Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2
implemented mechanism for merging cookies by request
2012-01-11 14:28:08 +00:00
Miroslav Stampar
18930539cd
more concise language
2012-01-07 17:45:45 +00:00
Miroslav Stampar
40398f358c
minor update
2012-01-05 14:55:23 +00:00
Miroslav Stampar
1f085a0241
now [SLEEPTIME] is changeable properly in vivo
2012-01-05 14:45:05 +00:00
Miroslav Stampar
ea87c89c25
minor fix
2012-01-03 23:44:56 +00:00
Miroslav Stampar
63bc4ce116
minor patch
2011-12-30 14:11:02 +00:00
Miroslav Stampar
c20546dcaa
minor refactoring
2011-12-26 12:24:39 +00:00
Miroslav Stampar
9f68e54fff
minor cleanup
2011-12-22 10:59:28 +00:00
Miroslav Stampar
4a1a0773b7
speedup of UNION dumping
2011-12-22 10:44:14 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
95cd9e2af3
adding support for scanning Host header values (-p host)
2011-12-20 12:52:41 +00:00
Miroslav Stampar
1b16b5e0f1
minor fix
2011-12-20 09:10:44 +00:00
Miroslav Stampar
c57941c102
minor beautification
2011-12-15 23:33:44 +00:00
Miroslav Stampar
563c0c1066
adding switch --tor-type
2011-12-15 23:19:55 +00:00
Miroslav Stampar
c98f5f6f94
minor fix
2011-12-15 09:28:58 +00:00
Miroslav Stampar
e6820ebbd2
minor update
2011-12-14 10:26:03 +00:00
Miroslav Stampar
364113441b
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
2011-12-14 10:19:45 +00:00
Miroslav Stampar
73a500833d
minor bug fix
2011-12-12 14:38:06 +00:00
Miroslav Stampar
0f5d48ff20
minor update
2011-12-05 09:25:56 +00:00
Miroslav Stampar
9bc735963b
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))
2011-12-04 22:42:19 +00:00
Miroslav Stampar
b03a5e8928
people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value
2011-12-01 13:30:47 +00:00
Miroslav Stampar
872a73f631
minor refactoring
2011-11-29 19:17:07 +00:00
Miroslav Stampar
3cd8f47686
minor bug fix
2011-11-29 17:17:06 +00:00
Miroslav Stampar
d958c2fe48
minor fix
2011-11-28 11:21:39 +00:00
Miroslav Stampar
ba4234dc42
switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)
2011-11-23 21:17:08 +00:00
Miroslav Stampar
2e10de8921
minor update
2011-11-22 12:18:24 +00:00
Miroslav Stampar
2ed3efba12
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
2011-11-22 08:39:13 +00:00
Miroslav Stampar
4fa24ec704
minor improvement
2011-11-21 17:39:18 +00:00
Miroslav Stampar
65b2b0ad87
adding switch --eval
2011-11-21 16:41:02 +00:00
Miroslav Stampar
df0b451389
minor update
2011-11-20 23:17:57 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
b888829d12
minor update
2011-11-14 11:39:18 +00:00
Miroslav Stampar
ccbd93cc2e
fix for redirect/HOST header bug
2011-11-11 11:28:27 +00:00
Miroslav Stampar
1061c06617
improvement of redirecting code
2011-11-11 11:07:49 +00:00
Miroslav Stampar
e183437f0b
minor typo
2011-11-10 10:30:53 +00:00
Miroslav Stampar
62f8f8d36c
bug fix (thanks to zhen zhou)
2011-11-10 10:22:35 +00:00
Miroslav Stampar
c1486ed4be
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
2011-10-25 09:53:44 +00:00
Miroslav Stampar
6d64f87190
minor update
2011-10-24 00:46:54 +00:00
Miroslav Stampar
1f7d87c6a4
bug fix for --code (previously redirecting codes where not considered)
2011-10-23 20:48:37 +00:00
Miroslav Stampar
77e630d89e
replaced longer CHAR form of escaped MySQL strings with more compact hex form
2011-10-23 20:19:42 +00:00
Miroslav Stampar
3f0517d3f3
support for non-latin (e.g. cyrillic) URLs
2011-10-23 17:02:48 +00:00
Miroslav Stampar
0db0571f35
minor patch
2011-10-21 09:06:00 +00:00
Miroslav Stampar
dd0ed5f5da
adding redirect response to the traffic file
2011-09-28 08:13:46 +00:00
Miroslav Stampar
34738129c9
minor update
2011-09-25 21:27:58 +00:00
Miroslav Stampar
e0f521cf9d
minor update regarding --randomize
2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a
implemented --randomize switch by request
2011-08-29 12:50:52 +00:00
Miroslav Stampar
75ec146224
minor beautification
2011-08-17 21:17:02 +00:00
Miroslav Stampar
600ef3eace
minor patch
2011-08-16 06:22:04 +00:00
Bernardo Damele
702ed73a65
Added --code switch to match in boolean-based tests against the HTTP response code
2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33
Search for --string and --regexp matches also in HTTP response headers
2011-08-12 15:33:37 +00:00
Bernardo Damele
5e5133b8e7
Should be fixed now
2011-08-12 15:00:11 +00:00
Bernardo Damele
1505cb2a80
typo
2011-08-12 14:51:39 +00:00
Bernardo Damele
702ca22d54
Minor bug fix for URI injections
2011-08-12 14:48:44 +00:00
Bernardo Damele
28bba9f5e6
More verbose warning message
2011-08-12 13:47:38 +00:00
Miroslav Stampar
10bdd90e60
minor speed optimizations (as a result of profiling)
2011-08-12 13:40:37 +00:00
Miroslav Stampar
0643ced651
minor update
2011-08-02 08:12:43 +00:00
Miroslav Stampar
6bbb8139a0
update (smaller memory footprint in postprocessing phase because of safecharencode part)
2011-07-25 20:40:31 +00:00
Miroslav Stampar
2033a28ae7
minor update regarding last commit (cleaner code)
2011-07-24 20:44:17 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Miroslav Stampar
a46b5230f5
minor "patch"
2011-07-11 20:33:16 +00:00
Miroslav Stampar
98958f8808
minor minor update
2011-07-10 15:41:45 +00:00
Miroslav Stampar
02bfd05b20
more general approach
2011-07-08 10:03:14 +00:00
Miroslav Stampar
ba2c06c9dc
quick fix
2011-07-08 09:01:32 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
93b296e02c
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
2011-07-06 05:44:47 +00:00
Miroslav Stampar
75524c283d
minor update
2011-06-27 21:59:31 +00:00
Miroslav Stampar
831f083223
minor update
2011-06-27 21:38:12 +00:00
Miroslav Stampar
e9286ddd5b
fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
...
