Commit Graph

1171 Commits

Author SHA1 Message Date
Miroslav Stampar
76d1f09b0a minor cosmetics 2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553 minor update for matching SOAP messages 2011-04-17 22:21:32 +00:00
Miroslav Stampar
a7366bf710 SOAP refactoring 2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb minor update 2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac well, this could be important :) 2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021 improving time based data retrieval mechanism 2011-04-17 07:24:18 +00:00
Miroslav Stampar
c461fdca54 some refactoring 2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation 2011-04-15 11:53:20 +00:00
Miroslav Stampar
467d1a50b3 removed debug message that could cause confusion 2011-04-15 11:28:01 +00:00
Miroslav Stampar
8c6f7c7d5f explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay 2011-04-15 08:52:53 +00:00
Miroslav Stampar
3efd9e3959 improved htmlunescape (great for localized html escape codes) 2011-04-14 21:36:13 +00:00
Miroslav Stampar
ded28442fb minor fixes and refactoring regarding safecharencoding 2011-04-14 15:54:00 +00:00
Miroslav Stampar
866cdb4cf7 speed of --replicate is now vastly improved 2011-04-14 14:34:12 +00:00
Miroslav Stampar
eafab03d99 safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars) 2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638 minor fix 2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7 More cookies to ignore 2011-04-14 12:46:14 +00:00
Miroslav Stampar
8426d48e2e minor refactoring 2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573 minor update related to the last commit 2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8 minor fix 2011-04-14 09:54:29 +00:00
Miroslav Stampar
bb99bd2fbe one more commit related to the issue with displaying of garbled characters 2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9 update regarding safe character output together with a small fix for newlines 2011-04-14 09:31:45 +00:00
Miroslav Stampar
5dfb55effc revert of the last commit because of this http://osvdb.org/show/osvdb/26582 2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a minor update 2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748 added IGNORE_PARAMETERS to skip testing of state/session web server parameters 2011-04-13 19:01:02 +00:00
Miroslav Stampar
58a93c5b1f better beep for MacOSX 2011-04-13 18:32:47 +00:00
Miroslav Stampar
d06ae9cd47 implemented retrieved items info for partial union too 2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc minor cosmetics for partial inband retrieval 2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be just in case update to prevent gibberish "retrieved: " outputs 2011-04-12 23:07:50 +00:00
Miroslav Stampar
5346ecbb56 fix for a "accept certificate first time for svn" 2011-04-12 14:25:17 +00:00
Miroslav Stampar
941daa1645 just in case to prevent "object of type 'NoneType' has no len()" error reports 2011-04-11 11:59:02 +00:00
Miroslav Stampar
08d14886fd added new dev version string 2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e cutting for 0.9 stable 2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e lowering the value 2011-04-10 22:57:17 +00:00
Bernardo Damele
14219a3dac Minor bug fix 2011-04-10 22:44:08 +00:00
Miroslav Stampar
940c225d7c few fixes 2011-04-10 20:53:27 +00:00
Bernardo Damele
d324704844 Removed unused code 2011-04-10 20:39:15 +00:00
Miroslav Stampar
decab6642d fix for that @chunk bug 2011-04-10 16:46:33 +00:00
Miroslav Stampar
723a7447b2 minor refactoring 2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421 added support for handling binary data values (no more garbish chars) 2011-04-09 23:13:16 +00:00
Miroslav Stampar
4ad73f9263 added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics 2011-04-09 22:39:03 +00:00
Miroslav Stampar
c4c40308c6 no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one) 2011-04-08 22:42:07 +00:00
Miroslav Stampar
83feb097ef greater flexibility for --batch when default is None 2011-04-08 22:29:50 +00:00
Miroslav Stampar
228cc68747 fix for those ugly DEBUG messages in brute mode 2011-04-08 11:02:21 +00:00
Miroslav Stampar
be11e2535e one more minor update 2011-04-08 00:05:44 +00:00
Miroslav Stampar
3435d549a9 minor update regarding the last commit 2011-04-07 23:35:51 +00:00
Miroslav Stampar
726155383d higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0]) 2011-04-07 23:32:07 +00:00
Miroslav Stampar
b288e5ef57 implemented DNS caching mechanism 2011-04-07 21:39:18 +00:00
Miroslav Stampar
ae4ea0af45 fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace') 2011-04-07 13:57:07 +00:00
Miroslav Stampar
6a8a5db9aa minor code restyling 2011-04-07 13:27:29 +00:00
Bernardo Damele
9e8c933333 cosmetics 2011-04-07 10:40:58 +00:00
Miroslav Stampar
