Commit Graph

1464 Commits

Author SHA1 Message Date
Miroslav Stampar
38541b021a Implementing hidden switch '--force-threads' on request (to force multi-threading in time-based SQLi) 2015-09-26 00:09:17 +02:00
Miroslav Stampar
27707be467 Fixes #1416 2015-09-17 17:09:36 +02:00
Miroslav Stampar
65a8f0fe32 Minor enhancement 2015-09-17 15:25:40 +02:00
Miroslav Stampar
5de1825d0c Fixes #1412 2015-09-15 10:48:23 +02:00
Miroslav Stampar
f89ce2173f Fixes #1404 2015-09-12 15:13:30 +02:00
Miroslav Stampar
f494004f44 Switching to the getSafeExString (where it can be used) 2015-09-10 15:51:33 +02:00
Miroslav Stampar
c1f829d131 Removing last remnants of bad handling the exceptions as strings 2015-09-08 11:15:31 +02:00
Miroslav Stampar
6a01d2e430 Fixes #1366 2015-08-30 02:13:07 +02:00
Miroslav Stampar
1f5e6606a7 Fixes #1357 2015-08-25 02:03:56 +02:00
Miroslav Stampar
54d65328bc Patch for negative logic (e.g. OR) cases (reported privately) 2015-08-18 03:09:01 +02:00
Miroslav Stampar
310d79b8f1 Adding special variable 'lastPage' to the eval code (by request from ML) 2015-08-14 23:29:31 +02:00
Miroslav Stampar
e5863d8b89 Minor patch 2015-08-12 21:43:13 +02:00
Miroslav Stampar
b0bc3149f9 Fixes #1315 2015-07-26 16:18:41 +02:00
Miroslav Stampar
314df093f1 Fixes #1314 2015-07-26 16:06:01 +02:00
Miroslav Stampar
21e8182ac6 Fixes #1305 2015-07-18 17:01:34 +02:00
Miroslav Stampar
16f8e4c8ba Removing unused imports 2015-07-12 12:25:02 +02:00
Miroslav Stampar
10f8c6a0b6 Introducing --offline switch (to perform session only lookups) 2015-07-10 16:10:24 +02:00
Miroslav Stampar
e4b23c9beb Minor fix regarding POST redirects (ML) 2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7 Minor patch for #1260 2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7 Minor patch for #1260 2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda Adding a support for SNI (Issue #1256) 2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028 Minor fix for (hidden) switch '--dummy' 2015-05-29 17:30:02 +02:00
Miroslav Stampar
e8f87bfa41 Minor patches related to the #1206 2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba Fixes related to the #1206 2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9 Conflict fix 2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c Minor update (for Windows-31j charset) 2015-05-09 14:32:55 +02:00
Miroslav Stampar
bb98894dc1 Adding option --safe-req 2015-04-22 16:28:54 +02:00
Miroslav Stampar
c5138d4696 Minor refactoring 2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae Adding an option --safe-post 2015-04-20 23:55:59 +02:00
Miroslav Stampar
99c1cc9937 Fixes #1208 2015-03-26 17:17:46 +01:00
Miroslav Stampar
fc0186e029 Minor update 2015-03-26 12:39:44 +01:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e fix mandatorily depend of websocket #1198 2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6 remove Host header field and add cookie support #1198 2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2 modified error handle #1198 2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7 determine whether it's websocket when connect #1198 2015-03-24 17:19:37 +08:00
Miroslav Stampar
05a496c275 Fixes #1196 2015-03-20 00:56:52 +01:00
Christ van Willegen
80fb2e29cc Fix some spelling errors in help texts (through -> thorough) 2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca Fixes #1185 2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd Minor update (not overriding user given 'Accept-Encoding' header value) 2015-03-03 14:37:36 +01:00
Miroslav Stampar
dde400ab8f More suitable version of 6bcc95a (suggested by user) 2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z]) 2015-02-24 15:05:44 +01:00
Miroslav Stampar
1636088b75 Minor update 2015-02-16 11:48:53 +01:00
Miroslav Stampar
38011743bb Patch for an Issue #1157 2015-02-04 15:01:19 +01:00
Miroslav Stampar
59f0da369d Patch for a bug reported via ML (Accept header ignored in --headers) 2015-02-02 22:07:16 +01:00
