Bernardo Damele
|
45ec8c169a
|
Consistency between --*-test switches/output
|
2010-11-08 16:46:25 +00:00 |
|
Miroslav Stampar
|
fda8752dca
|
revert of some HTTP headers handling
|
2010-11-08 13:26:45 +00:00 |
|
Bernardo Damele
|
78d7b17483
|
More replacements for refactoring.
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
|
2010-11-08 12:36:48 +00:00 |
|
Miroslav Stampar
|
eb999de0f1
|
added Range handler (dealing with 206 HTTP messages)
|
2010-11-08 12:26:13 +00:00 |
|
Miroslav Stampar
|
a3de10e3a2
|
new option -t
|
2010-11-08 11:22:47 +00:00 |
|
Miroslav Stampar
|
d551423379
|
further enum refactoring
|
2010-11-08 09:44:32 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Bernardo Damele
|
73e85bfc75
|
Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now
|
2010-11-07 16:24:44 +00:00 |
|
Miroslav Stampar
|
afba26a53f
|
tiny winy update
|
2010-11-07 09:00:45 +00:00 |
|
Miroslav Stampar
|
2b8c942b4a
|
more update
|
2010-11-07 08:58:24 +00:00 |
|
Miroslav Stampar
|
16f52ab7ba
|
cosmetic fix
|
2010-11-07 08:13:20 +00:00 |
|
Miroslav Stampar
|
8d93bdfa4b
|
minor update (optimization) regarding -a switch
|
2010-11-07 08:11:56 +00:00 |
|
Miroslav Stampar
|
e1cec8c02b
|
fix for all that stable, dynamic mambo jambo :)
|
2010-11-04 16:44:34 +00:00 |
|
Miroslav Stampar
|
18aea251b3
|
added concept of tamper script priority
|
2010-11-04 10:29:40 +00:00 |
|
Miroslav Stampar
|
6adee3792a
|
removed all trailing spaces from blank lines
|
2010-11-03 10:08:27 +00:00 |
|
Miroslav Stampar
|
5269cb8c08
|
some code refactoring and beautification
|
2010-11-02 09:06:38 +00:00 |
|
Miroslav Stampar
|
13e93f564a
|
one bug fix in dynamic content engine and some code refactoring
|
2010-11-02 07:32:08 +00:00 |
|
Miroslav Stampar
|
73b33ed765
|
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
|
2010-11-01 20:56:13 +00:00 |
|
Bernardo Damele
|
f3cc41601c
|
Added check on --first and --last values
|
2010-10-31 14:42:13 +00:00 |
|
Miroslav Stampar
|
5a38ac7ea9
|
important update regarding (Bug #209) - probably more will be needed
|
2010-10-29 16:11:50 +00:00 |
|
Bernardo Damele
|
43de8247ac
|
Code refactoring
|
2010-10-27 20:39:50 +00:00 |
|
Miroslav Stampar
|
24c5d7b313
|
code refactoring
|
2010-10-25 14:06:56 +00:00 |
|
Miroslav Stampar
|
9c94a233a1
|
conf.md5hash thrown out
|
2010-10-25 13:52:21 +00:00 |
|
Miroslav Stampar
|
9a3879feba
|
keeping things neat and tidy
|
2010-10-25 12:33:49 +00:00 |
|
Miroslav Stampar
|
71543092b7
|
update regarding comparison engine
|
2010-10-25 12:00:59 +00:00 |
|
Miroslav Stampar
|
8df7c88174
|
implementation of a new dynamic content removal engine
|
2010-10-25 10:41:37 +00:00 |
|
Miroslav Stampar
|
2194d47782
|
setting conf.threads when -o switch is used
|
2010-10-22 19:10:45 +00:00 |
|
Bernardo Damele
|
1288def3b7
|
Cosmetics
|
2010-10-22 14:23:14 +00:00 |
|
Miroslav Stampar
|
bc79eec702
|
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
|
2010-10-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
4009ef385e
|
more update regarding error based injection support
|
2010-10-19 18:17:34 +00:00 |
|
Miroslav Stampar
|
6b70dadfb2
|
minor cosmetics
|
2010-10-18 09:09:22 +00:00 |
|
Miroslav Stampar
|
149837ebf5
|
added the same for proxy authorization header
|
2010-10-18 09:02:56 +00:00 |
|
Miroslav Stampar
|
aaebb4336e
|
fix for Bug #202
|
