Miroslav Stampar
18aea251b3
added concept of tamper script priority
2010-11-04 10:29:40 +00:00
Miroslav Stampar
303359e8b1
refix
2010-11-04 09:34:04 +00:00
Miroslav Stampar
efe75aa8a3
added some debug messages
2010-11-04 09:18:32 +00:00
Bernardo Damele
b152b1a04d
Cosmetics
2010-11-03 22:07:13 +00:00
Miroslav Stampar
71d0b1bcd7
several bug fixes
2010-11-03 21:51:36 +00:00
Miroslav Stampar
44678fa320
fix for a bug reported by ToR (TypeError: unsupported operand type(s) for *: 'float' and 'NoneType')
2010-11-03 12:40:11 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Miroslav Stampar
861706fb31
fix for bug reported by ToR (unknown charset 'utf-8, text/html')
2010-11-02 18:01:10 +00:00
Bernardo Damele
c7c84c3089
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).
2010-11-02 15:31:51 +00:00
Miroslav Stampar
70f6eab715
minor update
2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
5269cb8c08
some code refactoring and beautification
2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a
one bug fix in dynamic content engine and some code refactoring
2010-11-02 07:32:08 +00:00
Miroslav Stampar
73b33ed765
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
2010-11-01 20:56:13 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Bernardo Damele
46be570463
Proper HTTP version display
2010-10-31 15:41:28 +00:00
Bernardo Damele
f3cc41601c
Added check on --first and --last values
2010-10-31 14:42:13 +00:00
Bernardo Damele
0ffffef088
Implemented --tamper for direct connection too (-d)
2010-10-31 14:22:32 +00:00
Bernardo Damele
65a0a8d285
Delegate urlencoding to agent.py only
2010-10-31 13:28:05 +00:00
Bernardo Damele
c7b374534b
Minor cosmetics
2010-10-31 12:29:00 +00:00
Bernardo Damele
617edf7fc2
Minor bug fix
2010-10-31 12:24:19 +00:00
Bernardo Damele
fcada4df0f
Removed debug print
2010-10-31 12:21:22 +00:00
Bernardo Damele
2a2f949275
Minor bug fix
2010-10-31 12:20:38 +00:00
Bernardo Damele
264247d318
revert of a stupid commit
2010-10-31 12:09:55 +00:00
Bernardo Damele
2fb059a644
Bug fix
2010-10-31 12:02:20 +00:00
Bernardo Damele
9d08cb3a6f
Revert r2209 and minor code refactoring
2010-10-31 11:51:45 +00:00
Bernardo Damele
3eda4510e2
Properly encode the cookie
2010-10-31 11:26:33 +00:00
Bernardo Damele
3869ccebe8
Minor code refactoring
2010-10-31 11:17:51 +00:00
Bernardo Damele
6afc9bffaa
Minor bug fix: there will always be only one pair of delimiters as we add it for each place
2010-10-31 11:09:29 +00:00
Bernardo Damele
3a48bee9b0
Minor code refactoring
2010-10-31 11:03:59 +00:00
Bernardo Damele
8cf0ebde1e
Cosmetics
2010-10-29 23:00:48 +00:00
Miroslav Stampar
0125198210
minor fix
2010-10-29 21:19:28 +00:00
Miroslav Stampar
cbf38436f2
minor update
2010-10-29 16:15:23 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Bernardo Damele
a0df231aa4
Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data
2010-10-29 13:09:53 +00:00
Miroslav Stampar
f7d42af046
some fixes regarding --check-payload
2010-10-29 11:00:23 +00:00
Bernardo Damele
b3b2c3864a
Minor code refactoring
2010-10-29 10:51:09 +00:00
Miroslav Stampar
d75578c81f
some update regarding common tables
2010-10-29 09:00:51 +00:00
Miroslav Stampar
895efd28a6
one more update regarding Bug #205
2010-10-28 23:22:13 +00:00
Miroslav Stampar
788eb8fb50
update regarding Bug #205
2010-10-28 22:59:51 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471
Minor bug fixes and enhancements to ICMPsh tunnel
2010-10-27 23:01:17 +00:00
Bernardo Damele
a391be833b
Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work.