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
e76cb19e35
minor patch
2011-06-22 09:11:12 +00:00
Miroslav Stampar
b16b92fe46
minor update
2011-06-21 20:59:34 +00:00
Miroslav Stampar
2220afbdf5
fix by request
2011-06-21 20:50:16 +00:00
Miroslav Stampar
bdb530da1f
minor update
2011-06-19 10:11:27 +00:00
Miroslav Stampar
d5bc149636
made changes by buawig request (504 is treated as a classical timeout)
2011-06-19 09:57:41 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Miroslav Stampar
0c9fa5c550
fix
2011-06-17 17:12:47 +00:00
Miroslav Stampar
043f2f92c1
minor update
2011-06-17 17:10:52 +00:00
Miroslav Stampar
c9a6aad5c3
minor fix by request
2011-06-17 16:58:50 +00:00
Miroslav Stampar
0990f16f7f
minor update for invalid cases like 'iso-8859-1 (western europe)'
2011-06-12 08:36:21 +00:00
Miroslav Stampar
f8dde2c23b
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
2011-06-10 23:18:43 +00:00
Miroslav Stampar
15d72ec566
minor improvement for special cases with --string/--regexp
2011-06-10 23:05:47 +00:00
Miroslav Stampar
8fac4605a9
minor fix for None results
2011-06-10 22:28:15 +00:00
Bernardo Damele
0d8d6a4ace
Cosmetics
2011-06-08 16:08:20 +00:00
Miroslav Stampar
6387d98ab0
quick fix
2011-06-08 14:42:48 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Miroslav Stampar
75c12c5edb
fix for a bug reported by cclements@flatearth.net (TypeError: argument of type 'NoneType' is not iterable)
2011-06-07 21:46:49 +00:00
Miroslav Stampar
7a3cc38e3c
refactoring and stabilization of multithreading
2011-06-07 09:50:00 +00:00
Miroslav Stampar
5f7858455d
fix for a bug reported by l0rda@l0rda.biz
2011-06-07 05:57:21 +00:00
Miroslav Stampar
8c80413c52
well, important fix for blind based cases (especially OR ones)
2011-06-03 15:29:22 +00:00
Miroslav Stampar
a5a70f0895
minor update
2011-05-28 18:21:03 +00:00
Miroslav Stampar
c11ea35d53
adding some user input for "refreshing" cases (like redirect ones)
2011-05-27 22:42:23 +00:00
Miroslav Stampar
cf69809c3c
minor update
2011-05-27 16:26:00 +00:00
Miroslav Stampar
61b960f65f
minor update related to the last one
2011-05-26 22:05:10 +00:00
Miroslav Stampar
45caadbd4a
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
2011-05-26 21:54:19 +00:00
Miroslav Stampar
4f2c999146
fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders)
2011-05-26 13:47:20 +00:00
Miroslav Stampar
5369657cd5
fix for cases with retrieved binary files (preventing difflib nagging around comparison)
2011-05-25 20:54:30 +00:00
Miroslav Stampar
0072c3af8e
fix for a bug reported by aboynes@gmail.com (for elt in self.a)
2011-05-24 15:03:21 +00:00
Miroslav Stampar
f774d8fea0
proper Tor settings (reverted r3915 and implemented it the right way)
2011-05-24 11:06:58 +00:00
Miroslav Stampar
915c206e3d
minor fix for socks proxy issues
2011-05-24 09:47:10 +00:00
Miroslav Stampar
ad25bcc2be
better way for dealing with relative paths
2011-05-24 05:26:51 +00:00
Miroslav Stampar
a536bf210f
improved redirection mechanism
2011-05-23 23:20:03 +00:00
Miroslav Stampar
40971aca94
fixing nasty bug caused by retrying counter
2011-05-22 10:59:56 +00:00
Miroslav Stampar
712e238f33
another minor fix
2011-05-22 10:29:25 +00:00
Miroslav Stampar
2795aeff34
minor fix
2011-05-22 10:27:45 +00:00
Miroslav Stampar
806e898694
no more CRITICAL drop outs in test mode - lots of reports were related to this
2011-05-22 10:21:49 +00:00
Miroslav Stampar
9b2623514a
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170
type correction and adding global flag kb.ignoreTimeout which could be useful
2011-05-22 08:24:13 +00:00
Miroslav Stampar
27f0e73cc9
refactoring of 'target' flag in connect.py
2011-05-22 07:46:09 +00:00
Miroslav Stampar
25fff8c135
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8
improvement for recognition of scalar vs multiple-row commands
2011-05-19 16:45:05 +00:00
Miroslav Stampar
cc07e5dc97
added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com
2011-05-17 22:55:22 +00:00
Miroslav Stampar
ba1df457ab
fix for a charset euc_tw reported by devon.mitchell1988@yahoo.com
2011-05-16 19:26:58 +00:00
Miroslav Stampar
053c245114
few minor fixes
2011-05-13 09:56:12 +00:00
Miroslav Stampar
a7d7be5ce0
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)
2011-05-13 01:01:53 +00:00
Miroslav Stampar
0b2da2f9f5
minor beautification for --tor switch
2011-05-12 05:46:17 +00:00
Miroslav Stampar
1dea609019
fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query)
2011-05-10 12:51:37 +00:00
Miroslav Stampar
a64407d9db
minor bug fix for multithreading and lots of connection retries
2011-05-10 12:40:01 +00:00
Miroslav Stampar
22a1870c2c
adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1
2011-05-10 12:32:07 +00:00
Miroslav Stampar
b324b99f6e
minor update of warning message
2011-05-04 10:41:08 +00:00
Miroslav Stampar
1e6c2fea74
update regarding warning for --random-agent during connection timeout in connection test phase
2011-05-03 10:05:42 +00:00
Miroslav Stampar
f8c3086d15
minor minor update
2011-05-02 12:37:54 +00:00
Miroslav Stampar
098f53d57a
patch for a problem reported by m.martin2311@yahoo.com (unknown charset 'is0-8859-1')
2011-05-02 12:34:35 +00:00
Miroslav Stampar
41fc9f9d54
fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2')
2011-04-30 22:41:54 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
b299912de4
fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost
2011-04-29 16:56:02 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Bernardo Damele
f3088079c0
error message adjustment
2011-04-21 22:31:02 +00:00
Bernardo Damele
d2f102f5a1
cosmetics
2011-04-21 20:21:37 +00:00
Miroslav Stampar
930872cf3b
fix
2011-04-21 14:20:09 +00:00
Bernardo Damele
11ecd16099
cosmetics
2011-04-21 10:08:38 +00:00
Miroslav Stampar
c84c4d835f
minor update
2011-04-21 09:31:35 +00:00
Miroslav Stampar
52c98afe93
minor fix
2011-04-20 08:38:46 +00:00
Miroslav Stampar
