b1e	minor update	2010-12-07 23:49:00 +00:00
Miroslav Stampar	293ce18fed	two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)	2010-12-07 23:32:33 +00:00
Miroslav Stampar	dc651d59ec	little mathematics here and there (used "Rules for normally distributed data")	2010-12-07 19:19:12 +00:00
Miroslav Stampar	294119d2ec	more advanced time technique(s)	2010-12-07 16:04:53 +00:00
Miroslav Stampar	0dc630203f	code refactoring	2010-12-07 13:34:06 +00:00
Miroslav Stampar	9e5f933ace	some updates	2010-12-04 15:47:02 +00:00
Bernardo Damele	5d37df6104	Ugly code to set the cookies when got them from a 302 redirect too	2010-12-03 17:41:10 +00:00