Commit Graph

1110 Commits

Author SHA1 Message Date
Miroslav Stampar
95560da7c1 Implements #1222 2019-05-29 15:52:33 +02:00
Miroslav Stampar
8ca4cffb98 Minor refactoring 2019-05-28 14:12:35 +02:00
Miroslav Stampar
b5e489f0f0 Fixes #3720 2019-05-27 13:03:25 +02:00
Miroslav Stampar
130bcd4b9b Minor update 2019-05-24 14:18:18 +02:00
Miroslav Stampar
ad01aa7449 Further integration of identYwaf 2019-05-24 13:54:10 +02:00
Miroslav Stampar
0c79504ff1 Switching from WAF scripts to identYwaf (avoiding redundant work from my side) 2019-05-24 13:09:28 +02:00
Miroslav Stampar
36f2bb5390 Minor beautification (e.g. HTTP header cases like Host parameter 'Host') 2019-05-21 12:07:19 +02:00
Miroslav Stampar
23a7aea2db Fixes #3687 2019-05-20 19:41:12 +02:00
Miroslav Stampar
dd450b53f4 Less requests in case of non-injectable parameters 2019-05-20 15:13:52 +02:00
Miroslav Stampar
3b0323ab68 Minor patch 2019-05-17 11:10:34 +02:00
Miroslav Stampar
519538a1d3 Implements #3549 2019-05-17 11:00:51 +02:00
Miroslav Stampar
aaa83a31d4 Fixes #3656 2019-05-14 13:58:42 +02:00
Miroslav Stampar
2efcded23b Fixes #3644 2019-05-10 09:30:21 +02:00
Miroslav Stampar
3d89668495 Fixes #3640 2019-05-09 10:16:10 +02:00
Miroslav Stampar
9c247b3833 Last preparations for DREI 2019-05-08 12:47:52 +02:00
Miroslav Stampar
09aba3b5ce More DREI updates 2019-05-08 12:28:50 +02:00
Miroslav Stampar
2e75662a6d Revert of previous commit 2019-05-07 16:09:28 +02:00
Miroslav Stampar
f08163f8a2 Minor DREI patch 2019-05-07 16:07:29 +02:00
Miroslav Stampar
33b42a17d7 Fixes #3622 2019-05-06 00:54:21 +02:00
Miroslav Stampar
ff968c2331 More drei stuff 2019-05-02 16:54:54 +02:00
Miroslav Stampar
7d9cd0c079 Stabilizing first drei compatible prototype 2019-05-02 11:26:31 +02:00
Miroslav Stampar
6dbf24531c More drei stuff 2019-05-02 10:22:44 +02:00
Miroslav Stampar
d465007dfe More drei updates 2019-05-02 00:45:44 +02:00
Miroslav Stampar
48c55d15ea Minor update 2019-04-30 14:04:39 +02:00
Miroslav Stampar
ff61417fc0 Trivial style update 2019-04-29 11:01:40 +02:00
gweeperx
14bf1e4ce7 Add INFERENCE_EQUALS_CHAR during the check for false positives (#3609)
* Update checks.py

* Update checks.py
2019-04-29 10:58:12 +02:00
Miroslav Stampar
bb7bd51d94 Some more DREI stuff 2019-04-19 11:24:34 +02:00
Miroslav Stampar
da15701a55 Minor DREI updates 2019-04-18 16:06:19 +02:00
Miroslav Stampar
05f92d5d45 Fixes #3552 2019-04-08 23:49:55 +02:00
Miroslav Stampar
dbd93e2670 Minor refactoring (drei stuff) 2019-03-29 02:28:16 +01:00
Miroslav Stampar
9b72545d09 Some more DREI stuff 2019-03-28 16:04:38 +01:00
Miroslav Stampar
4b020c4257 Some more drei stuff 2019-03-28 15:14:16 +01:00
Miroslav Stampar
afe497a954 Dealing with basesting (one baby step closer to Py3 salvation) 2019-03-28 13:53:54 +01:00
Miroslav Stampar
2f53014685 God help us all with this Python3 non-sense 2019-03-27 13:33:46 +01:00
Miroslav Stampar
e64cc86fc4 Patch related to the #3524 2019-03-25 11:42:16 +01:00
Miroslav Stampar
5a71210c8a Update regarding #2940 (PEP 394) 2019-03-21 14:00:09 +01:00
Miroslav Stampar
bf3edcfc1c Fixes #3542 2019-03-20 11:33:10 +01:00
Miroslav Stampar
10977ca530 Fixes #3510 2019-03-04 13:21:57 +01:00
Miroslav Stampar
dc95558187 Fixes #373 2019-02-21 01:10:43 +01:00
Miroslav Stampar
5077844dd9 Fixes #3468 2019-02-05 13:42:44 +01:00