24435a2c20
implemented "break a tie" request by Andres Riancho
2011-04-20 08:35:47 +00:00
Miroslav Stampar
3b133303bf
refactoring
2011-04-19 22:54:13 +00:00
Miroslav Stampar
fc90974940
revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)
2011-04-19 14:50:09 +00:00
Miroslav Stampar
7abbd0c029
removing a leftover
2011-04-19 14:29:51 +00:00
Miroslav Stampar
96b5fede5a
automatic increasing of time delay on lagging connections
2011-04-19 14:28:51 +00:00
Miroslav Stampar
7a06af9a92
added "lagging" critical message
2011-04-19 10:37:20 +00:00
Miroslav Stampar
6463cad8c5
minor update for SOAP payloads
2011-04-18 14:29:52 +00:00
Miroslav Stampar
da9ec67869
removing leftover
2011-04-18 13:43:22 +00:00
Miroslav Stampar
354a2ce249
'chardet' heuristic engine added to the project
2011-04-18 13:38:46 +00:00
Miroslav Stampar
4fa00121e4
that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one
2011-04-17 21:58:34 +00:00
Miroslav Stampar
a7366bf710
SOAP refactoring
2011-04-17 21:39:00 +00:00
Miroslav Stampar
5e70eac98c
fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes
2011-04-16 06:44:29 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
04986be4b9
update regarding safe character output together with a small fix for newlines
2011-04-14 09:31:45 +00:00
Miroslav Stampar
a883ce26b5
fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode')
2011-04-12 13:25:28 +00:00
Miroslav Stampar
723a7447b2
minor refactoring
2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421
added support for handling binary data values (no more garbish chars)
2011-04-09 23:13:16 +00:00
Miroslav Stampar
83feb097ef
greater flexibility for --batch when default is None
2011-04-08 22:29:50 +00:00
Miroslav Stampar
228cc68747
fix for those ugly DEBUG messages in brute mode
2011-04-08 11:02:21 +00:00
Bernardo Damele
5b21352656
cosmeticados ;)
2011-04-08 10:39:07 +00:00
Miroslav Stampar
265fa52600
minor code cosmetics
2011-04-04 18:24:16 +00:00
Miroslav Stampar
018b6b9430
fix for a charset encoding reported by Kirill
2011-04-04 18:20:09 +00:00
Miroslav Stampar
e957c4400c
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
2011-04-04 08:04:47 +00:00
Miroslav Stampar
305115a68b
important improvement of data handling (POST data and header values)
2011-04-03 15:02:52 +00:00
Bernardo Damele
c3b54cc222
Cosmetics
2011-04-01 16:40:28 +00:00
Miroslav Stampar
557ed7d665
minor fix for a invalid charset reported by Kirill
2011-03-31 14:39:01 +00:00
Miroslav Stampar
dd01d66f13
proper update regarding last commit
2011-03-29 22:10:08 +00:00
Miroslav Stampar
850328df6c
minor cosmetics
2011-03-29 22:03:48 +00:00
Miroslav Stampar
9f707febf5
minor update
2011-03-29 15:43:17 +00:00
Miroslav Stampar
d28ca5809b
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
2011-03-29 14:16:28 +00:00
Miroslav Stampar
ae53ad4c30
making an update for special case of timed out response
2011-03-28 21:05:04 +00:00
Miroslav Stampar
762397854e
fix for a bug reported by Kirill (unknown charset '8859-1')
2011-03-24 09:27:19 +00:00
Miroslav Stampar
d79fae724c
minor refactoring
2011-03-24 09:16:21 +00:00
Miroslav Stampar
cbfb10cbd1
fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)
2011-03-21 16:43:46 +00:00
Miroslav Stampar
b53c9a2599
minor fix and some refactoring
2011-03-18 00:24:02 +00:00
Bernardo Damele
9526f0c4c2
Minor layout adjustments
2011-03-17 12:35:40 +00:00
Miroslav Stampar
cbdd9e921e
minor cosmetics
2011-03-17 12:23:56 +00:00
Miroslav Stampar
6607a240cf
added logging to redirecthandler
2011-03-17 12:21:27 +00:00
Miroslav Stampar
9a513198dd
minor fix regarding last couple of commits
2011-03-17 11:25:37 +00:00
Miroslav Stampar
fbd0cfda29
minor update toward the implementation of request from Santiago
2011-03-17 06:39:05 +00:00
Miroslav Stampar
e64f225e65
minor refactoring
2011-03-11 20:16:34 +00:00
Miroslav Stampar
2fd3f0d7b2
minor update (added comment)
2011-03-11 20:07:52 +00:00
Miroslav Stampar
5eae525010
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
2011-03-11 19:57:44 +00:00
Miroslav Stampar
5c97f9a496
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
2011-03-09 09:36:56 +00:00
Miroslav Stampar
154d947c62
minor update
2011-03-07 10:15:41 +00:00
Miroslav Stampar
3a1f5744be
minor update to make counting variable totally independent of the urllib2's self.retried
2011-03-02 10:42:17 +00:00
Miroslav Stampar
a010386a23
finally a proper fix for that annoying recursive bug
2011-03-02 10:29:38 +00:00
Miroslav Stampar
9856cb71de
redo of the last commit with comments added
2011-02-28 18:58:05 +00:00
Miroslav Stampar
ade31b2cb0
removal of obsolete item
2011-02-28 18:49:25 +00:00
Miroslav Stampar
21041f8b90
further reflective value handling improvement
2011-02-27 17:43:41 +00:00
Bernardo Damele
60605b6e7c
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
2011-02-27 12:14:13 +00:00
Miroslav Stampar
63b8156c00
some update (if header key is non-unicode comformant)
2011-02-25 09:43:04 +00:00
Miroslav Stampar
aa88361ab1
incorporation of method for neutralization of reflective values
2011-02-25 09:22:44 +00:00
Miroslav Stampar
12ede1e5de
minor JIC (just-in-case) update
2011-02-22 13:18:47 +00:00
Miroslav Stampar
3f8eadf4fe
minor refactoring
2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe
minor refactoring
2011-02-22 12:54:22 +00:00
Miroslav Stampar
17c39fe231
fix for that non-HTML stuff
2011-02-22 11:32:55 +00:00
Miroslav Stampar
0c57f2af0f
minor fix
2011-02-20 12:20:44 +00:00
Bernardo Damele
60b05ff49f
Reflect new switch name
2011-02-19 21:05:15 +00:00
Miroslav Stampar
3badf92ceb
not doing "basic" filtering in default cases because of a bug reported by Kazim
2011-02-18 07:38:13 +00:00
Bernardo Damele
429ab631fe
Minor refactoring
2011-02-13 21:25:01 +00:00
Miroslav Stampar
1cd483f42f
one more update
2011-02-12 10:24:09 +00:00
Miroslav Stampar
25a3a64327
we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.