Miroslav Stampar
9e90e357cf Patch for an Issue #1146 2015-01-30 21:59:03 +01:00
Miroslav Stampar
e73ac6c8e3 Minor patch on request of an user 2015-01-17 21:47:57 +01:00
Miroslav Stampar
c2b2ccd2b5 Minor bug fix 2015-01-17 17:31:00 +01:00
Miroslav Stampar
54e9a1fb2d Minor style update 2015-01-14 16:11:55 +01:00
Miroslav Stampar
8e03f4db0f Patch for an Issue #1062 2015-01-09 15:33:53 +01:00
Miroslav Stampar
450b3c93cb Potential patch for an Issue #1093 2015-01-07 11:40:11 +01:00
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
c474c16b4a Removing ML email address 2015-01-06 12:30:49 +01:00
Miroslav Stampar
41c2f889b2 Fix related to the SSLv3 disabling 2014-12-30 15:44:55 +01:00
Miroslav Stampar
1e014de6be Patch for an Issue #1066 2014-12-26 22:24:28 +01:00
Miroslav Stampar
6972020faf Bug fix for login-like SQLi (OR with 500 result) 2014-12-18 15:58:19 +01:00
Miroslav Stampar
180ede0cb3 Minor patch 2014-12-15 14:07:28 +01:00
Miroslav Stampar
20c272b77d More generic patch for an Issue #994 2014-12-07 16:14:48 +01:00
Miroslav Stampar
4e7f835eae Patch for an Issue #994 2014-12-07 16:11:07 +01:00
Miroslav Stampar
d3060f20d7 Minor improvement 2014-12-03 13:22:55 +01:00
Miroslav Stampar
17db587e2c Adding some friendly warning messages (regarding blocking) 2014-12-03 10:06:21 +01:00
Miroslav Stampar
7a04595f5e Added a reference url (http charset priority) 2014-12-01 11:15:45 +01:00
Miroslav Stampar
a0d95a8ec4 Refactoring of #952 2014-11-24 12:56:39 +01:00
Miroslav Stampar
27cd9e7064 Merge pull request #952 from Rexikon/patch-1
Update httpshandler.py, AttributeError PROTOCOL_SSLv3
2014-11-24 12:52:27 +01:00
Miroslav Stampar
05f7b1f121 Patch for an Issue #970 2014-11-24 10:55:19 +01:00
Miroslav Stampar
1fc4d0e3c4 Update for an Issue #431 2014-11-21 10:31:55 +01:00
Miroslav Stampar
cf2d5fd453 Update for an Issue #431 2014-11-21 09:41:49 +01:00
Miroslav Stampar
34ce774acd Patch for an Issue #956 2014-11-21 09:41:49 +01:00
Rexikon
4da20679ee Update httpshandler.py
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
2014-11-19 16:36:30 +01:00
Miroslav Stampar
05d5342f20 Update and patch for an Issue #2 2014-11-17 11:50:05 +01:00
Miroslav Stampar
c5df45a14f Minor bug fix (skipping HTML decoding in heuristic mode) 2014-11-11 11:23:14 +01:00
Miroslav Stampar
71c43be53a Patch for an Issue #901 2014-11-05 10:03:19 +01:00
Miroslav Stampar
49d3860b1f Minor fix 2014-10-31 20:22:15 +01:00
Miroslav Stampar
df73be32f1 Fix for an Issue #876 2014-10-28 14:41:21 +01:00
Miroslav Stampar
3b3b8d4ef2 Potential bug fix (escaping formatted regular expressions) 2014-10-28 14:02:55 +01:00
Miroslav Stampar
268e774087 Minor refactoring 2014-10-28 13:44:55 +01:00
Miroslav Stampar
f89e94fb8c Minor refactoring 2014-10-28 13:42:13 +01:00
Miroslav Stampar
6448d3caf4 Implementing support for csrfcookie (Issue #2) 2014-10-24 09:37:51 +02:00
Miroslav Stampar
5e31229d48 Minor cosmetic update 2014-10-23 15:18:22 +02:00
Miroslav Stampar
abbd352392 Support for X-CSRF-TOKEN header (Issue #2) 2014-10-23 14:33:22 +02:00
Miroslav Stampar
fc1b05bec9 Implementation for an Issue #2 2014-10-23 11:23:53 +02:00
Miroslav Stampar
8dcad46805 Update basic.py 2014-10-22 23:16:46 +02:00
Miroslav Stampar
2f18df345e Minor patch 2014-10-22 13:41:36 +02:00
Miroslav Stampar
268095495e Minor patch 2014-10-22 13:32:49 +02:00
Miroslav Stampar
3ebc5faa34 Falling back to partial UNION if large dump connects out 2014-10-21 09:23:34 +02:00
Miroslav Stampar
1e636fb925 Minor patch regarding Issue #840 2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f Fix for an Issue #838 2014-09-26 17:00:50 +02:00
Miroslav Stampar
bfc8ab0e35 Language update 2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved) 2014-09-08 14:33:13 +02:00
Miroslav Stampar
bbf0be1f8d Bug fix (Issue #813) 2014-09-03 22:09:12 +02:00
Miroslav Stampar
9476359255 Bug fix 2014-08-28 12:50:39 +02:00
Miroslav Stampar
e68326c0fe expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work 2014-08-26 22:57:08 +02:00