2010-10-27 21:02:22 +00:00
Bernardo Damele
43de8247ac
Code refactoring
2010-10-27 20:39:50 +00:00
Bernardo Damele
d554ffc0ae
yes, I am quite paranoid with cosmetics
2010-10-27 10:37:54 +00:00
Miroslav Stampar
5cc1bd8a12
major fix for heuristic check
2010-10-27 08:27:31 +00:00
Miroslav Stampar
4d70f2c210
reverting back to 100
2010-10-26 15:42:54 +00:00
Miroslav Stampar
8211e6a2bd
possible
2010-10-26 11:29:09 +00:00
Bernardo Damele
9b127e58d2
Adjusted for MySQL weirdness
2010-10-26 09:33:18 +00:00
Miroslav Stampar
8803096343
some update regarding beep()
2010-10-26 08:32:58 +00:00
Miroslav Stampar
b9ff91b6e9
update of beep
2010-10-26 06:30:27 +00:00
Miroslav Stampar
9ec9d223e1
minor
2010-10-26 06:08:40 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Bernardo Damele
7effd0c301
Cosmetics
2010-10-25 22:54:56 +00:00
Miroslav Stampar
73eea81b3a
minor cosmetics
2010-10-25 19:45:53 +00:00
Miroslav Stampar
d7bf94d4d6
fix for --beep
2010-10-25 19:16:42 +00:00
Miroslav Stampar
228ac0cde5
refactoring regarding --check-payload
2010-10-25 18:38:54 +00:00
Bernardo Damele
7c343c2d67
Forgot
2010-10-25 16:34:43 +00:00
Bernardo Damele
debaf2215f
Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch
2010-10-25 15:54:45 +00:00
Miroslav Stampar
378653a1ec
added IDS payload testing
2010-10-25 15:37:43 +00:00
Bernardo Damele
bdb9c37a7e
Cosmetics
2010-10-25 15:17:59 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
24c5d7b313
code refactoring
2010-10-25 14:06:56 +00:00
Miroslav Stampar
9c94a233a1
conf.md5hash thrown out
2010-10-25 13:52:21 +00:00
Miroslav Stampar
9a3879feba
keeping things neat and tidy
2010-10-25 12:33:49 +00:00
Miroslav Stampar
32728d14b7
fix for --union-use with --error-test
2010-10-25 12:25:29 +00:00
Miroslav Stampar
71543092b7
update regarding comparison engine
2010-10-25 12:00:59 +00:00
Miroslav Stampar
8df7c88174
implementation of a new dynamic content removal engine
2010-10-25 10:41:37 +00:00
Miroslav Stampar
db260c44d3
minor update
2010-10-24 22:25:05 +00:00
Miroslav Stampar
aa931efd4d
several MySQL fixes/enhancements pointed out by Anton Mogilin
2010-10-24 22:05:14 +00:00
Miroslav Stampar
52f910f752
added --beep (tested on Windows and Linux; for now turned off) switch
2010-10-23 09:38:46 +00:00
Miroslav Stampar
98f5586b87
minor update
2010-10-23 08:05:24 +00:00
Miroslav Stampar
f1e2c1867f
Cosmetics
2010-10-22 21:13:12 +00:00
Miroslav Stampar
2194d47782
setting conf.threads when -o switch is used
2010-10-22 19:10:45 +00:00
Miroslav Stampar
e6e48c5556
fix for Bug #204
2010-10-22 18:23:46 +00:00
Bernardo Damele
1288def3b7
Cosmetics
2010-10-22 14:23:14 +00:00
Miroslav Stampar
dec4d858b3
fix for Bug #207
2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf
misc fixes regarding new query retrieval format
2010-10-21 23:17:06 +00:00
Miroslav Stampar
a9b50a1e82
minor fix
2010-10-21 23:09:57 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Miroslav Stampar
2668c95ef4
added default HTTP version used by httplib and urllib2
2010-10-21 09:10:07 +00:00
Bernardo Damele
7f1aa3b94f
Removed unused imports
2010-10-20 22:48:51 +00:00
Bernardo Damele
c60edf7c17
Minor cosmetics
2010-10-20 22:43:02 +00:00
Bernardo Damele
d8bfa76dca
Minor possible bug fix
2010-10-20 22:12:53 +00:00
Bernardo Damele
e73e06069b
Minor code refactoring
2010-10-20 22:09:03 +00:00
Bernardo Damele
862cc9ac53
Minor cosmetic fixes
2010-10-20 21:58:33 +00:00
Bernardo Damele
3b5c5cc457
Minor possible bug fix
2010-10-20 21:49:05 +00:00
Bernardo Damele
f95098693f
Removed unused functions
2010-10-20 21:16:28 +00:00
Bernardo Damele
430bb7478f
Minor bug fix
2010-10-20 21:15:06 +00:00
Miroslav Stampar
34f70657ee
fix for NULL values
2010-10-20 10:29:18 +00:00
Miroslav Stampar
00449f1402
fix/upgrade/chicken soup
2010-10-20 09:54:17 +00:00
Miroslav Stampar
e24bff0497
nice refactoring
2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457
no more regex. web server independent.
2010-10-20 09:35:46 +00:00
Miroslav Stampar
934adb5e8d
code refactoring
2010-10-20 09:09:04 +00:00
Miroslav Stampar
b032fdbf74
added randInt to error injection vectors
2010-10-20 08:56:58 +00:00
Miroslav Stampar
dabbcf9e23
fix for that 'Subquery returns more than 1 row'
2010-10-20 08:50:05 +00:00
Miroslav Stampar
82f44989ce
update of error based injection and bug fix for --roles on MSSQL server
2010-10-20 06:40:33 +00:00
Bernardo Damele
0817d1b78d
Cosmetics