2011-02-12 10:15:42 +00:00
Miroslav Stampar
535eb9f3eb
implementation of referer feature
2011-02-11 23:07:03 +00:00
Bernardo Damele
864eade744
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
2011-02-10 11:14:05 +00:00
Miroslav Stampar
d9af01d73d
imporant fix for boolean expression which return [None]
2011-02-09 16:53:22 +00:00
Bernardo Damele
156d8cd99b
Directory restyling
2011-02-08 00:15:02 +00:00
Miroslav Stampar
71d1b72e0e
minor adjustment
2011-02-07 12:51:38 +00:00
Bernardo Damele
6a71629575
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
2011-02-06 22:58:12 +00:00
Miroslav Stampar
1af418d444
huge bug fix
2011-02-04 10:18:26 +00:00
Miroslav Stampar
e4933f0c92
refactoring
2011-02-03 23:25:56 +00:00
Miroslav Stampar
1aecbe6b08
minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection)
2011-02-03 22:59:26 +00:00
Miroslav Stampar
b56a77e573
removing obsolete switches (--threshold, --excl-reg, --excl-str)
2011-02-03 15:55:19 +00:00
Miroslav Stampar
402c1b622e
removing urlencode from UA
2011-02-02 15:18:06 +00:00
Bernardo Damele
a37f5e05b9
Refactoring
2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
...
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-01 22:07:42 +00:00
Bernardo Damele
6761933f75
Just.. cosmetics ;)
2011-01-31 22:51:14 +00:00
Miroslav Stampar
35b6d7278a
minor update
2011-01-31 22:50:54 +00:00
Bernardo Damele
2fd9621499
Minor adjustments
...
Cosmetics
2011-01-31 21:22:39 +00:00
Miroslav Stampar
60a2364f2b
now union technique parses headers too
2011-01-31 12:41:39 +00:00
Miroslav Stampar
fc9c626f9e
minor refactoring (removed URL_ENCODE_PAYLOAD)
2011-01-30 17:03:06 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
b98cbeee04
page for handling binary files
2011-01-27 22:00:34 +00:00
Miroslav Stampar
8e74c571bc
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
2011-01-27 19:44:24 +00:00
Miroslav Stampar
81722b6881
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
2011-01-27 16:55:58 +00:00
Miroslav Stampar
430fd5cd63
minor fixes
2011-01-25 16:05:06 +00:00
Miroslav Stampar
cab86871fe
fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)
2011-01-25 11:02:41 +00:00
Miroslav Stampar
4093599f38
added parseTargetUrl to redirect choice
2011-01-24 14:45:35 +00:00
Bernardo Damele
47fa600c04
Minor fix and cosmetics
2011-01-24 11:12:33 +00:00
Bernardo Damele
97573693be
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
2011-01-20 21:59:47 +00:00
Miroslav Stampar
f6f4b5e9dd
bug fix for charset used in inference for pages retrieved with --null-connection
2011-01-20 11:01:01 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
2011-01-17 23:43:37 +00:00
Miroslav Stampar
041abb56e2
you can't believe how much man can learn when having good testing points
2011-01-17 13:59:22 +00:00
Miroslav Stampar
34d13be0d3
minor update regarding default page encoding
2011-01-17 10:23:37 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Miroslav Stampar
71391874eb
slightly faster and thread safer inference
2011-01-16 10:52:42 +00:00
Bernardo Damele
6e4b65a822
Minor refactoring
2011-01-15 23:28:31 +00:00
Miroslav Stampar
1fa8f0cba7
code reviewing part 2
2011-01-15 12:53:40 +00:00
Miroslav Stampar
fb9d7cdfaa
refactoring, code clearing and removal of obsolete switch --longest-common
2011-01-14 14:37:03 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92
Minor code refactoring and cosmetics
2011-01-11 21:46:21 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Bernardo Damele
1c86ec374e
Code refactoring and cosmetics
2011-01-07 15:41:09 +00:00
Miroslav Stampar
694a65f6f1
minor fix/update
2011-01-05 13:32:40 +00:00
Miroslav Stampar
7411052456
minor update regarding last commit
2011-01-05 12:09:57 +00:00
Miroslav Stampar
042e3f76ba
bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded)
2011-01-05 11:36:40 +00:00
Miroslav Stampar
aa81ed4033
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
2011-01-04 15:49:20 +00:00
Miroslav Stampar
eb11f5b2e0
minor update
2011-01-04 13:07:12 +00:00
Miroslav Stampar
c1dc73d0a1
minor, just in case update related to the previous commit
2011-01-04 12:56:55 +00:00
Miroslav Stampar
709a7d156b
fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)
2011-01-04 12:51:51 +00:00
Miroslav Stampar
d288c6d6e3
minor update
2011-01-04 08:40:41 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
2011-01-03 22:02:58 +00:00
Miroslav Stampar
07129371bf
bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)
2011-01-03 13:04:20 +00:00
Miroslav Stampar
da138c46c1
added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)
2011-01-02 07:37:47 +00:00
Miroslav Stampar
ef27fd5ea1
there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) ( http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html , http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html )
2011-01-01 15:20:29 +00:00
Miroslav Stampar
281d124fa6
minor bug fix
2010-12-31 12:04:39 +00:00
Miroslav Stampar
d1f5c1d7b7
now when we "decode page" based on a charset, sanitizeAsciiString only brings unneeded filtering
2010-12-29 15:10:42 +00:00
Miroslav Stampar
93838fb155
"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)
2010-12-28 14:40:34 +00:00
Miroslav Stampar
c0423761e8
minor update
2010-12-27 18:27:42 +00:00
Miroslav Stampar
9fb0e0fc85
resume of brute forced data is now available
2010-12-27 14:17:20 +00:00
Miroslav Stampar
f2373121d0
noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more)
2010-12-26 14:36:51 +00:00
Miroslav Stampar
569e060aab
important improvement
2010-12-26 13:20:52 +00:00
Miroslav Stampar
cd337d9f39
minor fix
2010-12-26 09:46:09 +00:00
Miroslav Stampar
562a6440d1
fix for a bug reported by nightman (same as http://bugs.python.org/issue8797 )
2010-12-26 09:33:04 +00:00
Miroslav Stampar
b472b96f92
bug fix, refactoring and improved extractErrorMessage capabilities
2010-12-25 10:16:20 +00:00
Miroslav Stampar
2c23a59ba5
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3
minor refactoring/cosmetics
2010-12-24 11:06:57 +00:00
Miroslav Stampar
a09716a701
minor update
2010-12-24 10:07:56 +00:00
Miroslav Stampar
d5eebb1cbf
fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6
2010-12-24 09:49:19 +00:00
Miroslav Stampar
cb17e61f35
bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959)
2010-12-24 02:54:26 +00:00
Miroslav Stampar
8470de7b76
bug fix for boolean proxy when using time based payloads
2010-12-23 23:46:08 +00:00
Miroslav Stampar
017ea9e686
update
2010-12-23 14:06:22 +00:00
Miroslav Stampar
8fc60215ed
lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.