Miroslav Stampar
dcaad75a1e Fix for an Issue #794 2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306 Minor patch 2014-08-22 14:45:23 +02:00
Miroslav Stampar
58d93ffb2b Fix for falling back to partial union (excluding scalar queries) 2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d Language update 2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692 Minor refactoring 2014-08-20 23:42:40 +02:00
Miroslav Stampar
b4fbb9cafe Minor upgrade 2014-08-20 13:52:48 +02:00
Miroslav Stampar
6caccc3d93 Bug fix for ultra-slow processing of binary data 2014-08-20 01:38:01 +02:00
Miroslav Stampar
3cfa63646b Minor bug fix 2014-07-19 23:17:23 +02:00
Miroslav Stampar
32af0b17b0 Update for an Issue #760 2014-07-10 08:49:20 +02:00
Miroslav Stampar
686fe4d0e9 Another patch for DNS exfiltration and boolean checks 2014-06-27 14:22:00 +02:00
Miroslav Stampar
2f8d17bcb7 Appendix to last commit 2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a Fix for DNS exfiltration of boolean checks 2014-06-27 13:07:34 +02:00
Miroslav Stampar
2a88436417 Patch for an Issue #724 2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac Patch for an Issue #719 2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6 Patch for an Issue #716 2014-06-10 21:57:54 +02:00
Miroslav Stampar
680ab10ca6 Patch for an Issue #703 2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250 Minor fix (related to the unknown encoding reported by ML) 2014-05-22 09:03:14 +02:00
Miroslav Stampar
c181e909b5 Minor fix 2014-05-16 23:47:00 +02:00
Miroslav Stampar
2e96e3c924 Adding a hidden switch --ignore-401 2014-04-29 23:26:45 +02:00
Miroslav Stampar
2d3a74a0fe Patch for an Issue #667 2014-04-07 21:01:40 +02:00
Miroslav Stampar
bf18b025d6 Minor removal of redundant code 2014-04-06 18:09:54 +02:00
Miroslav Stampar
7cc4159316 Renaming conf.cDel to conf.cookieDel 2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Miroslav Stampar
492a410bcc Minor fix 2014-04-04 16:14:53 +02:00
Miroslav Stampar
e7e8a3965a Minor fix 2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd Patch related to the Issue #661 2014-04-02 22:34:37 +02:00
Miroslav Stampar
e8c1c90f2e Whitespace was being double encoded in case of spaceplus (' '->%2B) 2014-03-25 22:02:14 +01:00
Miroslav Stampar
106102bd3c Fix for an Issue #648 2014-03-21 20:28:29 +01:00
Miroslav Stampar
be3fd8bb29 Fix for an Issue #638 2014-03-14 16:44:56 +01:00
Miroslav Stampar
f1f53a5841 Minor cosmetic update 2014-03-06 21:08:31 +01:00
Miroslav Stampar
cc62a8adc9 Bug fix for JSON-like data (proper escaping of quotes) 2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc Adding support for JSON-like data with single quote 2014-02-26 08:56:17 +01:00
Miroslav Stampar
fc02badf40 Minor update 2014-01-23 08:33:21 +01:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
36f3ab5798 Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True) 2014-01-09 15:46:55 +01:00
Miroslav Stampar
5437f8bf36 Fix for an Issue #85 2014-01-02 12:09:58 +01:00
Miroslav Stampar
4de83daf03 Minor style update 2014-01-02 11:06:19 +01:00
Miroslav Stampar
b0ca34ff27 Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None) 2013-12-04 10:09:54 +01:00
Bernardo Damele
59b6791faa minor improvement 2013-11-19 00:24:47 +00:00
Miroslav Stampar
8dac47f7e5 Minor patch (for recognition of x-mac-turkish codec) 2013-10-21 20:04:48 +02:00
Miroslav Stampar
344d3f4b5f Minor patch 2013-10-12 21:05:18 +02:00
Miroslav Stampar
18d9e1dbc3 Minor update due to reported (debug) problems with SSLv23 2013-10-04 10:53:49 +02:00
Miroslav Stampar
a3defc175d Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself) 2013-09-11 23:17:18 +02:00
Miroslav Stampar
81409ce6da Minor patch 2013-09-02 10:54:32 +02:00
Miroslav Stampar
dd39913cf6 Improvement for an --eval mechanism 2013-08-31 00:28:51 +02:00
Miroslav Stampar
3a57af1452 Minor fix 2013-08-30 15:26:03 +02:00
Miroslav Stampar
88b992ad83 Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly) 2013-08-23 11:54:08 +02:00