2010-10-19 23:09:30 +00:00
Miroslav Stampar
8776db872c
minor refactoring
2010-10-19 23:05:24 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Bernardo Damele
813f44da16
Minor bug fix for MSSQL connector --tables option
2010-10-19 22:11:17 +00:00
Miroslav Stampar
7927e97007
update
2010-10-19 18:34:57 +00:00
Miroslav Stampar
415524bd5a
remove --error, now it's only --error-test (it needs to return True to be able to use it)
2010-10-19 18:34:14 +00:00
Miroslav Stampar
8d9201a3dc
minor update
2010-10-19 18:23:21 +00:00
Miroslav Stampar
4009ef385e
more update regarding error based injection support
2010-10-19 18:17:34 +00:00
Miroslav Stampar
b2e0b615f8
fix for that MySQL checking
2010-10-19 17:38:39 +00:00
Miroslav Stampar
34d7de1d46
cosmetics
2010-10-19 15:28:54 +00:00
Miroslav Stampar
d7622bb9cf
major fix for MySQL error based injections
2010-10-19 15:17:16 +00:00
Miroslav Stampar
80505de15b
now --users work on Oracle and Postgre (tested)
2010-10-19 14:56:57 +00:00
Miroslav Stampar
4bc541ec3c
error based update
2010-10-19 14:47:13 +00:00
Miroslav Stampar
d0ebe428da
i've left error flag
2010-10-19 14:12:34 +00:00
Miroslav Stampar
bf850af2d8
fix for Oracle error based query "space" problem
2010-10-19 14:10:09 +00:00
Miroslav Stampar
6a8b1046d4
first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)
2010-10-19 12:02:04 +00:00
Miroslav Stampar
ccda92536f
added header
2010-10-19 09:13:30 +00:00
Miroslav Stampar
264e0a6fda
added support for displaying revision number at unhandled exception message
2010-10-19 08:55:14 +00:00
Miroslav Stampar
9a7fd29d4f
using pushValue and popValue
2010-10-18 22:22:41 +00:00
Miroslav Stampar
a97319656c
optimization - now if DBMS was detected by error based HTML parser, then it's moved at the first place for testing
2010-10-18 21:47:11 +00:00
Miroslav Stampar
729156e91c
proper fix
2010-10-18 21:39:46 +00:00
Miroslav Stampar
3d5494845c
minor bug fix
2010-10-18 21:32:50 +00:00
Miroslav Stampar
8b8fff41fe
cosmetics (adding html parsed DBMS) regarding heuristic check
2010-10-18 12:11:16 +00:00
Bernardo Damele
1d74036ee3
Minor cosmetic fixes
2010-10-18 11:34:53 +00:00
Bernardo Damele
36bc410333
Minor bug fix
2010-10-18 09:50:23 +00:00
Miroslav Stampar
6b70dadfb2
minor cosmetics
2010-10-18 09:09:22 +00:00
Miroslav Stampar
149837ebf5
added the same for proxy authorization header
2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e
fix for Bug #202
2010-10-18 08:54:08 +00:00
Bernardo Damele
683184cc8f
Minor refactoring
2010-10-17 21:06:52 +00:00
Bernardo Damele
cd0fe8dde0
Updated sample configuration file and cmdline help
2010-10-17 00:07:53 +00:00
Bernardo Damele
64b9f94fcf
Renamed --common-prediction switch to --predict-output
2010-10-16 23:50:13 +00:00
Bernardo Damele
f54c134d22
Minor adjustment
2010-10-16 22:43:05 +00:00
Bernardo Damele
6211915da5
Cosmetic fix
2010-10-16 22:31:16 +00:00
Bernardo Damele
7b71262de6
Cosmetic fix
2010-10-16 22:07:29 +00:00
Bernardo Damele
a2997a6dce
Minor bug fix to --tamper
2010-10-16 21:55:34 +00:00
Bernardo Damele
2129935e06
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
...
Minor enhancement
2010-10-16 21:52:16 +00:00
Bernardo Damele
2dae934a2b
Minor bug fixes, code refactoring and enhanced --tamper functionality
2010-10-16 21:33:15 +00:00
Bernardo Damele
84ed7f192a
Cosmetic fixes
2010-10-16 15:10:48 +00:00
Miroslav Stampar
1336b97c2c
removed --useBetween switch and added new tampering module ./tamper/between.py
2010-10-15 23:48:07 +00:00
Miroslav Stampar
1ae4d0fc2a
added optimization group
2010-10-15 23:26:48 +00:00
Bernardo Damele
e7c8be1d45
Minor layout adjustments
2010-10-15 15:37:15 +00:00
Miroslav Stampar
c9f0c75030
removed --space (usage of tampering modules is now a prefered way to do it)
2010-10-15 12:52:33 +00:00
Miroslav Stampar
d0514d18ec
removed that spaces from URI payloads
2010-10-15 12:49:03 +00:00
Bernardo Damele
bf56f8c63c
Cosmetic fix
2010-10-15 12:46:41 +00:00
Miroslav Stampar
dcb9c2103a
just in case update
2010-10-15 11:20:19 +00:00
Bernardo Damele
5f6d88a418
Minor comment
2010-10-15 11:17:17 +00:00
Miroslav Stampar
2fa8836c01
bug fix
2010-10-15 11:14:59 +00:00
Miroslav Stampar
d50684a057
added one more check
2010-10-15 11:05:50 +00:00
Miroslav Stampar
2b476e078c
minor cosmetics
2010-10-15 10:36:29 +00:00
Bernardo Damele
a80f6110cd
don't call variables 'file', it's a reserved word :)