2010-12-22 19:12:46 +00:00
Bernardo Damele
250608660d
Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not)
2010-12-22 13:41:36 +00:00
Miroslav Stampar
5be9c04e44
update regarding Sybase syntax
2010-12-22 10:39:56 +00:00
Miroslav Stampar
7a525f28d4
cosmetics
2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d
minor tuning (2 techniques MAX per value used)
2010-12-21 15:24:14 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4
removed some blank trailing spaces (with extra/shutils/blanks.sh)
2010-12-21 10:31:56 +00:00
Miroslav Stampar
d554460aec
minor fix
2010-12-21 01:09:39 +00:00
Miroslav Stampar
416755c0b7
minor adjustments
2010-12-21 00:25:03 +00:00
Miroslav Stampar
29001a4fce
minor update
2010-12-20 23:21:01 +00:00
Miroslav Stampar
8fd3e7ba1f
thread based data added
2010-12-20 22:45:01 +00:00
Miroslav Stampar
5852bad963
some refactoring
2010-12-20 18:56:06 +00:00
Miroslav Stampar
c948bced61
should solve the problem with timeout problems in time-based payloads
2010-12-20 16:45:41 +00:00
Miroslav Stampar
eaf8929085
more minor updates
2010-12-20 10:48:53 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
108a96c6b4
some fixes
2010-12-17 21:45:20 +00:00
Miroslav Stampar
b4450c6ddd
added one more level of MSSQL version check (if first fails for some reason)
2010-12-17 21:01:14 +00:00
Miroslav Stampar
95b2c0803b
minor fix
2010-12-15 20:51:29 +00:00
Miroslav Stampar
cda00c7501
code refactoring
2010-12-15 12:43:56 +00:00
Miroslav Stampar
3f34b06a24
minor cosmetics
2010-12-15 12:34:14 +00:00
Miroslav Stampar
445cc3bf3c
minor cosmetics
2010-12-15 12:15:43 +00:00
Miroslav Stampar
c1c525aaea
quick fix of a fix
2010-12-15 12:10:33 +00:00
Miroslav Stampar
270ae0f080
just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False
2010-12-14 09:05:00 +00:00
Bernardo Damele
a02dd6b55b
Minor enhancement to speedup active dbms fingerprint (-f).
...
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
6a3c4485e6
minor update (removing extra ())
2010-12-12 14:44:39 +00:00
Miroslav Stampar
f7344a5fc3
update
2010-12-11 21:28:11 +00:00
Miroslav Stampar
e6c66fa37c
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
2010-12-11 17:55:28 +00:00
Miroslav Stampar
e32fa9df43
further update regarding bugtrace's report
2010-12-11 17:32:15 +00:00
Miroslav Stampar
5d18c98ec2
quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)
2010-12-11 17:20:39 +00:00
Miroslav Stampar
03447acc1d
avoiding some trashy match ratios
2010-12-11 17:12:19 +00:00
Miroslav Stampar
3dc0a51d34
major bug fix with boolean expressions
2010-12-11 08:46:19 +00:00
Miroslav Stampar
ac9080c07b
update
2010-12-11 08:24:29 +00:00
Miroslav Stampar
66db80804d
fix
2010-12-10 16:03:32 +00:00
Miroslav Stampar
435f48b8cc
polite cosmetics
2010-12-10 15:28:56 +00:00
Miroslav Stampar
977988c0ab
cosmetics
2010-12-10 15:24:25 +00:00
Miroslav Stampar
fa8d378e80
another update
2010-12-10 15:18:15 +00:00
Miroslav Stampar
1ef44cfe60
fix
2010-12-10 15:06:53 +00:00
Miroslav Stampar
fe186cde55
proper fix
2010-12-10 13:26:31 +00:00
Miroslav Stampar
9957881040
you won't believe commit
2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8
minor refactoring
2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb
fix for booleans
2010-12-10 12:26:01 +00:00
Miroslav Stampar
471d9ccd65
another fix of my lala
2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2
quick fix
2010-12-10 09:54:25 +00:00
Miroslav Stampar
441fc8dbd9
update regarding boolean based expressions
2010-12-09 21:15:18 +00:00
Miroslav Stampar
1492823de0
it wasn't pretty, now it's pretty
2010-12-09 20:06:20 +00:00
Bernardo Damele
9230877d98
cosmetics
2010-12-09 13:57:38 +00:00
Miroslav Stampar
196131bbca
minor cosmetics
2010-12-09 10:42:00 +00:00
Miroslav Stampar
3fd1c37d53
update
2010-12-09 07:49:18 +00:00
Bernardo Damele
b5c6527c72
Minor fix
2010-12-09 00:25:48 +00:00
Bernardo Damele
f5ce739bdf
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
2010-12-08 23:52:31 +00:00
Miroslav Stampar
54f6673609
update
2010-12-08 22:38:26 +00:00
Miroslav Stampar
d6077273e0
update
2010-12-08 22:14:42 +00:00
Miroslav Stampar
40fadf2f35
minor update
2010-12-08 14:33:10 +00:00
Miroslav Stampar
01cf1394a4
code refactoring
2010-12-08 14:26:40 +00:00
Miroslav Stampar
6223f25dd9
code beautification
2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1
now resume is available for time-based blinds too
2010-12-08 12:49:26 +00:00
Miroslav Stampar
537b619165
removing junk
2010-12-08 12:30:25 +00:00
Miroslav Stampar
b5e45939e3
sqlmap premiere of blind time based query/bisection
2010-12-08 12:28:54 +00:00
Miroslav Stampar
47bb31fb47
code refactoring
2010-12-08 11:30:25 +00:00
Miroslav Stampar
1ae2fa7f1a
update regarding time based payloads
2010-12-08 11:26:54 +00:00
Miroslav Stampar
bdff4aba6a
switching to quick_ratio
2010-12-07 23:57:43 +00:00
Miroslav Stampar
c1b82cf09c
ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results
2010-12-07 23:53:44 +00:00
Miroslav Stampar
a4a63f5b1e
minor update
2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
2010-12-07 23:32:33 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Bernardo Damele
81e7465ed2
Cosmetics
2010-12-07 17:16:21 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
e53fef546e
update regarding session page templates
2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f
code refactoring
2010-12-07 13:34:06 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Miroslav Stampar
eeb199375b
usage of compiled regexes in case of dynamic markings and other refactoring
2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8
code refactoring
2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
2010-12-04 10:05:18 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
5d37df6104
Ugly code to set the cookies when got them from a 302 redirect too
2010-12-03 17:41:10 +00:00
Bernardo Damele
11058667e4
Better naming
2010-12-03 14:45:13 +00:00
Bernardo Damele
22de82634a
Important update to parse correctly the <where> tag during exploitation phase.