Miroslav Stampar
23f2c5f166 Finishing implementation for an Issue #58 2013-08-20 19:35:49 +02:00
Miroslav Stampar
4929cff0c0 Minor update 2013-08-13 06:42:49 +02:00
Miroslav Stampar
b2855e0281 Minor patch 2013-08-12 14:25:51 +02:00
Miroslav Stampar
a711c9ed36 Minor cleanup and initial work for #58 2013-08-09 14:13:48 +02:00
Miroslav Stampar
32c1cb20f5 Fix for an Issue #497 2013-08-01 19:48:20 +02:00
Miroslav Stampar
953b5815d8 Implementation for an Issue #496 2013-07-31 21:15:03 +02:00
Miroslav Stampar
6b826ef64d Reintroducing option --cookie-del 2013-07-31 20:41:19 +02:00
Miroslav Stampar
ca44b23d20 Implementation for --eval to support cookies 2013-07-31 17:29:16 +02:00
Miroslav Stampar
eaacbe0b12 Minor language fix 2013-07-31 09:24:34 +02:00
Miroslav Stampar
f54082111d Better way how to deal with required extensions 2013-07-13 19:25:49 +02:00
Miroslav Stampar
3f6d4083a7 Minor language update 2013-07-13 17:19:16 +02:00
Miroslav Stampar
31efabfca1 Appropriate error messaging when one of core libraries are missing due to erroneous Python build 2013-07-13 16:07:36 +02:00
Miroslav Stampar
4d9f8ad0dd Commit related to the last one 2013-07-13 12:00:03 +02:00
stamparm
a53823f9b7 Minor refactoring 2013-06-19 10:59:26 +02:00
Miroslav Stampar
f185e5cdd5 Fix for an Issue #463 2013-06-10 22:26:34 +02:00
Miroslav Stampar
6f49b96a2d Fix for an Issue #462 2013-06-10 12:20:58 +02:00
Miroslav Stampar
39612b5d87 Fix for an Issue #457 2013-06-04 23:46:39 +02:00
Miroslav Stampar
3e0f747fad Minor fix 2013-06-04 00:05:25 +02:00
Miroslav Stampar
edc9da1226 Minor refactoring 2013-06-03 15:14:56 +02:00
stamparm
6b280d8da4 Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup) 2013-05-28 14:40:45 +02:00
stamparm
659c0bb418 Minor fix 2013-05-27 10:38:47 +02:00
stamparm
4b2cf07262 Minor style update 2013-05-20 16:15:35 +02:00
Miroslav Stampar
ea5c742595 Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled) 2013-05-18 21:30:21 +02:00
Miroslav Stampar
f24c8c6b6b Changing logging type to warning for parsed error messages 2013-05-18 16:17:56 +02:00
stamparm
03732d2592 Minor fix 2013-05-17 16:04:05 +02:00
stamparm
76b4e1ccb9 Implementation for an Issue #450 2013-05-17 15:04:25 +02:00
stamparm
887109a12d Minor bug fix (for not displaying heuristic detected page charset None) 2013-04-30 18:16:32 +02:00
stamparm
ebe8ee3500 Fix for crawler and redirection case 2013-04-30 18:08:26 +02:00
stamparm
09e7f4f697 Minor bug fix regarding traffic logging of redirected requests 2013-04-30 17:46:26 +02:00
stamparm
1035ee9c3d Patch for an Issue #442 2013-04-26 14:49:24 +02:00
stamparm
e3a02f56e6 Just in case for --force-ssl (if url is returned in e.g. refresh toward the target) 2013-04-24 12:35:39 +02:00
stamparm
6fed1921ed Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy) 2013-04-16 14:17:41 +02:00
stamparm
140cffbde2 Patch for an Issue #434 2013-04-15 15:57:28 +02:00
Miroslav Stampar
ed5599f489 In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority 2013-04-12 19:20:33 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
Miroslav Stampar
240e9f3f7e Minor patch 2013-04-07 11:02:43 +02:00
Miroslav Stampar
df4fd82515 Minor update 2013-04-03 23:27:27 +02:00
Miroslav Stampar
c75a2d0c40 Minor patch 2013-04-03 21:31:37 +02:00
stamparm
e1ffdde532 Little cleaning a mess with url encoding and post hint types 2013-03-27 13:39:27 +01:00
Miroslav Stampar
c19a283434 Minor patch 2013-03-26 20:06:50 +01:00
stamparm
7accba4cf9 Minor update 2013-03-26 16:10:41 +01:00
stamparm
7447773237 Update for consistency (all other enums are using _ in between words) 2013-03-20 11:10:24 +01:00
Miroslav Stampar
8acf033715 Code refactoring 2013-03-19 19:24:14 +01:00
stamparm
6969874c02 Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values) 2013-03-19 10:52:37 +01:00
stamparm
e226006766 Trivial fix 2013-03-18 13:29:55 +01:00
stamparm
5e02bcbd58 Minor adjustment 2013-03-18 12:16:16 +01:00
Miroslav Stampar