2010-10-18 08:54:08 +00:00 |
|
Bernardo Damele
|
64b9f94fcf
|
Renamed --common-prediction switch to --predict-output
|
2010-10-16 23:50:13 +00:00 |
|
Bernardo Damele
|
7b71262de6
|
Cosmetic fix
|
2010-10-16 22:07:29 +00:00 |
|
Bernardo Damele
|
a2997a6dce
|
Minor bug fix to --tamper
|
2010-10-16 21:55:34 +00:00 |
|
Bernardo Damele
|
2129935e06
|
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
|
2010-10-16 21:52:16 +00:00 |
|
Bernardo Damele
|
2dae934a2b
|
Minor bug fixes, code refactoring and enhanced --tamper functionality
|
2010-10-16 21:33:15 +00:00 |
|
Miroslav Stampar
|
d50684a057
|
added one more check
|
2010-10-15 11:05:50 +00:00 |
|
Miroslav Stampar
|
2b476e078c
|
minor cosmetics
|
2010-10-15 10:36:29 +00:00 |
|
Bernardo Damele
|
9fcab68700
|
Minor adjustments
|
2010-10-15 10:28:06 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
f07608ef4d
|
show static words in a sorted manner
|
2010-10-14 12:38:06 +00:00 |
|
Miroslav Stampar
|
162d01abed
|
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
|
2010-10-14 11:06:28 +00:00 |
|
Miroslav Stampar
|
7e1f784eaa
|
cosmetic update
|
2010-10-14 06:00:10 +00:00 |
|
Miroslav Stampar
|
34580f56fc
|
added --tamper option
|
2010-10-12 22:45:25 +00:00 |
|
Miroslav Stampar
|
d2ec132469
|
added --text-only switch
|
2010-10-12 19:41:29 +00:00 |
|
Miroslav Stampar
|
43892cddbb
|
some updates
|
2010-10-11 12:26:35 +00:00 |
|
Miroslav Stampar
|
18d27cabc5
|
more changes
|
2010-10-07 15:34:17 +00:00 |
|
Miroslav Stampar
|
1e9ae40397
|
major refactoring
|
2010-10-07 12:12:26 +00:00 |
|
Miroslav Stampar
|
adf2231edb
|
minor update
|
2010-10-06 13:38:03 +00:00 |
|
Miroslav Stampar
|
56dbf0038f
|
minor update (for future implementation of more advanced error page logic)
|
2010-10-06 12:10:00 +00:00 |
|
Miroslav Stampar
|
cf8e92699c
|
changes regarding EXISTS feature
|
2010-09-30 12:35:45 +00:00 |
|
Miroslav Stampar
|
35f35605df
|
changes regarding Feature #160
|
2010-09-26 14:02:13 +00:00 |
|
Miroslav Stampar
|
b745331974
|
added null connection check
|
2010-09-16 08:43:10 +00:00 |
|
Miroslav Stampar
|
798ab4989b
|
fix for a Bug #200
|
2010-09-14 10:35:01 +00:00 |
|
Miroslav Stampar
|
19fb2e3dcf
|
fix for Bug #165
|
2010-09-13 13:31:01 +00:00 |
|
Miroslav Stampar
|
8aa12db425
|
added option --proxy-cred for setting proxy credentials (Feature #195)
|
2010-08-18 22:45:00 +00:00 |
|
Miroslav Stampar
|
057ec8a6b2
|
added --ratio option for direct manipulation of conf.matchRatio parameter
|
2010-08-10 19:53:29 +00:00 |
|
Miroslav Stampar
|
28d9115373
|
fix for Feature #187 (Skip duplicates parameters in -g)
|
2010-07-29 20:01:04 +00:00 |
|
Bernardo Damele
|
49af0c43a5
|
Forgot
|
2010-07-01 15:26:18 +00:00 |
|
Miroslav Stampar
|
9d28ae23ca
|
fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)
|
2010-07-01 14:11:45 +00:00 |
|
Bernardo Damele
|
24428c1a1b
|
Added warning message if both --proxy and --keep-alive are provided
|
2010-06-30 11:41:42 +00:00 |
|
Bernardo Damele
|
c33f3ef844
|
Minor adjustment to HTTP headers handling
|
2010-06-29 23:51:44 +00:00 |
|
Bernardo Damele
|
fb9f669544
|
More verbose comments
|
2010-06-29 21:10:33 +00:00 |
|
Bernardo Damele
|
ea45d75f2d
|
Major bug fix to parse and store all HTTP headers from the request file (-r)
|
2010-06-29 21:06:03 +00:00 |
|
Bernardo Damele
|
9bce22683b
|
Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)