Miroslav Stampar
e01a7908aa Trivial renaming update 2019-01-26 12:36:03 +01:00
Miroslav Stampar
ef8530af5b Fixing mess with template payloads and URI/JSON/XML/custom cases 2019-01-22 11:08:57 +01:00
Miroslav Stampar
8f13bda035 Some more preparing for 2to3 (keys() is iter in 3) 2019-01-22 03:00:44 +01:00
Miroslav Stampar
db3bed3f44 Update related to the last commit 2019-01-22 01:20:27 +01:00
Miroslav Stampar
7672b9a0a2 Baby steps (2 to 3 at a time) 2019-01-22 00:40:48 +01:00
Miroslav Stampar
5274c88c7d Minor patch of --identify-waf mechanism 2019-01-09 16:26:11 +01:00
Miroslav Stampar
9a221470e7 Minor patch 2019-01-09 15:44:11 +01:00
Miroslav Stampar
3b4e44a38d Better results with following the redirect in identifyWaf phase 2019-01-07 16:05:59 +01:00
Miroslav Stampar
590e8ed5ae update_copyright_year() 2019-01-05 21:38:52 +01:00
Miroslav Stampar
9564c8e8b1 Refactoring regarding casting warnings 2018-12-21 11:29:57 +01:00
Miroslav Stampar
107d9f90ad Minor message update 2018-12-17 23:41:04 +01:00
Miroslav Stampar
01d5da18e3 Adding experimental option --crack 2018-12-17 17:38:47 +01:00
Miroslav Stampar
2e5edce8b9 Fixes #3399 2018-12-10 15:22:53 +01:00
Miroslav Stampar
2c95b65eac Implementation for #2552 (sorry @mg98) 2018-12-10 14:53:11 +01:00
Miroslav Stampar
101d1f0d49 Fixes #3395 2018-12-03 23:18:52 +01:00
Miroslav Stampar
843126702d Fixes #3392 2018-12-03 23:12:45 +01:00
Miroslav Stampar
560ff4154b Fixes #3388 (and refactors #1578) 2018-11-29 00:09:05 +01:00
Miroslav Stampar
277a4fa402 Potential patch for #3167 2018-11-26 23:40:47 +01:00
Miroslav Stampar
90e381a5a5 Another update related to the #3356 2018-11-02 16:18:08 +01:00
Miroslav Stampar
73d83280fe Minor patch (bounded injection case with leftover marker) 2018-11-01 22:24:36 +01:00
Miroslav Stampar
92febd22a8 Minor update 2018-10-26 23:01:19 +02:00
Miroslav Stampar
feb93dce44 Update related to the #3304 2018-10-17 12:24:52 +02:00
Miroslav Stampar
411f56e710 Initial implementation for #3283 2018-10-16 12:23:07 +02:00
Miroslav Stampar
880d438418 Fixes #3284 2018-10-12 00:29:43 +02:00
Miroslav Stampar
f2b4dc3ffc Fixes #3275 2018-10-08 23:34:55 +02:00
Miroslav Stampar
459e1dd9a4 Update related to the #3252 2018-09-24 10:26:27 +02:00
Miroslav Stampar
0c7eecee9f Trivial update (message language) 2018-09-18 16:52:17 +02:00
Miroslav Stampar
3e72da66f9 Minor update (preventing WAF specific response reports on generic 403) 2018-09-18 16:45:08 +02:00
Miroslav Stampar
a5e3dce26f Proper naming 2018-09-14 10:01:31 +02:00
Miroslav Stampar
12012b36b1 Automatic disabling of socket-preconnect for known problematic server (SimpleHTTPServer) 2018-09-04 23:01:17 +02:00
Miroslav Stampar
0507234add Minor update 2018-08-29 11:06:45 +02:00
Miroslav Stampar
f3f4a4cb37 Minor refactoring 2018-08-28 14:31:20 +02:00
Miroslav Stampar
a296d22195 Fixes #3205 2018-08-10 14:01:55 +02:00
Miroslav Stampar
d47c16e196 Minor refactoring 2018-06-07 00:55:32 +02:00
Miroslav Stampar
091c8ab2dd Minor update (switching --invalid-logical to LIKE version) 2018-06-07 00:37:22 +02:00
Miroslav Stampar
6b3f01bfeb Minor patch 2018-05-28 11:07:06 +02:00
Miroslav Stampar
2a810fb796 Trivial modifications (thou shalt not judge people by trivial commits) 2018-05-03 14:10:55 +02:00
Miroslav Stampar
8f7a7bed20 Minor patch 2018-05-03 13:31:27 +02:00