2010-10-15 10:29:24 +00:00
Bernardo Damele
c5e385f77a
More layout adjustments
2010-10-15 10:28:34 +00:00
Bernardo Damele
9fcab68700
Minor adjustments
2010-10-15 10:28:06 +00:00
Bernardo Damele
48cc8a308d
More verbose messages on successful --null-connection
2010-10-15 10:24:54 +00:00
Miroslav Stampar
0f48dd6f73
fix for skipping non-GET urls
2010-10-15 09:54:29 +00:00
Miroslav Stampar
207bef7f19
fix for that SQLite3 vs SQLite2 issue
2010-10-15 09:39:41 +00:00
Miroslav Stampar
d0df8cdac9
fix for that duplicates
2010-10-15 00:34:16 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Bernardo Damele
1674142d82
Minor cosmetic fixes
2010-10-14 15:28:54 +00:00
Miroslav Stampar
2bbe0c9ba6
bug fix for Ctrl+C
2010-10-14 15:23:42 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
f07608ef4d
show static words in a sorted manner
2010-10-14 12:38:06 +00:00
Miroslav Stampar
162d01abed
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
2010-10-14 11:06:28 +00:00
Miroslav Stampar
7e1f784eaa
cosmetic update
2010-10-14 06:00:10 +00:00
Miroslav Stampar
dc50543ea4
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
2010-10-13 23:01:23 +00:00
Miroslav Stampar
36ef8ca575
bug fix
2010-10-13 22:42:48 +00:00
Miroslav Stampar
02a14d4c45
added Referer (part of Feature #37 )
2010-10-13 22:08:09 +00:00
Miroslav Stampar
43a3ac2c3a
some bug fixes
2010-10-13 20:54:18 +00:00
Miroslav Stampar
f700692c74
added missing files for Sybase
2010-10-13 18:55:17 +00:00
Miroslav Stampar
562df9c107
temporary fix (files left at home)
2010-10-13 07:39:48 +00:00
Miroslav Stampar
34580f56fc
added --tamper option
2010-10-12 22:45:25 +00:00
Miroslav Stampar
9a08f7feb8
minor update
2010-10-12 20:01:59 +00:00
Miroslav Stampar
d2ec132469
added --text-only switch
2010-10-12 19:41:29 +00:00
Miroslav Stampar
f9f79ffbaf
basic stuff for sybase
2010-10-12 19:05:12 +00:00
Miroslav Stampar
9ffa928783
added some user interaction when page is dynamic
2010-10-12 15:49:04 +00:00
Miroslav Stampar
b748e6ea44
minor update
2010-10-12 12:52:06 +00:00
Miroslav Stampar
73b77255e3
minor cosmetic update
2010-10-12 12:32:02 +00:00
Miroslav Stampar
6dcd05c39c
minor update
2010-10-11 14:38:04 +00:00
Miroslav Stampar
e2bbfbe650
bug fix
2010-10-11 14:32:02 +00:00
Miroslav Stampar
1369529103
minor cosmetic update
2010-10-11 13:52:32 +00:00
Miroslav Stampar
43892cddbb
some updates
2010-10-11 12:26:35 +00:00
Miroslav Stampar
8b0a132fa9
minor update
2010-10-11 11:47:07 +00:00
Miroslav Stampar
2198a60684
bug fix (reported by james@ev6.net)
2010-10-10 20:51:11 +00:00
Miroslav Stampar
7a5bb2b0d6
update
2010-10-10 19:50:10 +00:00
Miroslav Stampar
8fcad29bbf
new feature --forms (still unfinished)
2010-10-10 18:56:43 +00:00
Miroslav Stampar
18d27cabc5
more changes
2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb
more refactoring
2010-10-07 14:05:34 +00:00
Miroslav Stampar
e80a66acc5
minor update
2010-10-07 12:21:59 +00:00
Miroslav Stampar
1e9ae40397
major refactoring
2010-10-07 12:12:26 +00:00
Miroslav Stampar
1bf8939e2f
further updates
2010-10-06 22:43:04 +00:00
Miroslav Stampar
de6fa1247b
moved injections to xml format
2010-10-06 22:29:52 +00:00
Miroslav Stampar
adf2231edb
minor update
2010-10-06 13:38:03 +00:00
Miroslav Stampar
56dbf0038f
minor update (for future implementation of more advanced error page logic)
2010-10-06 12:10:00 +00:00
Miroslav Stampar
cbe7c902c1
just a development start of an error based injection support
2010-10-04 13:05:51 +00:00
Miroslav Stampar
0ad8090ad8
fix for a google bug reported by Brandon E.
2010-10-01 08:03:39 +00:00
Miroslav Stampar
49915f3c33
minor update
2010-09-30 19:49:14 +00:00
Miroslav Stampar
8abcdae1b5
some update
2010-09-30 19:45:23 +00:00
Miroslav Stampar
87abec16bd
probable fix for a bug reported by Prashant Jadhav
2010-09-30 18:52:33 +00:00
Miroslav Stampar
cf8e92699c
changes regarding EXISTS feature
2010-09-30 12:35:45 +00:00
Miroslav Stampar
c6bf0e43af
minor update
2010-09-27 13:41:18 +00:00
Miroslav Stampar
cf17debf79
changed connection message priority to critical (when verbose=0 it's displayed too)
2010-09-27 13:34:52 +00:00
Miroslav Stampar
3cd15960a0
more updates
2010-09-27 13:26:46 +00:00
Miroslav Stampar
1da672e3c5
added default="False" to "store_true" parameters as it's a prefered way by http://docs.python.org/library/optparse.html
2010-09-27 13:23:29 +00:00
Miroslav Stampar
3b9fe3e1c8