...
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
025361c970
Higher precedence to union query sql inj than error-based
2010-12-01 10:57:17 +00:00
Miroslav Stampar
e735f2960a
minor update
2010-11-29 15:25:45 +00:00
Bernardo Damele
472f4465a6
Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
...
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
253eafb643
paranoid cosmetics
2010-11-24 12:03:01 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Miroslav Stampar
3d25071d06
another minor improvement regarding logging of http traffic
2010-11-17 12:16:48 +00:00
Miroslav Stampar
3e569a1693
minor update
2010-11-17 12:04:33 +00:00
Miroslav Stampar
5abbea4a9f
fix for a bug reported by nightman (unknown charset 'null')
2010-11-17 09:57:32 +00:00
Miroslav Stampar
3487429eac
minor cosmetics
2010-11-16 14:41:46 +00:00
Miroslav Stampar
3640dbf745
fix for --parse-errors (on IIS HTTP error is raised which need to be processed)
2010-11-16 14:33:30 +00:00
Miroslav Stampar
6232397129
minor update
2010-11-16 10:52:49 +00:00
Miroslav Stampar
6ef3846400
update regarding error parsing (and reporting)
2010-11-16 10:42:42 +00:00
Bernardo Damele
71cb982039
Another bug fix to --union-test
2010-11-15 21:42:56 +00:00
Miroslav Stampar
06a872fc99
update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))
2010-11-12 22:57:33 +00:00
Miroslav Stampar
27735b14df
update (--string and --regex should be done regardless of wasLastRequestError)
2010-11-12 22:44:15 +00:00
Miroslav Stampar
697b32554c
fix for a bug "ordinal not in range(128)" reported by bugtrace
2010-11-12 11:48:25 +00:00
Bernardo Damele
f83dd2251b
Properly save error-based enumerated data in session file, able to be resumed like with other techniques
2010-11-12 11:40:37 +00:00
Bernardo Damele
a14e4d9668
Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.
2010-11-12 10:16:39 +00:00
Miroslav Stampar
19c1bfa368
just a precaution (now i really need to go for a sleep)
2010-11-09 23:38:29 +00:00
Miroslav Stampar
88c00e61d3
another update
2010-11-09 23:35:37 +00:00
Miroslav Stampar
47720a43dd
minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)
2010-11-09 23:21:21 +00:00
Miroslav Stampar
5ebd5d935c
another name change
2010-11-09 22:49:31 +00:00
Miroslav Stampar
06f00cf8c1
name change
2010-11-09 22:48:22 +00:00
Miroslav Stampar
fef60d5cb7
some fixes :)
2010-11-09 22:32:05 +00:00
Bernardo Damele
1cc99e2247
Possible quick fix for missing of True/False comparison of stable-but-not-really pages
2010-11-09 21:39:58 +00:00
Bernardo Damele
45ec8c169a
Consistency between --*-test switches/output
2010-11-08 16:46:25 +00:00
Miroslav Stampar
fda8752dca
revert of some HTTP headers handling
2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483
More replacements for refactoring.
...
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
eb999de0f1
added Range handler (dealing with 206 HTTP messages)
2010-11-08 12:26:13 +00:00
Miroslav Stampar
875781bf97
another minor fix
2010-11-08 11:55:56 +00:00
Miroslav Stampar
4a4a3051e5
fix
2010-11-08 11:39:07 +00:00
Miroslav Stampar
a3de10e3a2
new option -t
2010-11-08 11:22:47 +00:00
Miroslav Stampar
0d0e2a2228
minor update
2010-11-08 09:49:57 +00:00
Miroslav Stampar
d551423379
further enum refactoring
2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a
refactoring regarding injection place (more left)
2010-11-08 08:02:36 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Bernardo Damele
a96467b3e2
Refactoring
2010-11-07 21:55:24 +00:00
Miroslav Stampar
7a6c086a27
setting direct query info output to same level as payload info (logger.DEBUG)
2010-11-07 21:42:36 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
620fa1c8fb
trust me, i know what i am doing :)
2010-11-07 20:33:33 +00:00
Bernardo Damele
4d81da6bc8
Cosmetics
2010-11-07 16:23:03 +00:00
Miroslav Stampar
00dfd55830
added powerful switch --longest-common for dealing with heavy dynamicity
2010-11-07 08:52:09 +00:00
Miroslav Stampar
508b9cc763
dynamicity engine update
2010-11-07 00:12:00 +00:00
Miroslav Stampar
3619fc5127
minor update
2010-11-06 08:31:11 +00:00
Miroslav Stampar
0e895fa512
update of dynamicity testing and few misc fixes
2010-11-05 13:14:12 +00:00
Miroslav Stampar
ef1809464d
bug fix for that BadStatusLine ( http://bugs.python.org/issue8450 )
2010-11-05 11:58:20 +00:00
Miroslav Stampar
6295a59a30
minor update/fix
2010-11-05 11:39:35 +00:00
Miroslav Stampar
5f7f4bf15b
minor debug update (probably temporary)
2010-11-05 11:04:00 +00:00
Miroslav Stampar
29b7c5366c
cosmetics
2010-11-04 17:22:33 +00:00
Miroslav Stampar
e1cec8c02b
fix for all that stable, dynamic mambo jambo :)
2010-11-04 16:44:34 +00:00
Miroslav Stampar
f1f7e0bfe0
fix for "unknown charset 'en_us'" (reported by ToR)
2010-11-04 13:56:01 +00:00
Bernardo Damele
b152b1a04d
Cosmetics
2010-11-03 22:07:13 +00:00
Miroslav Stampar
71d0b1bcd7
several bug fixes
2010-11-03 21:51:36 +00:00
Miroslav Stampar
44678fa320
fix for a bug reported by ToR (TypeError: unsupported operand type(s) for *: 'float' and 'NoneType')
2010-11-03 12:40:11 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
861706fb31
fix for bug reported by ToR (unknown charset 'utf-8, text/html')
2010-11-02 18:01:10 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
5269cb8c08
some code refactoring and beautification
2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a
one bug fix in dynamic content engine and some code refactoring
2010-11-02 07:32:08 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Bernardo Damele
3eda4510e2
Properly encode the cookie
2010-10-31 11:26:33 +00:00
Bernardo Damele
3a48bee9b0
Minor code refactoring
2010-10-31 11:03:59 +00:00
Bernardo Damele
8cf0ebde1e
Cosmetics
2010-10-29 23:00:48 +00:00
Miroslav Stampar
cbf38436f2
minor update
2010-10-29 16:15:23 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Miroslav Stampar
895efd28a6
one more update regarding Bug #205
2010-10-28 23:22:13 +00:00
Miroslav Stampar
788eb8fb50