eb08c8d752 Another update for an Issue #352 2013-03-13 19:42:22 +01:00
Miroslav Stampar
2f43c3eb9b Minor fix (digest live test case) and some refactoring 2013-03-12 21:16:44 +01:00
Miroslav Stampar
84a5bdb9cf Trivial cosmetics 2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9 Using binary data in dummy mode 2013-03-09 19:40:24 +01:00
Miroslav Stampar
62980d7d5a Automatically decoding url encoded data in response 2013-03-05 17:32:10 +01:00
Miroslav Stampar
0e89cc62a2 Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections 2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 13:51:08 +01:00
stamparm
69063947b6 Debug message should go with logging.DEBUG 2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee do not prompt constantly if the page is not found 2013-02-18 18:08:20 +00:00
Miroslav Stampar
11bcf28d86 Fix for an Issue #399 2013-02-15 10:04:13 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
a0b44da5d8 Minor fix for --threads>1 --binary-fields 2013-02-13 20:47:27 +01:00
Miroslav Stampar
d78a3e977b Update (allowing regular char * to be inside SOAP/JSON/XML) 2013-02-13 12:24:42 +01:00
Miroslav Stampar
1d42aba01e Minor update regarding 093a93938c (for goStacked to work properly with stacked conditional payloads - e.g. proper suffix/prefix) 2013-02-12 17:35:14 +01:00
Miroslav Stampar
c34f6e25b2 Minor fix for --eval (urldecoded values should be used inside evaluation) 2013-02-12 17:01:47 +01:00
Bernardo Damele
2fa2f30d21 slighlty better, still not optimal 2013-02-06 17:45:52 +00:00
Bernardo Damele
b272b0574d minor fix to reset partRun value - #297 2013-02-06 17:09:28 +00:00
Miroslav Stampar
62772125e3 Bug fix for HTTPSCertAuthHandler 2013-02-05 12:16:06 +01:00
Miroslav Stampar
6d942f92b5 Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.)) 2013-02-01 10:03:06 +01:00
Miroslav Stampar
f5844eabae Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60 2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626 Update for an Issue #342 and #372 2013-01-31 10:01:52 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
a59ac8e27f Trivial cosmetics 2013-01-29 16:30:38 +01:00
Miroslav Stampar
479f791112 Minor fix 2013-01-25 12:41:51 +01:00
Chris Frohoff
218a6a9695 fixed response header logging for header names with special chars 2013-01-23 11:10:25 -08:00
Miroslav Stampar
59b02539ca More general approach regarding that last commit 2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07 Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query) 2013-01-22 11:29:51 +01:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Miroslav Stampar
ac7709204a Better fix for that page/headers/comparison --string candidate problem 2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985 Revert of previous commit (more care has to be done regarding headers dynamicity) 2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c Fix for an Issue where '--string' is being automatically picked not looking properly in headers too 2013-01-18 16:35:09 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
17d36684b5 Removing obsolete proxy handling code (Python < 2.6) 2013-01-18 11:30:52 +01:00
Miroslav Stampar
e941e60b20 Minor just in place update for an Issue #348 2013-01-17 22:44:55 +01:00
Bernardo Damele
38eb4eb33e Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-17 21:03:11 +00:00
Bernardo Damele
b6e44ae64e fix for #349 (compatible with all others DBMSes too) 2013-01-17 21:03:03 +00:00
Miroslav Stampar
a8e3fd58c5 Implementation for an Issue #348 2013-01-17 21:49:58 +01:00
Miroslav Stampar
8480ceddcb Minor style update 2013-01-17 19:55:56 +01:00
Miroslav Stampar
f7eda07d92 Patch for an Issue #347 2013-01-17 15:30:14 +01:00
Miroslav Stampar
3ab4a5e36d Fix for an Issue #345 2013-01-17 11:50:12 +01:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Miroslav Stampar
fb7243c237 Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs 2013-01-16 16:04:00 +01:00
Bernardo Damele
e16ad38d3e more work on #342 2013-01-15 18:15:07 +00:00
