Miroslav Stampar
95560da7c1
Implements #1222
2019-05-29 15:52:33 +02:00
Miroslav Stampar
8ca4cffb98
Minor refactoring
2019-05-28 14:12:35 +02:00
Miroslav Stampar
b5e489f0f0
Fixes #3720
2019-05-27 13:03:25 +02:00
Miroslav Stampar
130bcd4b9b
Minor update
2019-05-24 14:18:18 +02:00
Miroslav Stampar
ad01aa7449
Further integration of identYwaf
2019-05-24 13:54:10 +02:00
Miroslav Stampar
0c79504ff1
Switching from WAF scripts to identYwaf (avoiding redundant work from my side)
2019-05-24 13:09:28 +02:00
Miroslav Stampar
36f2bb5390
Minor beautification (e.g. HTTP header cases like Host parameter 'Host')
2019-05-21 12:07:19 +02:00
Miroslav Stampar
23a7aea2db
Fixes #3687
2019-05-20 19:41:12 +02:00
Miroslav Stampar
dd450b53f4
Less requests in case of non-injectable parameters
2019-05-20 15:13:52 +02:00
Miroslav Stampar
3b0323ab68
Minor patch
2019-05-17 11:10:34 +02:00
Miroslav Stampar
519538a1d3
Implements #3549
2019-05-17 11:00:51 +02:00
Miroslav Stampar
aaa83a31d4
Fixes #3656
2019-05-14 13:58:42 +02:00
Miroslav Stampar
2efcded23b
Fixes #3644
2019-05-10 09:30:21 +02:00
Miroslav Stampar
3d89668495
Fixes #3640
2019-05-09 10:16:10 +02:00
Miroslav Stampar
9c247b3833
Last preparations for DREI
2019-05-08 12:47:52 +02:00
Miroslav Stampar
09aba3b5ce
More DREI updates
2019-05-08 12:28:50 +02:00
Miroslav Stampar
2e75662a6d
Revert of previous commit
2019-05-07 16:09:28 +02:00
Miroslav Stampar
f08163f8a2
Minor DREI patch
2019-05-07 16:07:29 +02:00
Miroslav Stampar
33b42a17d7
Fixes #3622
2019-05-06 00:54:21 +02:00
Miroslav Stampar
ff968c2331
More drei stuff
2019-05-02 16:54:54 +02:00
Miroslav Stampar
7d9cd0c079
Stabilizing first drei compatible prototype
2019-05-02 11:26:31 +02:00
Miroslav Stampar
6dbf24531c
More drei stuff
2019-05-02 10:22:44 +02:00
Miroslav Stampar
d465007dfe
More drei updates
2019-05-02 00:45:44 +02:00
Miroslav Stampar
48c55d15ea
Minor update
2019-04-30 14:04:39 +02:00
Miroslav Stampar
ff61417fc0
Trivial style update
2019-04-29 11:01:40 +02:00
gweeperx
14bf1e4ce7
Add INFERENCE_EQUALS_CHAR during the check for false positives ( #3609 )
...
* Update checks.py
* Update checks.py
2019-04-29 10:58:12 +02:00
Miroslav Stampar
bb7bd51d94
Some more DREI stuff
2019-04-19 11:24:34 +02:00
Miroslav Stampar
da15701a55
Minor DREI updates
2019-04-18 16:06:19 +02:00
Miroslav Stampar
05f92d5d45
Fixes #3552
2019-04-08 23:49:55 +02:00
Miroslav Stampar
dbd93e2670
Minor refactoring (drei stuff)
2019-03-29 02:28:16 +01:00
Miroslav Stampar
9b72545d09
Some more DREI stuff
2019-03-28 16:04:38 +01:00
Miroslav Stampar
4b020c4257
Some more drei stuff
2019-03-28 15:14:16 +01:00
Miroslav Stampar
afe497a954
Dealing with basesting (one baby step closer to Py3 salvation)
2019-03-28 13:53:54 +01:00
Miroslav Stampar
2f53014685
God help us all with this Python3 non-sense
2019-03-27 13:33:46 +01:00
Miroslav Stampar
e64cc86fc4
Patch related to the #3524
2019-03-25 11:42:16 +01:00
Miroslav Stampar
5a71210c8a
Update regarding #2940 (PEP 394)
2019-03-21 14:00:09 +01:00
Miroslav Stampar
bf3edcfc1c
Fixes #3542
2019-03-20 11:33:10 +01:00
Miroslav Stampar
10977ca530
Fixes #3510
2019-03-04 13:21:57 +01:00
Miroslav Stampar
dc95558187
Fixes #373
2019-02-21 01:10:43 +01:00
Miroslav Stampar
5077844dd9
Fixes #3468
2019-02-05 13:42:44 +01:00
Miroslav Stampar
e01a7908aa