|
2010-06-11 10:08:19 +00:00 |
|
Bernardo Damele
|
c23ea4c749
|
--keep-alive is not compatible with --proxy
|
2010-06-10 21:19:45 +00:00 |
|
Bernardo Damele
|
d3c8e461cf
|
Minor layout adjustments
|
2010-06-10 14:14:56 +00:00 |
|
Miroslav Stampar
|
eb94edc48c
|
added keepalive module
|
2010-06-01 12:21:10 +00:00 |
|
Miroslav Stampar
|
db7ede96fd
|
more updates/fixes
|
2010-05-31 11:11:53 +00:00 |
|
Miroslav Stampar
|
0450df8a77
|
added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session)
|
2010-05-31 08:13:08 +00:00 |
|
Bernardo Damele
|
89c721a451
|
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
|
2010-05-29 10:10:28 +00:00 |
|
Bernardo Damele
|
a138dbe5f6
|
Minor bug fixes and code refactoring
|
2010-05-28 15:57:43 +00:00 |
|
Miroslav Stampar
|
919a8345d6
|
minor fix
|
2010-05-28 15:30:02 +00:00 |
|
Miroslav Stampar
|
ad3c425a18
|
quick fix
|
2010-05-28 15:26:55 +00:00 |
|
Miroslav Stampar
|
f36e093fa7
|
minor update
|
2010-05-28 09:13:50 +00:00 |
|
Miroslav Stampar
|
dc83f794ea
|
fix regarding proper string isinstance checking (including unicode)
|
2010-05-25 10:09:35 +00:00 |
|
Bernardo Damele
|
a43eb64c5d
|
Minor refactoring
|
2010-05-24 15:46:12 +00:00 |
|
Miroslav Stampar
|
0197f8db5c
|
code refactoring regarding issue #184
|
2010-05-24 11:12:40 +00:00 |
|
Miroslav Stampar
|
e9be60e1ac
|
added support for proper unicode session(s) storage/retrieval
|
2010-05-24 11:00:49 +00:00 |
|
Miroslav Stampar
|
64f2afe585
|
in a mood for more changes
|
2010-05-21 12:44:09 +00:00 |
|
Miroslav Stampar
|
78547bb79e
|
quick fix
|
2010-05-21 12:19:20 +00:00 |
|
Bernardo Damele
|
a21a7fc56d
|
Minor code refactoring
|
2010-05-21 12:09:31 +00:00 |
|
Miroslav Stampar
|
68e13c3872
|
periodical commit
|
2010-05-21 09:35:36 +00:00 |
|
Bernardo Damele
|
9c1d82c9f7
|
Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191.
|
2010-05-20 10:52:14 +00:00 |
|
Miroslav Stampar
|
5396f13bab
|
added CPU throttling for lowering sqlmap's CPU intensivity
|
2010-05-13 15:19:28 +00:00 |
|
Bernardo Damele
|
fa48d26f95
|
Minor cosmetic fix
|
2010-04-26 12:34:21 +00:00 |
|
Miroslav Stampar
|
7eef76f1b0
|
added basic option validation for start/stop values regarding David Guimaraes mail
|
2010-04-26 11:23:12 +00:00 |
|
Bernardo Damele
|
a1b1f960cc
|
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
|
2010-04-23 16:34:20 +00:00 |
|
Miroslav Stampar
|
938a3ab0b9
|
fix for Bug #183 (--threads dot output)
|
2010-04-16 13:40:02 +00:00 |
|
Miroslav Stampar
|
1aeaa5db47
|
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
|
2010-04-16 12:44:47 +00:00 |
|
Miroslav Stampar
|
17554759b7
|
implemented feature request from Ole Rasmussen regarding table name retrieval speedup
|
2010-04-15 09:36:13 +00:00 |
|
Bernardo Damele
|
effc7dc41c
|
Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password"
|
2010-04-07 09:47:14 +00:00 |
|
Bernardo Damele
|
2d55ec19a3
|
Minor code restyling
|
2010-04-06 10:15:19 +00:00 |
|
Miroslav Stampar
|
e29e8f82f9
|
fix for "Problem with --dbms set" reported by David Guimaraes
|
2010-04-05 23:09:35 +00:00 |
|
Bernardo Damele
|
1416cd0d86
|
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
|
2010-03-26 23:23:25 +00:00 |
|
Bernardo Damele
|
f4f68218bc
|
Minor layout adjustment for --threads and --eta output
|
2010-03-25 11:47:18 +00:00 |
|