update regarding Bug #205
2010-10-28 22:59:51 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Miroslav Stampar
228ac0cde5
refactoring regarding --check-payload
2010-10-25 18:38:54 +00:00
Miroslav Stampar
378653a1ec
added IDS payload testing
2010-10-25 15:37:43 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
24c5d7b313
code refactoring
2010-10-25 14:06:56 +00:00
Miroslav Stampar
9c94a233a1
conf.md5hash thrown out
2010-10-25 13:52:21 +00:00
Miroslav Stampar
32728d14b7
fix for --union-use with --error-test
2010-10-25 12:25:29 +00:00
Miroslav Stampar
71543092b7
update regarding comparison engine
2010-10-25 12:00:59 +00:00
Miroslav Stampar
8df7c88174
implementation of a new dynamic content removal engine
2010-10-25 10:41:37 +00:00
Miroslav Stampar
db260c44d3
minor update
2010-10-24 22:25:05 +00:00
Miroslav Stampar
dec4d858b3
fix for Bug #207
2010-10-22 14:01:48 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Miroslav Stampar
2668c95ef4
added default HTTP version used by httplib and urllib2
2010-10-21 09:10:07 +00:00
Bernardo Damele
7f1aa3b94f
Removed unused imports
2010-10-20 22:48:51 +00:00
Miroslav Stampar
934adb5e8d
code refactoring
2010-10-20 09:09:04 +00:00
Miroslav Stampar
b032fdbf74
added randInt to error injection vectors
2010-10-20 08:56:58 +00:00
Miroslav Stampar
dabbcf9e23
fix for that 'Subquery returns more than 1 row'
2010-10-20 08:50:05 +00:00
Miroslav Stampar
82f44989ce
update of error based injection and bug fix for --roles on MSSQL server
2010-10-20 06:40:33 +00:00
Miroslav Stampar
8776db872c
minor refactoring
2010-10-19 23:05:24 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Miroslav Stampar
7927e97007
update
2010-10-19 18:34:57 +00:00
Miroslav Stampar
415524bd5a
remove --error, now it's only --error-test (it needs to return True to be able to use it)
2010-10-19 18:34:14 +00:00
Miroslav Stampar
4009ef385e
more update regarding error based injection support
2010-10-19 18:17:34 +00:00
Miroslav Stampar
b2e0b615f8
fix for that MySQL checking
2010-10-19 17:38:39 +00:00
Miroslav Stampar
34d7de1d46
cosmetics
2010-10-19 15:28:54 +00:00
Miroslav Stampar
d7622bb9cf
major fix for MySQL error based injections
2010-10-19 15:17:16 +00:00
Miroslav Stampar
80505de15b
now --users work on Oracle and Postgre (tested)
2010-10-19 14:56:57 +00:00
Miroslav Stampar
4bc541ec3c
error based update
2010-10-19 14:47:13 +00:00
Miroslav Stampar
d0ebe428da
i've left error flag
2010-10-19 14:12:34 +00:00
Miroslav Stampar
bf850af2d8
fix for Oracle error based query "space" problem
2010-10-19 14:10:09 +00:00
Miroslav Stampar
6a8b1046d4
first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)
2010-10-19 12:02:04 +00:00
Miroslav Stampar
8b8fff41fe
cosmetics (adding html parsed DBMS) regarding heuristic check
2010-10-18 12:11:16 +00:00
Bernardo Damele
36bc410333
Minor bug fix
2010-10-18 09:50:23 +00:00
Miroslav Stampar
149837ebf5
added the same for proxy authorization header
2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e
fix for Bug #202
2010-10-18 08:54:08 +00:00
Miroslav Stampar
dcb9c2103a
just in case update
2010-10-15 11:20:19 +00:00
Bernardo Damele
5f6d88a418
Minor comment
2010-10-15 11:17:17 +00:00
Bernardo Damele
c5e385f77a
More layout adjustments
2010-10-15 10:28:34 +00:00
Miroslav Stampar
207bef7f19
fix for that SQLite3 vs SQLite2 issue
2010-10-15 09:39:41 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Bernardo Damele
1674142d82
Minor cosmetic fixes
2010-10-14 15:28:54 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
162d01abed
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
2010-10-14 11:06:28 +00:00
Miroslav Stampar
dc50543ea4
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
2010-10-13 23:01:23 +00:00
Miroslav Stampar
36ef8ca575
bug fix
2010-10-13 22:42:48 +00:00
Miroslav Stampar
02a14d4c45
added Referer (part of Feature #37 )
2010-10-13 22:08:09 +00:00
Miroslav Stampar
34580f56fc
added --tamper option
2010-10-12 22:45:25 +00:00
Miroslav Stampar
d2ec132469
added --text-only switch
2010-10-12 19:41:29 +00:00
Miroslav Stampar
1369529103
minor cosmetic update
2010-10-11 13:52:32 +00:00
Miroslav Stampar
43892cddbb
some updates
2010-10-11 12:26:35 +00:00
Miroslav Stampar
8fcad29bbf
new feature --forms (still unfinished)
2010-10-10 18:56:43 +00:00
Miroslav Stampar
adf2231edb
minor update
2010-10-06 13:38:03 +00:00
Miroslav Stampar
cf17debf79
changed connection message priority to critical (when verbose=0 it's displayed too)
2010-09-27 13:34:52 +00:00
Miroslav Stampar
13bb3a6212
minor update
2010-09-23 14:07:23 +00:00
Miroslav Stampar
da8ae5578b
first commit regarding Feature #144
2010-09-22 11:56:35 +00:00
Miroslav Stampar
975b96ae28
minor refactoring
2010-09-16 09:47:33 +00:00
Miroslav Stampar
1741801ade
implementation of HEAD/Range methods
2010-09-16 09:32:09 +00:00
Miroslav Stampar
b745331974
added null connection check
2010-09-16 08:43:10 +00:00
Miroslav Stampar
ecd6b573f7
added method parameter to the queryPage function
2010-09-15 14:17:17 +00:00
Miroslav Stampar
34a8cd75e3
added support for setting HTTP method manualy
2010-09-15 12:45:41 +00:00
Miroslav Stampar
798ab4989b
fix for a Bug #200
2010-09-14 10:35:01 +00:00
Miroslav Stampar
19fb2e3dcf
fix for Bug #165
2010-09-13 13:31:01 +00:00
Miroslav Stampar
53289c6a42
fix for bug reported by Marek Sarvas (unicode)
2010-09-09 14:03:45 +00:00
Miroslav Stampar
27d76847fe
fix for bug reported by Truong Duc Luong
2010-09-01 08:46:21 +00:00
Miroslav Stampar
436b7d82fb
fixed a bug reported by Marek Sarvas
2010-08-22 08:52:15 +00:00
Miroslav Stampar
057ec8a6b2
added --ratio option for direct manipulation of conf.matchRatio parameter
2010-08-10 19:53:29 +00:00
Miroslav Stampar
6a6ff09c9a
fix for a bug reported by Marek Sarvas
2010-07-26 08:11:28 +00:00
Miroslav Stampar
d2f88b6ebe
detecting infinite redirect loops (Feature #192 )
2010-07-19 12:38:30 +00:00
Miroslav Stampar
48a67d6d51
fix for "unknown charset 'windows-874'" reported by Phat R.