68828d68a5 removed integers from --technique 2011-04-07 10:37:48 +00:00
Miroslav Stampar
fced81b6be minor update 2011-04-07 10:32:39 +00:00
Miroslav Stampar
845533e92f minor refactoring 2011-04-07 10:27:22 +00:00
Bernardo Damele
1880f18367 Minor layout adjustments 2011-04-07 10:07:52 +00:00
Bernardo Damele
17844eb87c Refactoring to --technique 2011-04-07 10:00:47 +00:00
Bernardo Damele
05d12790f1 closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) 2011-04-06 14:41:44 +00:00
Miroslav Stampar
a379463213 cosmeticado 2011-04-06 08:40:06 +00:00
Miroslav Stampar
b327bbcd9b minor fix (it was quite ... to have this check at the later stage) 2011-04-06 08:39:24 +00:00
Bernardo Damele
81034140c0 Reduced number of threads to 3 when -o is provided 2011-04-06 08:15:20 +00:00
Miroslav Stampar
2c01fc56e6 minor update regarding misusage of --proxy and --ignore-proxy switches 2011-04-04 09:19:43 +00:00
Miroslav Stampar
305115a68b important improvement of data handling (POST data and header values) 2011-04-03 15:02:52 +00:00
Miroslav Stampar
bbd4c128b0 minor update related to the last commit 2011-04-01 22:19:42 +00:00
Miroslav Stampar
cd7e4f5afc improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form) 2011-04-01 22:12:24 +00:00
Bernardo Damele
c3b54cc222 Cosmetics 2011-04-01 16:40:28 +00:00
Miroslav Stampar
e27afef6be minor update regarding --current-db on Oracle 2011-04-01 15:56:11 +00:00
Bernardo Damele
eb99f68a7a Minor improvement to --wizard. This does not mean I like the kiddie feature though ;) 2011-04-01 14:55:39 +00:00
Miroslav Stampar
de4e0c7346 minor update related to the problem with request files reported by jorge_a_santos@hotmail.com 2011-04-01 12:09:11 +00:00
Miroslav Stampar
ee15988878 another minor update related to previous commit 2011-03-31 17:34:07 +00:00
Miroslav Stampar
156d24203f speed optimization 2011-03-31 17:16:26 +00:00
Miroslav Stampar
220366b6e8 minor update (ip addresses will not be confused any more for crypt_generic hashes) 2011-03-31 16:56:26 +00:00
Miroslav Stampar
c5de903eab minor improvement ("quick defense against substr fields") 2011-03-31 09:35:09 +00:00
Miroslav Stampar
ce51326bff quick fix 2011-03-31 08:43:17 +00:00
Miroslav Stampar
dd01d66f13 proper update regarding last commit 2011-03-29 22:10:08 +00:00
Miroslav Stampar
b6af80bab3 refactoring, cleanup and improvement 2011-03-29 21:54:15 +00:00
Miroslav Stampar
adfbfef8c1 minor refactoring 2011-03-29 21:01:47 +00:00
Miroslav Stampar
12f3024c8a removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header) 2011-03-29 20:45:21 +00:00
Miroslav Stampar
d0861a00e2 minor improvement 2011-03-29 15:37:57 +00:00
Miroslav Stampar
d28ca5809b adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page) 2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc minor refactoring and comment update 2011-03-29 12:08:07 +00:00
Miroslav Stampar
5560196648 minor fix 2011-03-29 11:50:12 +00:00
Miroslav Stampar
e20d460809 Bernardo will kill me (added --wizard for total beginners) 2011-03-29 11:42:55 +00:00
Miroslav Stampar
86f93713d3 fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update 2011-03-29 06:25:17 +00:00
Miroslav Stampar
bf0e3c4662 improvement for --forms with empty fields 2011-03-28 22:48:00 +00:00
Miroslav Stampar
1e22ff45de minor update regarding testing of GET parameters if --data and/or --forms is used 2011-03-28 16:14:08 +00:00
Miroslav Stampar
625f124263 little info message 2011-03-28 12:13:17 +00:00
Miroslav Stampar
47924fb92e fix for a bug reported by malice.anon@gmail.co​m (AttributeError: 'unicode' object has no attribute 'geturl') 2011-03-27 13:41:54 +00:00
Miroslav Stampar
76b7e3517d minor update 2011-03-27 07:58:15 +00:00
Miroslav Stampar
afe2be6a9f implementation of Standard DES hashing (crypt) 2011-03-26 20:46:25 +00:00
Miroslav Stampar
c5b6d377fb fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages) 2011-03-25 12:14:19 +00:00
Miroslav Stampar
af5342c495 fix for partial inband queries on MSSQL 2011-03-25 11:19:15 +00:00
Miroslav Stampar
e80c9e08d8 minor update regarding --live-test 2011-03-25 09:03:08 +00:00
Miroslav Stampar
1f1c4c0e61 better update related to the last commit 2011-03-24 20:04:20 +00:00
Miroslav Stampar
c0cc5d1dad minor update 2011-03-24 17:18:03 +00:00
Miroslav Stampar
f3858a5fcf another fix related to the bug reported by Alone Shell 2011-03-24 17:08:14 +00:00
Miroslav Stampar
e42cdfd138 adding possibility to run only one live test (e.g. --run-case=8) 2011-03-24 12:07:47 +00:00
Miroslav Stampar
2b15ad57c2 basic live tests against 3 major DBMSes 2011-03-24 11:47:01 +00:00
Miroslav Stampar
ecbbfeba6e introduction of --fresh-queries 2011-03-24 10:08:47 +00:00
Miroslav Stampar
d79fae724c minor refactoring 2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2 fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file 2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9 implementing a --page-rank switch as requested by l0rda@l0rda.biz 2011-03-23 11:57:57 +00:00