everything is ready for testing (smoke and live)
2010-09-27 11:20:48 +00:00
Miroslav Stampar
dc11ae0d65
update
2010-09-26 14:56:55 +00:00
Miroslav Stampar
35f35605df
changes regarding Feature #160
2010-09-26 14:02:13 +00:00
Miroslav Stampar
99d9f9e624
update for smoke testing
2010-09-26 10:47:04 +00:00
Miroslav Stampar
2e5f269650
update regarding --space option
2010-09-24 22:35:32 +00:00
Miroslav Stampar
9cd5d3bde7
added new option --space
2010-09-24 21:59:03 +00:00
Miroslav Stampar
327bfcbe97
update regarding Feature #61
2010-09-24 14:34:05 +00:00
Miroslav Stampar
b6ff03690f
update regarding Feature #61
2010-09-24 13:34:46 +00:00
Miroslav Stampar
abe1289016
minor update
2010-09-24 13:20:51 +00:00
Miroslav Stampar
48e0261e68
update for Feature #61
2010-09-24 13:19:35 +00:00
Miroslav Stampar
ff419f7384
more changes regarding path (URI) injection
2010-09-24 09:19:14 +00:00
Miroslav Stampar
e4925eb3dd
update
2010-09-23 21:57:11 +00:00
Miroslav Stampar
13bb3a6212
minor update
2010-09-23 14:07:23 +00:00
Miroslav Stampar
927ad7bf13
update
2010-09-22 12:21:21 +00:00
Miroslav Stampar
da8ae5578b
first commit regarding Feature #144
2010-09-22 11:56:35 +00:00
Miroslav Stampar
540a9b391f
stripped some trailing spaces
2010-09-16 13:19:13 +00:00
Miroslav Stampar
8cf1aa6abe
added keepAlive under -o switch too
2010-09-16 10:41:52 +00:00
Miroslav Stampar
4fd7db52dd
minor update
2010-09-16 10:23:51 +00:00
Miroslav Stampar
6259114c02
added optimization switch (-o)
2010-09-16 10:12:53 +00:00
Miroslav Stampar
bfffd5e333
added --null-connection as an experimental option
2010-09-16 10:01:33 +00:00
Miroslav Stampar
975b96ae28
minor refactoring
2010-09-16 09:47:33 +00:00
Miroslav Stampar
1741801ade
implementation of HEAD/Range methods
2010-09-16 09:32:09 +00:00
Miroslav Stampar
b745331974
added null connection check
2010-09-16 08:43:10 +00:00
Miroslav Stampar
ecd6b573f7
added method parameter to the queryPage function
2010-09-15 14:17:17 +00:00
Miroslav Stampar
9a72a25704
again minor update
2010-09-15 13:59:55 +00:00
Miroslav Stampar
76233ff5a3
added skeleton for live testing
2010-09-15 13:55:28 +00:00
Miroslav Stampar
53800ef65f
more refactoring
2010-09-15 13:32:42 +00:00
Miroslav Stampar
abc12bc361
more refactoring
2010-09-15 13:28:56 +00:00
Miroslav Stampar
682872689a
some more refactoring
2010-09-15 12:59:51 +00:00
Miroslav Stampar
91a0b5df3c
minor update
2010-09-15 12:52:28 +00:00
Miroslav Stampar
b699f98cbb
minor refactoring
2010-09-15 12:51:02 +00:00
Miroslav Stampar
34a8cd75e3
added support for setting HTTP method manualy
2010-09-15 12:45:41 +00:00
Miroslav Stampar
798ab4989b
fix for a Bug #200
2010-09-14 10:35:01 +00:00
Miroslav Stampar
77a53228c5
changes regarding dynamic content recognition
2010-09-13 21:01:46 +00:00
Miroslav Stampar
c886659f82
fix
2010-09-13 15:24:56 +00:00
Miroslav Stampar
827cd1d56b
minor fix
2010-09-13 15:22:29 +00:00
Miroslav Stampar
2350a3c74d
minor change
2010-09-13 15:20:13 +00:00
Miroslav Stampar
cdc6bdcbe8
changes
2010-09-13 15:19:47 +00:00
Miroslav Stampar
19fb2e3dcf
fix for Bug #165
2010-09-13 13:31:01 +00:00
Miroslav Stampar
61120b0bac
minor comment added
2010-09-09 14:08:53 +00:00
Miroslav Stampar
53289c6a42
fix for bug reported by Marek Sarvas (unicode)
2010-09-09 14:03:45 +00:00
Miroslav Stampar
1b3d287a09
fix for a bug reported by shaohua pan (and one other bug)
2010-09-07 10:21:42 +00:00
Miroslav Stampar
27d76847fe
fix for bug reported by Truong Duc Luong
2010-09-01 08:46:21 +00:00
Miroslav Stampar
e810fe7b0b
no need for obsolete (and hard to find) sqlite module when sqlite3 handles both database versions
2010-08-31 13:37:53 +00:00
Miroslav Stampar
f5953bacc0
fix for direct connection parsing (now on windows machines python sqlmap.py -d access://C:\testdb.mdb is valid, while before it wasn't)
2010-08-30 16:35:28 +00:00
Miroslav Stampar
48cc87f6a9
added support for fingerprinting SAP MaxDB (Issue 143)
2010-08-30 13:29:19 +00:00
Miroslav Stampar
436b7d82fb
fixed a bug reported by Marek Sarvas
2010-08-22 08:52:15 +00:00
Miroslav Stampar
2cd8f31003
some doc test samples included
2010-08-20 21:27:47 +00:00
Miroslav Stampar
4edf6ebe00
update for smoke tests
2010-08-20 21:01:51 +00:00
Miroslav Stampar
8aa12db425
added option --proxy-cred for setting proxy credentials (Feature #195 )
2010-08-18 22:45:00 +00:00
Miroslav Stampar
70197affa0
little update (--ratio has a bigger priority then resumed value)