Trivial renaming update
2019-01-26 12:36:03 +01:00
Miroslav Stampar
ef8530af5b
Fixing mess with template payloads and URI/JSON/XML/custom cases
2019-01-22 11:08:57 +01:00
Miroslav Stampar
8f13bda035
Some more preparing for 2to3 (keys() is iter in 3)
2019-01-22 03:00:44 +01:00
Miroslav Stampar
db3bed3f44
Update related to the last commit
2019-01-22 01:20:27 +01:00
Miroslav Stampar
7672b9a0a2
Baby steps (2 to 3 at a time)
2019-01-22 00:40:48 +01:00
Miroslav Stampar
5274c88c7d
Minor patch of --identify-waf mechanism
2019-01-09 16:26:11 +01:00
Miroslav Stampar
9a221470e7
Minor patch
2019-01-09 15:44:11 +01:00
Miroslav Stampar
3b4e44a38d
Better results with following the redirect in identifyWaf phase
2019-01-07 16:05:59 +01:00
Miroslav Stampar
590e8ed5ae
update_copyright_year()
2019-01-05 21:38:52 +01:00
Miroslav Stampar
9564c8e8b1
Refactoring regarding casting warnings
2018-12-21 11:29:57 +01:00
Miroslav Stampar
107d9f90ad
Minor message update
2018-12-17 23:41:04 +01:00
Miroslav Stampar
01d5da18e3
Adding experimental option --crack
2018-12-17 17:38:47 +01:00
Miroslav Stampar
2e5edce8b9
Fixes #3399
2018-12-10 15:22:53 +01:00
Miroslav Stampar
2c95b65eac
Implementation for #2552 (sorry @mg98)
2018-12-10 14:53:11 +01:00
Miroslav Stampar
101d1f0d49
Fixes #3395
2018-12-03 23:18:52 +01:00
Miroslav Stampar
843126702d
Fixes #3392
2018-12-03 23:12:45 +01:00
Miroslav Stampar
560ff4154b
Fixes #3388 (and refactors #1578 )
2018-11-29 00:09:05 +01:00
Miroslav Stampar
277a4fa402
Potential patch for #3167
2018-11-26 23:40:47 +01:00
Miroslav Stampar
90e381a5a5
Another update related to the #3356
2018-11-02 16:18:08 +01:00
Miroslav Stampar
73d83280fe
Minor patch (bounded injection case with leftover marker)
2018-11-01 22:24:36 +01:00
Miroslav Stampar
92febd22a8
Minor update
2018-10-26 23:01:19 +02:00
Miroslav Stampar
feb93dce44
Update related to the #3304
2018-10-17 12:24:52 +02:00
Miroslav Stampar
411f56e710
Initial implementation for #3283
2018-10-16 12:23:07 +02:00
Miroslav Stampar
880d438418
Fixes #3284
2018-10-12 00:29:43 +02:00
Miroslav Stampar
f2b4dc3ffc
Fixes #3275
2018-10-08 23:34:55 +02:00
Miroslav Stampar
459e1dd9a4
Update related to the #3252
2018-09-24 10:26:27 +02:00
Miroslav Stampar
0c7eecee9f
Trivial update (message language)
2018-09-18 16:52:17 +02:00
Miroslav Stampar
3e72da66f9
Minor update (preventing WAF specific response reports on generic 403)
2018-09-18 16:45:08 +02:00
Miroslav Stampar
a5e3dce26f
Proper naming
2018-09-14 10:01:31 +02:00
Miroslav Stampar
12012b36b1
Automatic disabling of socket-preconnect for known problematic server (SimpleHTTPServer)
2018-09-04 23:01:17 +02:00
Miroslav Stampar
0507234add
Minor update
2018-08-29 11:06:45 +02:00
Miroslav Stampar
f3f4a4cb37
Minor refactoring
2018-08-28 14:31:20 +02:00
Miroslav Stampar
a296d22195
Fixes #3205
2018-08-10 14:01:55 +02:00
Miroslav Stampar
d47c16e196
Minor refactoring
2018-06-07 00:55:32 +02:00
Miroslav Stampar
091c8ab2dd
Minor update (switching --invalid-logical to LIKE version)
2018-06-07 00:37:22 +02:00
Miroslav Stampar
6b3f01bfeb
Minor patch
2018-05-28 11:07:06 +02:00
Miroslav Stampar
2a810fb796
Trivial modifications (thou shalt not judge people by trivial commits)
2018-05-03 14:10:55 +02:00
Miroslav Stampar
8f7a7bed20
Minor patch
2018-05-03 13:31:27 +02:00