Bernardo Damele
329047fc12 restored fix for #210 to keep --hex work with --technique B 2013-01-15 17:51:40 +00:00
Bernardo Damele
2a751e075d more work on #342 2013-01-15 17:14:44 +00:00
Bernardo Damele
4eaa0d17aa Fix in forging query to calculate query output length - closes issue #342 2013-01-15 15:50:20 +00:00
Miroslav Stampar
5ee653dd89 Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson 2013-01-15 10:14:02 +01:00
Miroslav Stampar
03dd958d96 Implementation for an Issue #48 2013-01-13 16:22:43 +01:00
Miroslav Stampar
81848c723d Minor cleanup (we officially support Python >= 2.6) 2013-01-11 16:01:48 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
127b880577 Minor update 2012-12-27 15:14:40 +01:00
Bernardo Damele
9149d77cc8 removed duplicate code - fixes issue #310 2012-12-19 12:17:56 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae Debug message with declared page charset 2012-12-19 11:16:42 +01:00
Miroslav Stampar
2b64c10710 Patch for an Issue #304 2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922 Another implementation for an Issue #302 2012-12-17 15:08:54 +01:00
Miroslav Stampar
60baf5071e Patch for an Issue #302 2012-12-17 00:40:01 +01:00
Miroslav Stampar
c41618416c Removing trailing blanks 2012-12-14 12:00:45 +01:00
Miroslav Stampar
013dc8bc98 Another minor update for an Issue #267 2012-12-10 13:07:36 +01:00
Miroslav Stampar
8bd0080bf4 Minor update for an Issue #267 2012-12-10 13:05:41 +01:00
Miroslav Stampar
96df0ba061 Implemented support for plain , chars too (Issue #267) 2012-12-10 12:58:17 +01:00
Miroslav Stampar
d0ea4c65c5 Minor styl eupdate for an Issue #267 2012-12-10 12:54:01 +01:00
Miroslav Stampar
5606a860ce Oracle supports inline comments too (Issue #267) 2012-12-10 12:00:15 +01:00
Miroslav Stampar
a024884ca7 Support for a HTTP parameter pollution (Issue #267) 2012-12-10 11:55:31 +01:00
Miroslav Stampar
73968a448c Minor update 2012-12-07 15:29:54 +01:00
Miroslav Stampar
e129a30e6b Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 12:40:19 +01:00
Miroslav Stampar
fccad15cfa Minor update for an Issue #288 2012-12-07 12:14:33 +01:00
Miroslav Stampar
75e6d77fbc Minor refactoring 2012-12-07 11:54:34 +01:00
Miroslav Stampar
fbaeecdaf9 Patch for an Issue #288 2012-12-07 11:52:21 +01:00
Miroslav Stampar
c0fc12beb2 Minor update for an Issue #288 2012-12-07 11:23:18 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46 Introducing 'new style classes' (idea from Pull request #284) 2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c Taking some goodies from Pull request #284 2012-12-06 10:21:53 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
79fca8e9d5 Fix for an Issue #268 2012-12-03 12:13:59 +01:00
Miroslav Stampar
605d73cc3d Minor refactoring 2012-11-29 12:21:12 +01:00
Miroslav Stampar
c40dded28c Fix for an Issue #250 2012-11-20 12:10:29 +01:00
Miroslav Stampar
5b3fe25211 Improving comparison engine (removing shared prelude part to further sharpen if pages are identical - especially noticable in small test pages) 2012-11-13 15:22:59 +01:00
Miroslav Stampar
a52dbc575b Patch for an Issue #246 2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413 Patch for an Issue #235 2012-11-10 11:01:29 +01:00
Miroslav Stampar
359e734954 Minor refactoring 2012-10-29 10:48:49 +01:00
Miroslav Stampar
25a5073281 Bug fix for --hex/--technique=B (especially MsSQL) 2012-10-28 12:22:33 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863 Minor fix 2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b Bug fix (in --dump mode if error/inband failed with None other techniques were ignored) 2012-10-27 23:42:52 +02:00
Miroslav Stampar
12fc9442b9 Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 10:10:23 +02:00
Miroslav Stampar
b82eb3a1ae Fix for an Issue #210 2012-10-23 13:58:25 +02:00
Miroslav Stampar
3f596cda85 Minor fix for --dump --technique=B when empty strings are returned 2012-10-22 11:49:23 +02:00
Miroslav Stampar