2010-07-15 08:44:42 +00:00
Miroslav Stampar
0d08903bc3
some charset fix up
2010-06-30 12:09:33 +00:00
Bernardo Damele
9ea72f9640
Minor bug fixes to -d
2010-06-25 13:24:43 +00:00
Bernardo Damele
9bce22683b
Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)
2010-06-11 10:08:19 +00:00
Bernardo Damele
fea2414759
Display HTTP request in -v>=3 even if connection failed
2010-06-10 14:42:17 +00:00
Bernardo Damele
5bb8e154eb
Minor code improvements
2010-06-10 14:15:32 +00:00
Miroslav Stampar
36953221f8
few quick changes
2010-06-10 11:34:17 +00:00
Miroslav Stampar
eaef068c90
major bug fix (different HTTP content charsets are now properly handled)
2010-06-09 14:40:36 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Bernardo Damele
e98b049e7f
Added unicode support also to PostgreSQL connector - see #184 .
2010-05-29 11:46:41 +00:00
Bernardo Damele
e811101dce
Minor bug fix
2010-05-28 23:39:52 +00:00
Miroslav Stampar
ac6ce478a0
just removing unneded and possible future source of confusion
2010-05-28 14:19:12 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
94354d0862
removing previous fix
2010-05-28 11:53:27 +00:00
Bernardo Damele
f26de89216
Minor bug fix to correctly deal with unicode queries with -d
2010-05-28 11:32:10 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Miroslav Stampar
5d5ebd49b6
introducing regex caching mechanism
2010-05-21 14:42:59 +00:00
Bernardo Damele
cda8da288c
Minor adjustment
2010-05-21 12:18:43 +00:00
Miroslav Stampar
f6bffb61d3
minor adjustment
2010-05-21 11:51:43 +00:00
Miroslav Stampar
460a1ba872
fix for my imperfect calculations :)
2010-05-21 11:41:49 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Miroslav Stampar
b8a5a54395
minor update
2010-05-15 20:44:08 +00:00
Miroslav Stampar
4984ceac49
some code refactoring and minor speed up (jump prediction rule)
2010-05-14 15:20:34 +00:00
Miroslav Stampar
ed20f1cf33
some more speed up (one time compilation of popular regexes)
2010-05-14 14:48:54 +00:00
Miroslav Stampar
3ead88c364
minor tweak
2010-05-14 14:36:54 +00:00
Miroslav Stampar
131789a6e4
some code refactoring
2010-05-14 14:21:13 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Bernardo Damele
8b74c405f5
Minor output bug fix
2010-05-11 14:15:03 +00:00
Bernardo Damele
457d32c73e
Proper displaying of debug messages (-v >= 2)
2010-05-11 13:58:53 +00:00
Bernardo Damele
44ea8f1861
Minor adjustment
2010-05-06 11:00:58 +00:00
Bernardo Damele
147e14356d
Major bug fix (reported by Thierry Zoller)
2010-05-06 10:52:40 +00:00
Miroslav Stampar
4928c684b3
one more thing
2010-05-04 08:45:10 +00:00
Miroslav Stampar
789dd6c66f
more quick fixes
2010-05-04 08:43:14 +00:00
Miroslav Stampar
af701cdaa2
better way to handle that last commit problem
2010-05-04 08:36:35 +00:00
Miroslav Stampar
5bc07426e0
added exception handler around block reported by Thierry Zoller
2010-05-04 08:03:48 +00:00
Bernardo Damele
90d9900371
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
2010-04-30 15:48:40 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Miroslav Stampar
1aeaa5db47
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
2010-04-16 12:44:47 +00:00
Bernardo Damele
5e86087cb1
Minor bug fix for -d to avoid resuming queries when they're SELECT on sqlmap own tables, aligned to same resume of -u now.
2010-04-15 10:06:38 +00:00
Bernardo Damele
eecee3b274
Added resume functionality to -d and fixed logging with -d
2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
2010-04-09 15:48:53 +00:00
Miroslav Stampar
63c70018ca
fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com
2010-04-09 10:16:15 +00:00
Miroslav Stampar
6e7be5edb0
another fix
2010-04-06 15:51:36 +00:00
Miroslav Stampar
c303feab17
fix
2010-04-06 15:14:32 +00:00
Miroslav Stampar
e2810003ae
more update
2010-04-06 15:12:52 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
bfc12e93c5
ms access returns -1 for True
2010-03-30 11:33:51 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
8e57767c48
Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET
2010-03-23 10:27:39 +00:00
Bernardo Damele
d13ad8b2d7
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 15:39:29 +00:00
Bernardo Damele
72f3674844
Minor bug fix
2010-03-18 17:36:58 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
466df89c4a
Fixes #178 and #179 - proper handling of custom redirects
2010-03-16 14:30:57 +00:00