Miroslav Stampar
8ca3287df4
Proper way to skip already used payloads (important to --suffix/--prefix cases)
2018-04-12 14:38:32 +02:00
Miroslav Stampar
a8cb14ed4a
Minor patch (disable tamper script usage in WAF/IDS/IPS check phase)
2018-04-11 14:48:54 +02:00
Miroslav Stampar
7f3f1dcdee
Fixes #3022
2018-04-03 12:50:09 +02:00
Miroslav Stampar
4147f44e63
Potential patch for Issues like #3013 and #3017
2018-04-01 12:45:47 +02:00
Miroslav Stampar
2cc6214227
Fixes #3020
2018-04-01 11:25:51 +02:00
Miroslav Stampar
8a90512354
One more commit related to the last one (reduce false hopes in heavily dynamic cases)
2018-03-31 11:02:48 +02:00
Miroslav Stampar
ae8699f258
Reducing false-positive 'appears' messages in heavily dynamic environment
2018-03-29 14:47:30 +02:00
Miroslav Stampar
cdb1e79370
Disabling ORDER BY tests in heavily dynamic environment
2018-03-29 14:37:33 +02:00
Miroslav Stampar
16cd13d7db
Fixes #3014
2018-03-28 17:24:12 +02:00
Miroslav Stampar
45fb5ab4a5
Patch for cases when http: is immediatelly being redirected to https:
2018-03-28 15:13:33 +02:00
Miroslav Stampar
f287ff3767
Trivial comment update
2018-03-21 14:29:54 +01:00
Miroslav Stampar
7d5a0ed2dc
Use false-positive checks in dummy mode
2018-03-21 14:22:59 +01:00
Miroslav Stampar
74de40b9c5
Minor patch of a previous commit
2018-03-16 15:21:19 +01:00
Miroslav Stampar
6c2b7cff80
Minor patch of UNION checking logic
2018-03-16 15:11:04 +01:00
Miroslav Stampar
01fb07f68c
Minor patch (message for --check-internet)
2018-03-16 14:28:37 +01:00
Miroslav Stampar
3c5e9e7559
Fixes #2982
2018-03-14 01:02:26 +01:00
Miroslav Stampar
fa4c1c5251
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
Miroslav Stampar
5380e8174b
Safer WAF heuristics in case of URI injections
2018-03-11 03:20:33 +01:00
Miroslav Stampar
4cefff7e98
Bug fix (misencoding inside check waf payload)
2018-03-11 03:13:33 +01:00
Miroslav Stampar
d99151ce5a
Minor update for --wizard mode
2018-02-27 12:37:45 +01:00
Miroslav Stampar
a16663f9a1
Minor refactoring
2018-02-07 16:05:41 +01:00
Miroslav Stampar
9e75bb7f68
Minor patch
2018-01-31 11:43:17 +01:00
Miroslav Stampar
8a122401aa
Update of copyright years
2018-01-02 00:48:10 +01:00
Miroslav Stampar
66c1f72a16
Minor optimization
2017-12-29 13:04:52 +01:00
Miroslav Stampar
5326df1071
Minor grammar fix
2017-12-13 13:49:55 +01:00
Miroslav Stampar
8cef17b583
Minor just in case patch (error set in case of --string)
2017-12-12 11:18:17 +01:00
Miroslav Stampar
220dffbcfa
Couple of wording updates
2017-12-04 13:59:35 +01:00
Miroslav Stampar
7c5b051d60
Fixes #2808
2017-11-29 15:59:00 +01:00
Miroslav Stampar
132a72c9bd
Minor update of logging messages
2017-11-24 12:20:57 +01:00
Miroslav Stampar
26b81f58bb
Fixes #2772
2017-11-13 11:19:25 +01:00
Miroslav Stampar
67b470245e
Minor cleanup of NULL connection
2017-11-09 13:45:52 +01:00
Miroslav Stampar
58b87e4b6b
Some more refactoring
2017-11-08 15:58:23 +01:00
Miroslav Stampar
496075ef20
Trivial refactoring
2017-10-31 10:10:22 +01:00
Miroslav Stampar
1f60dfc835
Minor patch for WAF mechanism
2017-10-16 11:42:11 +02:00
Miroslav Stampar
8c6b761044
Replacing doc/COPYING to LICENSE
2017-10-11 14:50:46 +02:00
Miroslav Stampar
12f802c70f
Minor text update
2017-09-11 10:41:50 +02:00
Miroslav Stampar
96ffb4b911
Fixes #2693
2017-09-11 10:38:19 +02:00