21481df239 Minor update for Issue #209 2012-10-21 19:00:37 +02:00
Miroslav Stampar
fb1497aa89 Minor update for Issue #209 2012-10-21 18:53:31 +02:00
Miroslav Stampar
261b286021 Fix for an Issue #209 2012-10-20 13:17:45 +02:00
Miroslav Stampar
6a271fe800 Update for an Issue #2 2012-10-19 11:29:03 +02:00
Miroslav Stampar
998eb70288 Minor update 2012-10-19 11:05:10 +02:00
Miroslav Stampar
987f167e12 Minor update 2012-10-19 11:03:54 +02:00
Miroslav Stampar
d65d9e25cd Implementation for an Issue #2 2012-10-19 11:02:14 +02:00
Miroslav Stampar
688a2db27a Fix for an Issue #208 2012-10-19 10:04:09 +02:00
Miroslav Stampar
b5060c0010 Fix for an Issue #205 2012-10-16 14:28:46 +02:00
Miroslav Stampar
2cb1b054bb Implementation for an Issue #79 2012-10-16 12:32:58 +02:00
Miroslav Stampar
42b2c85517 Minor cosmetics 2012-10-15 18:45:13 +02:00
Miroslav Stampar
c7cf8b2e80 Minor refactoring of direct() 2012-10-15 18:41:41 +02:00
Miroslav Stampar
e440b096c5 Fix for an Issue #202 2012-10-15 12:24:30 +02:00
Miroslav Stampar
e61c4c22c9 Implementation for an Issue #200 2012-10-09 15:19:47 +02:00
Miroslav Stampar
5a91b6e622 Minor cleanup 2012-10-09 10:21:52 +02:00
Miroslav Stampar
8e7449ccd5 Minor update 2012-10-07 20:28:24 +02:00
Miroslav Stampar
ff205f088b Minor update 2012-10-07 20:12:55 +02:00
Miroslav Stampar
098e446ca4 Adding support for generic XML POST data 2012-10-04 18:44:12 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
8865fe69d7 Minor cleanup 2012-10-04 18:26:07 +02:00
Miroslav Stampar
d464678e10 Minor update for an Issue #49 2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18 Better treating of numeric values (Issue #49) 2012-10-04 16:08:37 +02:00
Miroslav Stampar
461e5ebc5f Work for Issue #197 and Issue #49 2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5 Implementation for an Issue #49 2012-10-02 14:23:58 +02:00
Miroslav Stampar
763dc98311 Minor refactoring 2012-10-02 13:36:15 +02:00
Miroslav Stampar
a8aecaa036 Minor style update 2012-10-02 13:33:10 +02:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
ec43ceec40 Some more cleanup related to the last commit (unneeded manual crafting/unneeded closing with ;) 2012-09-25 14:29:22 +02:00
Miroslav Stampar
c9e7e71ea2 Implementation for an Issue #195 2012-09-25 10:17:25 +02:00
Miroslav Stampar
d175decdfc Fix for an Issue #190 2012-09-22 20:59:40 +02:00
Miroslav Stampar
e570858db9 Implementation for an Issue #183 2012-09-12 11:50:38 +02:00
Miroslav Stampar
511c3b8dcc Update and fix for an Issue #182 2012-09-11 14:58:52 +02:00
Miroslav Stampar
10b671d625 Update for an Issue #182 2012-09-11 12:08:34 +02:00
Miroslav Stampar
5d23d72ff5 Fix for an Issue #176 2012-09-08 17:58:03 +02:00
Miroslav Stampar
dbce417cdd Potential fix for an Issue #171 2012-09-02 22:48:41 +02:00
Miroslav Stampar
b916db34a4 Another update for an Issue #79 2012-08-31 12:38:02 +02:00
Miroslav Stampar
47d162f391 Minor update (same but cleaner) 2012-08-31 12:27:40 +02:00
Miroslav Stampar
7286d89cb6 Few fixes for an Issue #79 (problem with case sensitivity of request get_header) 2012-08-31 12:15:09 +02:00
Miroslav Stampar
cdd3ed6abc Minor bug fix 2012-08-30 14:22:18 +02:00
Miroslav Stampar
32a36f1ff3 El Cosmeticado 2012-08-22 09:58:39 +02:00
Miroslav Stampar
d421f9a618 Fix for an Issue #157 2012-08-21 14:34:19 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
b9c63eb908 Fix for an Issue #156 2012-08-21 10:46:29 +02:00
Miroslav Stampar
7a8ace78f9 Removing redundant newline char as logger already adds it's own 2012-08-21 09:58:40 +02:00
Miroslav Stampar
233b9a3815 Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those) 2012-08-20 22:17:39 +02:00
Miroslav Stampar
823dde73ab Minor cleanup 2012-08-20 11:40:49 +02:00
Miroslav Stampar
76338add17 Fix for an Issue #152 2012-08-20 10:41:43 +02:00
Miroslav Stampar
fec8a5cc9d Fix for an Issue #139 2012-08-07 00:50:58 +02:00
Miroslav Stampar
142fc887f1 Fix for an Issue #129 2012-07-31 11:03:44 +02:00
Miroslav Stampar