Miroslav Stampar
5a1aaecf16 minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION') 2011-03-22 13:07:37 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
3ca5cddca7 massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL) 2011-03-20 23:54:56 +00:00
Miroslav Stampar
088c815567 minor update (exposing --tor switch) 2011-03-19 18:28:51 +00:00
Miroslav Stampar
2cc91b8470 minor fix 2011-03-19 17:44:34 +00:00
Miroslav Stampar
7c2b3afafb minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r) 2011-03-19 17:37:26 +00:00
Miroslav Stampar
139448eeb9 little stabilization regarding POST url(de/en)coding 2011-03-19 16:53:14 +00:00
Miroslav Stampar
0fcd999e51 fix for a bug reported by malice 2011-03-18 16:52:46 +00:00
Miroslav Stampar
58e9a074d3 masking some more command line arguments 2011-03-18 16:47:18 +00:00
Miroslav Stampar
36233fac42 update regarding a feature request from andyroyalbattle@yahoo.it 2011-03-18 16:35:30 +00:00
Miroslav Stampar
00b9d85ffc fix regarding bug report from andyroyalbattle@yahoo.it 2011-03-18 16:26:39 +00:00
Miroslav Stampar
4e300baaf2 minor cosmetics 2011-03-18 14:09:18 +00:00
Miroslav Stampar
3628887110 los cosmeticados 2011-03-18 14:08:36 +00:00
Miroslav Stampar
75c0e09f43 little refactoring 2011-03-18 13:46:51 +00:00
Miroslav Stampar
c301b245a9 adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value) 2011-03-18 13:39:51 +00:00
Miroslav Stampar
b53c9a2599 minor fix and some refactoring 2011-03-18 00:24:02 +00:00
Miroslav Stampar
fbd0cfda29 minor update toward the implementation of request from Santiago 2011-03-17 06:39:05 +00:00
Bernardo Damele
f00aff5303 -v 0 shows both error, critical and raw_input messages 2011-03-11 22:02:38 +00:00
Bernardo Damele
d7d47b6257 Minor bug fix (revert) 2011-03-11 21:56:45 +00:00
Miroslav Stampar
e64f225e65 minor refactoring 2011-03-11 20:16:34 +00:00
Miroslav Stampar
6cc745f789 removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut) 2011-03-11 20:04:15 +00:00
Miroslav Stampar
5eae525010 this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly) 2011-03-11 19:57:44 +00:00
Bernardo Damele
3cb0ca4b63 Minor bug fix for --privileges on PgSQL with error-based SQL inj technique 2011-03-11 15:24:25 +00:00
Bernardo Damele
5af7410cb1 Another bug fix for --privileges on PgSQL with UNION query technique 2011-03-11 15:13:09 +00:00
Bernardo Damele
74ef1e53c7 Minor bug fixes to --privileges for PostgreSQL query (corner case) 2011-03-11 14:54:41 +00:00
Miroslav Stampar
eb1cda7065 minor refactoring (more consistent) 2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387 minor refactoring 2011-03-09 11:37:37 +00:00
Miroslav Stampar
5c97f9a496 improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries) 2011-03-09 09:36:56 +00:00
Miroslav Stampar
9b2962ff1c now when we don't urlencode whole URI using : and \ as safe chars is not a good idea 2011-03-09 08:56:29 +00:00
Miroslav Stampar
30619c599b minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...) 2011-03-08 11:53:59 +00:00
Miroslav Stampar
cc0306044c adding SVN revision number support for non SVN client platforms 2011-03-07 21:54:30 +00:00
Miroslav Stampar
16b286982d fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split') 2011-03-07 09:50:43 +00:00
Miroslav Stampar
8edc3b3302 further update regarding last commit 2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17 possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms) 2011-03-03 09:42:50 +00:00
Miroslav Stampar
f27f05308a minor update for masking sensitive data in error report (added aCred too) 2011-03-02 10:09:17 +00:00
Miroslav Stampar
ad2e4002ea minor improvement 2011-03-01 10:38:27 +00:00
Miroslav Stampar
0f3cc153a3 fix for --technique 2011-03-01 09:54:06 +00:00
Miroslav Stampar
2bf212ffa9 minor minor update 2011-02-27 20:43:38 +00:00
Miroslav Stampar
7036190e8e minor improvement of regular expression 2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90 further reflective value handling improvement 2011-02-27 17:43:41 +00:00
Bernardo Damele
6e8ebd35f4 Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable 2011-02-27 12:17:41 +00:00
Miroslav Stampar
88faedc0fe fix for a bug reported by -insane- 2011-02-26 17:48:19 +00:00
Miroslav Stampar
11996ce12e bug fix for international encoded letters 2011-02-25 22:43:01 +00:00
Miroslav Stampar
2bbbc9a41e few updates 2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e If no Accept header field is present, then it is assumed that the client accepts all media types. 2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068 adding experimental for --group-concat 2011-02-22 14:35:38 +00:00
Miroslav Stampar
3f8eadf4fe minor refactoring 2011-02-22 13:00:58 +00:00