Miroslav Stampar
8ca3287df4 Proper way to skip already used payloads (important to --suffix/--prefix cases) 2018-04-12 14:38:32 +02:00
Miroslav Stampar
a8cb14ed4a Minor patch (disable tamper script usage in WAF/IDS/IPS check phase) 2018-04-11 14:48:54 +02:00
Miroslav Stampar
7f3f1dcdee Fixes #3022 2018-04-03 12:50:09 +02:00
Miroslav Stampar
4147f44e63 Potential patch for Issues like #3013 and #3017 2018-04-01 12:45:47 +02:00
Miroslav Stampar
2cc6214227 Fixes #3020 2018-04-01 11:25:51 +02:00
Miroslav Stampar
8a90512354 One more commit related to the last one (reduce false hopes in heavily dynamic cases) 2018-03-31 11:02:48 +02:00
Miroslav Stampar
ae8699f258 Reducing false-positive 'appears' messages in heavily dynamic environment 2018-03-29 14:47:30 +02:00
Miroslav Stampar
cdb1e79370 Disabling ORDER BY tests in heavily dynamic environment 2018-03-29 14:37:33 +02:00
Miroslav Stampar
16cd13d7db Fixes #3014 2018-03-28 17:24:12 +02:00
Miroslav Stampar
45fb5ab4a5 Patch for cases when http: is immediatelly being redirected to https: 2018-03-28 15:13:33 +02:00
Miroslav Stampar
f287ff3767 Trivial comment update 2018-03-21 14:29:54 +01:00
Miroslav Stampar
7d5a0ed2dc Use false-positive checks in dummy mode 2018-03-21 14:22:59 +01:00
Miroslav Stampar
74de40b9c5 Minor patch of a previous commit 2018-03-16 15:21:19 +01:00
Miroslav Stampar
6c2b7cff80 Minor patch of UNION checking logic 2018-03-16 15:11:04 +01:00
Miroslav Stampar
01fb07f68c Minor patch (message for --check-internet) 2018-03-16 14:28:37 +01:00
Miroslav Stampar
3c5e9e7559 Fixes #2982 2018-03-14 01:02:26 +01:00
Miroslav Stampar
fa4c1c5251 Some more PEPing (I hope that I haven't broke anything) 2018-03-13 13:45:42 +01:00
Miroslav Stampar
5380e8174b Safer WAF heuristics in case of URI injections 2018-03-11 03:20:33 +01:00
Miroslav Stampar
4cefff7e98 Bug fix (misencoding inside check waf payload) 2018-03-11 03:13:33 +01:00
Miroslav Stampar
d99151ce5a Minor update for --wizard mode 2018-02-27 12:37:45 +01:00
Miroslav Stampar
a16663f9a1 Minor refactoring 2018-02-07 16:05:41 +01:00
Miroslav Stampar
9e75bb7f68 Minor patch 2018-01-31 11:43:17 +01:00
Miroslav Stampar
8a122401aa Update of copyright years 2018-01-02 00:48:10 +01:00
Miroslav Stampar
66c1f72a16 Minor optimization 2017-12-29 13:04:52 +01:00
Miroslav Stampar
5326df1071 Minor grammar fix 2017-12-13 13:49:55 +01:00
Miroslav Stampar
8cef17b583 Minor just in case patch (error set in case of --string) 2017-12-12 11:18:17 +01:00
Miroslav Stampar
220dffbcfa Couple of wording updates 2017-12-04 13:59:35 +01:00
Miroslav Stampar
7c5b051d60 Fixes #2808 2017-11-29 15:59:00 +01:00
Miroslav Stampar
132a72c9bd Minor update of logging messages 2017-11-24 12:20:57 +01:00
Miroslav Stampar
26b81f58bb Fixes #2772 2017-11-13 11:19:25 +01:00
Miroslav Stampar
67b470245e Minor cleanup of NULL connection 2017-11-09 13:45:52 +01:00
Miroslav Stampar
58b87e4b6b Some more refactoring 2017-11-08 15:58:23 +01:00
Miroslav Stampar
496075ef20 Trivial refactoring 2017-10-31 10:10:22 +01:00
Miroslav Stampar
1f60dfc835 Minor patch for WAF mechanism 2017-10-16 11:42:11 +02:00
Miroslav Stampar
8c6b761044 Replacing doc/COPYING to LICENSE 2017-10-11 14:50:46 +02:00
Miroslav Stampar
12f802c70f Minor text update 2017-09-11 10:41:50 +02:00
Miroslav Stampar