2010-08-10 19:57:59 +00:00
Miroslav Stampar
057ec8a6b2
added --ratio option for direct manipulation of conf.matchRatio parameter
2010-08-10 19:53:29 +00:00
Miroslav Stampar
02523dbfb5
fix of fix
2010-08-09 22:13:56 +00:00
Miroslav Stampar
6eab7997d1
fix for bug reported by dragoun dash (TypeError: sequence item 0: expected string, NoneType found)
2010-08-08 22:25:33 +00:00
Miroslav Stampar
e0fe5d1504
bug fix for error reported by Marek Sarvas (error data)
2010-08-08 21:48:22 +00:00
Miroslav Stampar
0cab4a5355
fix for bug reported by m4l1c3 (UnicodeEncodeError)
2010-08-08 21:22:37 +00:00
Miroslav Stampar
8cb95583e3
some more adjustments
2010-07-30 12:59:44 +00:00
Miroslav Stampar
7dcc2031ac
smoke test adjustments
2010-07-30 12:57:58 +00:00
Miroslav Stampar
092829c189
implemented basic smoke testing mechanism
2010-07-30 12:49:25 +00:00
Miroslav Stampar
28d9115373
fix for Feature #187 (Skip duplicates parameters in -g)
2010-07-29 20:01:04 +00:00
Miroslav Stampar
6a6ff09c9a
fix for a bug reported by Marek Sarvas
2010-07-26 08:11:28 +00:00
Miroslav Stampar
c39d819dd2
fix for a resume bug reported by Augusto Urbieta
2010-07-20 08:13:02 +00:00
Miroslav Stampar
d2f88b6ebe
detecting infinite redirect loops (Feature #192 )
2010-07-19 12:38:30 +00:00
Miroslav Stampar
b37dca1c2c
minor adjustment
2010-07-19 09:06:19 +00:00
Miroslav Stampar
9edd468caf
multithreading save to session on abort
2010-07-19 08:37:45 +00:00
Miroslav Stampar
48a67d6d51
fix for "unknown charset 'windows-874'" reported by Phat R.
2010-07-15 08:44:42 +00:00
Bernardo Damele
49af0c43a5
Forgot
2010-07-01 15:26:18 +00:00
Bernardo Damele
7349f3a70f
Closes #197
2010-07-01 15:25:57 +00:00
Miroslav Stampar
bb9401ba52
minor minor fixup
2010-07-01 14:14:43 +00:00
Miroslav Stampar
9d28ae23ca
fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)
2010-07-01 14:11:45 +00:00
Bernardo Damele
8dfe08a353
Minor bug fix to -d
2010-07-01 10:44:31 +00:00
Miroslav Stampar
0d08903bc3
some charset fix up
2010-06-30 12:09:33 +00:00
Bernardo Damele
24428c1a1b
Added warning message if both --proxy and --keep-alive are provided
2010-06-30 11:41:42 +00:00
Bernardo Damele
d40a238335
Make --keep-alive public
2010-06-30 11:29:35 +00:00
Bernardo Damele
8625763c07
Minor code refactoring
2010-06-30 11:22:25 +00:00
Bernardo Damele
c33f3ef844
Minor adjustment to HTTP headers handling
2010-06-29 23:51:44 +00:00
Bernardo Damele
fb9f669544
More verbose comments
2010-06-29 21:10:33 +00:00
Bernardo Damele
8576817a2b
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196 .
2010-06-29 21:07:23 +00:00
Bernardo Damele
ea45d75f2d
Major bug fix to parse and store all HTTP headers from the request file (-r)
2010-06-29 21:06:03 +00:00
Bernardo Damele
7cad3cbda6
Minor code refactoring
2010-06-28 13:47:20 +00:00
Bernardo Damele
9ea72f9640
Minor bug fixes to -d
2010-06-25 13:24:43 +00:00
Miroslav Stampar
ccfc9b0fec
fix for that bug linux man reported (UnicodeEncodeError inside raw_input)
2010-06-23 07:30:15 +00:00
Bernardo Damele
17e228024b
Minor enhancements and bug fixes to "good samaritan" feature - see #4
2010-06-21 14:40:12 +00:00
Bernardo Damele
b98f6ac71c
Minor layout adjustment
2010-06-17 13:27:43 +00:00
Bernardo Damele
fd76f048b6
Added common pattern value support to bisection algorithm
2010-06-17 11:38:32 +00:00
Bernardo Damele
9bce22683b
Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)
2010-06-11 10:08:19 +00:00
Bernardo Damele
c23ea4c749
--keep-alive is not compatible with --proxy
2010-06-10 21:19:45 +00:00
Bernardo Damele
75dc44deb8
Minor adjustments
2010-06-10 15:34:28 +00:00
Miroslav Stampar
35642a0450
some more adjustments
2010-06-10 15:03:08 +00:00
Miroslav Stampar
1b30c46348
fix for an bug reported by David Guimaraes
2010-06-10 14:52:33 +00:00
Bernardo Damele
fea2414759
Display HTTP request in -v>=3 even if connection failed
2010-06-10 14:42:17 +00:00
Bernardo Damele
5bb8e154eb
Minor code improvements
2010-06-10 14:15:32 +00:00
Bernardo Damele
d3c8e461cf
Minor layout adjustments
2010-06-10 14:14:56 +00:00
Miroslav Stampar
ac55e1b75f
fix for localhost firebird direct db access
2010-06-10 12:02:48 +00:00
Miroslav Stampar
36953221f8
few quick changes
2010-06-10 11:34:17 +00:00
Miroslav Stampar
c398353e06
support for loading 'faulty character set' session files
2010-06-09 16:07:47 +00:00
Miroslav Stampar
eaef068c90