Miroslav Stampar
cb2258fea4
Fixes #2603
2017-08-28 13:02:08 +02:00
Miroslav Stampar
c871cedae4
Adding hidden option '--force-dbms' to skip fingerprinting
2017-08-28 12:30:42 +02:00
Miroslav Stampar
8b0c50f25d
Update related to the #2663
2017-08-23 13:17:37 +02:00
Miroslav Stampar
62ae149464
Minor patch
2017-07-29 03:35:05 +02:00
Miroslav Stampar
5745d650f8
Fixes #2635
2017-07-29 02:42:20 +02:00
Miroslav Stampar
0f9c81965b
Implementation on request
2017-07-26 00:24:13 +02:00
Miroslav Stampar
d12b65d38c
Fixes #2624
2017-07-25 23:32:30 +02:00
Louis-Philippe Huberdeau
e38267a61e
Include tracking properties in the HAR to identify which test the requests were associated to
2017-07-18 15:46:52 -04:00
Miroslav Stampar
1678b606a2
Update for #2597
2017-07-03 16:55:24 +02:00
Louis-Philippe Huberdeau
0d756a8823
Parse request data and convert to HAR, include in injection data
2017-06-23 11:50:21 -04:00
Miroslav Stampar
864711b434
Minor improvement
2017-06-05 16:48:14 +02:00
Miroslav Stampar
996ad59126
Minor patch
2017-06-05 16:28:19 +02:00
Miroslav Stampar
359bfb2704
Minor adjustment
2017-05-26 14:14:35 +02:00
Miroslav Stampar
644ea2e3aa
Minor patch
2017-05-26 14:08:08 +02:00
Miroslav Stampar
4ce08dcfa3
Patch for an Issue #2536
2017-05-17 00:22:18 +02:00
Miroslav Stampar
d3a08a2d22
Implementation for an Issue #2505
2017-05-07 23:12:42 +02:00
Miroslav Stampar
fc8eede952
Minor cleanup and one bug fix
2017-04-19 14:46:27 +02:00
Miroslav Stampar
c8a0c525fc
Fixes #2489
2017-04-19 14:19:39 +02:00
Miroslav Stampar
5f2bb88037
Some code refactoring
2017-04-18 15:48:05 +02:00
Miroslav Stampar
7ebba5614a
Moving brute from techniques to utils
2017-04-18 13:53:41 +02:00
Miroslav Stampar
d9a931f77a
Minor cleanup
2017-04-14 13:14:53 +02:00
Miroslav Stampar
0e206da7c0
Minor patches (pydiatra)
2017-04-14 13:08:51 +02:00
Miroslav Stampar
9b3d229294
Fixes #2471
2017-04-10 19:21:22 +02:00
Miroslav Stampar
60e8c725f9
Fixes #2437
2017-03-12 23:24:13 +01:00
Miroslav Stampar
7960045cf9
Fixes #2277 and #2300
2017-02-27 13:58:07 +01:00
Miroslav Stampar
4b420e7579
Removing Google PageRank as it is dead now
2017-02-23 11:33:39 +01:00
Miroslav Stampar
38f16decef
Update for an Issue #2384
2017-02-06 13:28:33 +01:00
Miroslav Stampar
03bbf552ef
Patch for an Issue #2382
2017-02-06 11:14:45 +01:00
Miroslav Stampar
55272f7a3b
New version preparation
2017-01-02 14:19:18 +01:00
Francisco Blas Izquierdo Riera (klondike)
025e9ac5b4
Fix the logic used for --param-exclude
...
The current logic will skip all existing parameters if no param-exclude is defined.
This breaks previous behaviour, makes it harder to use the tool and is quite confusing.
The new logic will always check the parameter is set before running any other checks instead of shortcircuit an empoty(always true) regexp.
2016-12-28 12:25:05 +01:00
Miroslav Stampar
89bbf5284c
Adding new option --param-exclude on private request
2016-12-25 23:16:44 +01:00
Miroslav Stampar
edc6f47758
Some refactoring
2016-12-19 23:47:39 +01:00
Hanno Heinrichs
2cc604e356
Fix several typos
2016-10-26 21:41:57 +02:00
Miroslav Stampar
24eaf55dc8
Removing bad decision for -d (user should be able to choose)
2016-10-17 22:32:23 +02:00
Miroslav Stampar
6130185ac6
Minor consistency update with the wiki
2016-10-11 00:35:39 +02:00