96ffb4b911 Fixes #2693 2017-09-11 10:38:19 +02:00
Miroslav Stampar
cb2258fea4 Fixes #2603 2017-08-28 13:02:08 +02:00
Miroslav Stampar
c871cedae4 Adding hidden option '--force-dbms' to skip fingerprinting 2017-08-28 12:30:42 +02:00
Miroslav Stampar
8b0c50f25d Update related to the #2663 2017-08-23 13:17:37 +02:00
Miroslav Stampar
62ae149464 Minor patch 2017-07-29 03:35:05 +02:00
Miroslav Stampar
5745d650f8 Fixes #2635 2017-07-29 02:42:20 +02:00
Miroslav Stampar
0f9c81965b Implementation on request 2017-07-26 00:24:13 +02:00
Miroslav Stampar
d12b65d38c Fixes #2624 2017-07-25 23:32:30 +02:00
Louis-Philippe Huberdeau
e38267a61e Include tracking properties in the HAR to identify which test the requests were associated to 2017-07-18 15:46:52 -04:00
Miroslav Stampar
1678b606a2 Update for #2597 2017-07-03 16:55:24 +02:00
Louis-Philippe Huberdeau
0d756a8823 Parse request data and convert to HAR, include in injection data 2017-06-23 11:50:21 -04:00
Miroslav Stampar
864711b434 Minor improvement 2017-06-05 16:48:14 +02:00
Miroslav Stampar
996ad59126 Minor patch 2017-06-05 16:28:19 +02:00
Miroslav Stampar
359bfb2704 Minor adjustment 2017-05-26 14:14:35 +02:00
Miroslav Stampar
644ea2e3aa Minor patch 2017-05-26 14:08:08 +02:00
Miroslav Stampar
4ce08dcfa3 Patch for an Issue #2536 2017-05-17 00:22:18 +02:00
Miroslav Stampar
d3a08a2d22 Implementation for an Issue #2505 2017-05-07 23:12:42 +02:00
Miroslav Stampar
fc8eede952 Minor cleanup and one bug fix 2017-04-19 14:46:27 +02:00
Miroslav Stampar
c8a0c525fc Fixes #2489 2017-04-19 14:19:39 +02:00
Miroslav Stampar
5f2bb88037 Some code refactoring 2017-04-18 15:48:05 +02:00
Miroslav Stampar
7ebba5614a Moving brute from techniques to utils 2017-04-18 13:53:41 +02:00
Miroslav Stampar
d9a931f77a Minor cleanup 2017-04-14 13:14:53 +02:00
Miroslav Stampar
0e206da7c0 Minor patches (pydiatra) 2017-04-14 13:08:51 +02:00
Miroslav Stampar
9b3d229294 Fixes #2471 2017-04-10 19:21:22 +02:00
Miroslav Stampar
60e8c725f9 Fixes #2437 2017-03-12 23:24:13 +01:00
Miroslav Stampar
7960045cf9 Fixes #2277 and #2300 2017-02-27 13:58:07 +01:00
Miroslav Stampar
4b420e7579 Removing Google PageRank as it is dead now 2017-02-23 11:33:39 +01:00
Miroslav Stampar
38f16decef Update for an Issue #2384 2017-02-06 13:28:33 +01:00
Miroslav Stampar
03bbf552ef Patch for an Issue #2382 2017-02-06 11:14:45 +01:00
Miroslav Stampar
55272f7a3b New version preparation 2017-01-02 14:19:18 +01:00
Francisco Blas Izquierdo Riera (klondike)
025e9ac5b4
Fix the logic used for --param-exclude
The current logic will skip all existing parameters if no param-exclude is defined.
This breaks previous behaviour, makes it harder to use the tool and is quite confusing.

The new logic will always check the parameter is set before running any other checks instead of shortcircuit an empoty(always true) regexp.
2016-12-28 12:25:05 +01:00
Miroslav Stampar
89bbf5284c Adding new option --param-exclude on private request 2016-12-25 23:16:44 +01:00
Miroslav Stampar
edc6f47758 Some refactoring 2016-12-19 23:47:39 +01:00
Hanno Heinrichs
2cc604e356 Fix several typos 2016-10-26 21:41:57 +02:00
Miroslav Stampar
24eaf55dc8 Removing bad decision for -d (user should be able to choose) 2016-10-17 22:32:23 +02:00
Miroslav Stampar
6130185ac6 Minor consistency update with the wiki 2016-10-11 00:35:39 +02:00