major bug fix (different HTTP content charsets are now properly handled)
2010-06-09 14:40:36 +00:00
Miroslav Stampar
38e5e342f8
added prettyprint module with fixed toprettyxml() method
2010-06-07 09:03:03 +00:00
Miroslav Stampar
9e76b847b3
fix regarding bug discovered by Andreas Constantinides
2010-06-04 17:07:17 +00:00
Miroslav Stampar
7fbeebc4d9
grammar fix
2010-06-03 08:55:13 +00:00
Miroslav Stampar
464f171a8c
added reusage of xml output and removed toprettyxml which has lots and lots of problems (output once stored is not usable any more from any xml parser/reader because it adds whitespaces all over the output just to be more 'human' readable)
2010-06-03 07:36:30 +00:00
Miroslav Stampar
bf071d33d2
some comments added
2010-06-02 15:18:33 +00:00
Miroslav Stampar
c470255c18
minor update
2010-06-02 14:56:39 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Miroslav Stampar
2fb8bf3b6a
more dump/unicode cleanup
2010-06-02 12:31:36 +00:00
Bernardo Damele
64ad3b03be
Minor bug fix
2010-06-02 11:01:41 +00:00
Miroslav Stampar
17e0e83990
minor unimportant update
2010-06-02 08:34:57 +00:00
Miroslav Stampar
32a0ba9296
fixing unicode mess
2010-06-02 08:28:38 +00:00
Miroslav Stampar
eb94edc48c
added keepalive module
2010-06-01 12:21:10 +00:00
Miroslav Stampar
af2f184464
some comments regarding inference.py
2010-05-31 15:20:20 +00:00
Bernardo Damele
6df2d98fc9
Minor bug fix in common.py goGoodSamaritan().
...
Minor code cleanup and adjustments.
2010-05-31 15:05:29 +00:00
Miroslav Stampar
db7ede96fd
more updates/fixes
2010-05-31 11:11:53 +00:00
Miroslav Stampar
4bb5885413
some changes regarding --common-outputs feature
2010-05-31 09:41:41 +00:00
Miroslav Stampar
0450df8a77
added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session)
2010-05-31 08:13:08 +00:00
Bernardo Damele
b798222dd7
Minor fixes
2010-05-30 14:53:13 +00:00
Bernardo Damele
8be91a98cc
Minor bug fix and adjustment
2010-05-29 15:28:37 +00:00
Bernardo Damele
e98b049e7f
Added unicode support also to PostgreSQL connector - see #184 .
2010-05-29 11:46:41 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Bernardo Damele
84778f0e6c
Minor fix, leave like this
2010-05-29 08:58:55 +00:00
Miroslav Stampar
a4155269c5
bug fix (unicode(unicode) results in “TypeError: decoding Unicode is not supported” ( http://www.red-mercury.com/blog/eclectic-tech/python-mystery-of-the-day/ )
2010-05-29 07:25:38 +00:00
Miroslav Stampar
d3e527aba3
minor update
2010-05-29 07:13:54 +00:00
Bernardo Damele
e811101dce
Minor bug fix
2010-05-28 23:39:52 +00:00
Bernardo Damele
10521b68eb
Major bug fix in multipartpost and minor adjustments elsewhere
2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd
Adapted and merged in patch to support XML output (-x switch) - still in beta.
...
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Bernardo Damele
a138dbe5f6
Minor bug fixes and code refactoring
2010-05-28 15:57:43 +00:00
Miroslav Stampar
919a8345d6
minor fix
2010-05-28 15:30:02 +00:00
Miroslav Stampar
ad3c425a18
quick fix
2010-05-28 15:26:55 +00:00
Miroslav Stampar
ac6ce478a0
just removing unneded and possible future source of confusion
2010-05-28 14:19:12 +00:00
Miroslav Stampar
accaf0b3bd
minor refactoring
2010-05-28 14:07:48 +00:00
Miroslav Stampar
0f5768cddf
more and more fixes
2010-05-28 14:04:34 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251
few fixes here and there
2010-05-28 12:47:03 +00:00
Bernardo Damele
7e78876f6a
Minor bug fix to parse properly also unicode characters from configuration file
2010-05-28 12:07:30 +00:00
Miroslav Stampar
94354d0862
removing previous fix
2010-05-28 11:53:27 +00:00
Miroslav Stampar
37b8d0c480
utf8 decoding of program arguments
2010-05-28 11:48:44 +00:00
Bernardo Damele
f26de89216
Minor bug fix to correctly deal with unicode queries with -d
2010-05-28 11:32:10 +00:00
Miroslav Stampar
655bd79fc4
some renaming
2010-05-28 10:50:54 +00:00
Miroslav Stampar
838762fb00
previous quick fix removal
2010-05-28 10:38:23 +00:00
Miroslav Stampar
7ef286a76f
some speed up
2010-05-28 10:33:09 +00:00
Miroslav Stampar
48c0f4f053
minor fix
2010-05-28 10:17:03 +00:00
Miroslav Stampar
4eccf1a25d
quick fix
2010-05-28 10:01:19 +00:00
Miroslav Stampar
f36e093fa7
minor update
2010-05-28 09:13:50 +00:00
Bernardo Damele
7e925bcfe8
Adapted code following last commit
2010-05-27 16:46:17 +00:00
Bernardo Damele
9de1671b8f
Code refactoring and minor bug fixes.
2010-05-27 16:45:09 +00:00
Miroslav Stampar
c431a74d9e
minor fix/adjustment regarding getCompiledRegex
2010-05-27 11:52:18 +00:00
Miroslav Stampar
ce29c841cf
some comments added
2010-05-26 11:14:22 +00:00
Miroslav Stampar
1a3dfd8ced
some more changes
2010-05-26 11:01:26 +00:00
Miroslav Stampar
bbdbe44e3f
fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)
2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99
more code updates regarding good samaritan (common output) feature
2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024
minor update regarding good samaritan
2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec
added singleValue parameter for good samaritan (same thing Bernardo wanted :)
2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e
new commit regarding good samaritan feature
2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Miroslav Stampar
1f07db875d
fix for that float() report from Shaohua Pan
2010-05-24 20:12:37 +00:00
Bernardo Damele
a43eb64c5d
Minor refactoring
2010-05-24 15:46:12 +00:00
Miroslav Stampar
f718425cf4
minor fix
2010-05-24 11:18:47 +00:00
Miroslav Stampar
0197f8db5c
code refactoring regarding issue #184
2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac
added support for proper unicode session(s) storage/retrieval
2010-05-24 11:00:49 +00:00
Miroslav Stampar
f34e6badfd
removed pdb
2010-05-24 09:29:16 +00:00
Miroslav Stampar
f0d3e6c565
fix
2010-05-24 09:28:20 +00:00
Miroslav Stampar
887352746b
some speedup (usage of xrange (virtual range) instead of range)
2010-05-23 22:14:57 +00:00
Miroslav Stampar
2c2d6d3623
operator fix
2010-05-23 21:35:42 +00:00
Miroslav Stampar
7dc1bf0324
quick (probably not final) fix for unicode inference (not yet tested)
2010-05-23 21:32:51 +00:00
Bernardo Damele
03fb84e29f
Minor enhancement to internal --profile function
2010-05-21 15:06:05 +00:00
Miroslav Stampar
20d05cc404
way to handle re.I (ignore case) while using getCompiledRegex
2010-05-21 15:03:40 +00:00
Miroslav Stampar
5d5ebd49b6
introducing regex caching mechanism
2010-05-21 14:42:59 +00:00
Miroslav Stampar
14cab8527e
minor adjustment
2010-05-21 14:25:38 +00:00
Miroslav Stampar
3110bb10fc
added test for site existance
2010-05-21 13:36:49 +00:00
Bernardo Damele
7ee20480a4
Added a TODO note
2010-05-21 13:24:23 +00:00
Bernardo Damele
319adef8c4
Minor adjustment
2010-05-21 13:19:50 +00:00
Miroslav Stampar
050015d2bb
minor adjustments
2010-05-21 13:15:21 +00:00
Miroslav Stampar
5a5b31ad53
minor code adjustment
2010-05-21 13:03:57 +00:00
Miroslav Stampar
64f2afe585
in a mood for more changes
2010-05-21 12:44:09 +00:00
Miroslav Stampar
219628aa01
quick fixes
2010-05-21 12:25:49 +00:00
Miroslav Stampar
78547bb79e
quick fix
2010-05-21 12:19:20 +00:00
Bernardo Damele
cda8da288c
Minor adjustment
2010-05-21 12:18:43 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Miroslav Stampar
f6bffb61d3
minor adjustment
2010-05-21 11:51:43 +00:00
Miroslav Stampar
460a1ba872
fix for my imperfect calculations :)
2010-05-21 11:41:49 +00:00
Miroslav Stampar
9b91b30b69
minor refactoring
2010-05-21 10:41:30 +00:00
Miroslav Stampar
5f44696530
changes regarding putting of gprof2dot script inside extras and its usage
2010-05-21 10:30:11 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Bernardo Damele
9c1d82c9f7
Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191 .
2010-05-20 10:52:14 +00:00
Bernardo Damele
72fda2a3e4
Minor bug fix to correctly resuming --union-test results from session file.
2010-05-19 14:21:59 +00:00
Bernardo Damele
e0e2349529
Refactor to --search -C and minor bug fix - See #190 .
2010-05-17 16:16:49 +00:00
Miroslav Stampar
e938331d8e
better regex used avoiding garbage google images
2010-05-15 22:02:28 +00:00
Miroslav Stampar
d20b99ed65
fix (google is changing that class r to class "r")
2010-05-15 21:51:31 +00:00
Miroslav Stampar
b8a5a54395
minor update
2010-05-15 20:44:08 +00:00
Miroslav Stampar
4984ceac49
some code refactoring and minor speed up (jump prediction rule)
2010-05-14 15:20:34 +00:00
Miroslav Stampar
ed20f1cf33
some more speed up (one time compilation of popular regexes)
2010-05-14 14:48:54 +00:00
Miroslav Stampar
3ead88c364
minor tweak
2010-05-14 14:36:54 +00:00
Miroslav Stampar
131789a6e4
some code refactoring
2010-05-14 14:21:13 +00:00
Miroslav Stampar
19a82e151c
minor cleanup
2010-05-14 14:03:33 +00:00
Miroslav Stampar
7107e8fd6a
optimization of CPU intensive sanitizeAsciiString
2010-05-14 13:55:25 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Miroslav Stampar
d96723a135
fix for Feature #157
2010-05-13 11:17:24 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Miroslav Stampar
0a4c1f8aec
unfix (conf.timeSec is an integer - my fault)
2010-05-13 09:34:08 +00:00
Miroslav Stampar
2fdac83607
minor fix
2010-05-13 08:27:51 +00:00