47073f4afd Implementation of an Issue #131 2012-07-30 21:50:46 +02:00
Miroslav Stampar
a86f9798b2 Minor refactoring together with a wider support for html entities 2012-07-30 11:21:32 +02:00
Miroslav Stampar
07738004cc Fix for an Issue #123 2012-07-27 10:02:47 +02:00
Miroslav Stampar
a5062c1e4f Adding a warn message when --dns-domain is ignored (because of faster techniques) 2012-07-27 09:48:48 +02:00
Bernardo Damele
92c2b3bd4c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-26 23:11:11 +01:00
Bernardo Damele
d492291744 working on issue #12 2012-07-26 23:11:07 +01:00
Miroslav Stampar
efa99c4519 Implementation for an Issue #4 2012-07-26 14:07:05 +02:00
Miroslav Stampar
b3552494c4 Minor preparation for an Issue #48 2012-07-26 12:26:57 +02:00
Miroslav Stampar
30f8d09651 Implementation for an Issue #70 2012-07-26 12:06:02 +02:00
Miroslav Stampar
f8c9868cb6 Implementation for an Issue #118 2012-07-24 15:34:50 +02:00
Miroslav Stampar
1153b4563c Minor update for an Issue #111 2012-07-23 18:44:50 +02:00
Miroslav Stampar
fccd69721e Update for an Issue #111 2012-07-23 18:38:46 +02:00
Miroslav Stampar
ab9cb80602 Implementing Issue #111 2012-07-23 15:14:52 +02:00
Miroslav Stampar
63bf99ce77 Minor just in case update for an Issue #117 2012-07-23 14:46:43 +02:00
Miroslav Stampar
c6b724489b Minor style update 2012-07-23 14:26:42 +02:00
Miroslav Stampar
a7d1a0c250 Implementation for an Issue #117 2012-07-23 14:14:22 +02:00
Miroslav Stampar
534eccc9aa Fix for an Issue #115 2012-07-23 10:16:47 +02:00
Miroslav Stampar
f336afa913 Implementation for Issue #108 2012-07-20 09:48:09 +02:00
Miroslav Stampar
81d15e5051 Fix for an Issue #101 2012-07-17 00:19:33 +02:00
Miroslav Stampar
0e21cb54de Minor fix related to Issue #94 2012-07-16 16:06:39 +02:00
Miroslav Stampar
87ecf205cb More work for Issue #66 2012-07-14 17:01:04 +02:00
Miroslav Stampar
805120ac52 Minor refactoring 2012-07-14 11:01:30 +02:00
Miroslav Stampar
ddb9caeef1 Revert of the previous commit 2012-07-13 15:05:19 +02:00
Miroslav Stampar
d165d5d5fe To not be confused with heuristic method in SQLi 2012-07-13 15:03:43 +02:00
Miroslav Stampar
3c81f74823 Minor style update 2012-07-13 12:22:37 +02:00
Miroslav Stampar
d834e8debf Minor update 2012-07-13 10:28:03 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Bernardo Damele
ea9c66108e cleanup for issue #68 2012-07-12 15:38:43 +01:00
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Bernardo Damele
33cbbed4a8 I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided 2012-07-12 01:39:15 +01:00
Bernardo Damele
3a94953ae2 leftover from previous commit 2012-07-12 01:15:34 +01:00
Bernardo Damele
31571e6e2d minor refactoring 2012-07-11 11:55:05 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Miroslav Stampar
2669528b24 Language typo 2012-07-07 11:16:33 +02:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Bernardo Damele
6697927098 initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap 2012-07-02 02:04:19 +01:00
Bernardo Damele
7b4ecd9df0 added skeleton code for issue #34, still not usable 2012-07-02 00:22:34 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
01be9381d5 minor update 2012-06-25 16:24:33 +00:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
4ac3794e80 minor update 2012-06-12 14:22:14 +00:00
Miroslav Stampar
738073105e minor updates 2012-06-04 19:52:51 +00:00
Miroslav Stampar
7b282b1d6c adding support for newer SSL protocols 2012-06-04 19:46:28 +00:00
Miroslav Stampar
76a4aa19ac some more fine tunning 2012-05-28 19:50:12 +00:00
Miroslav Stampar
efb406fbfc minor revert 2012-05-28 19:13:50 +00:00
Miroslav Stampar
f7cba8d2cb minor update 2012-05-28 18:05:15 +00:00
Miroslav Stampar
a72cb29c1f taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server 2012-05-28 16:57:10 +00:00
Miroslav Stampar
89e90c3d84 revert of last commit 2012-05-28 15:01:56 +00:00
Miroslav Stampar
96c84e6e5b minor update 2012-05-28 15:00:06 +00:00
Miroslav Stampar
a70a647aeb few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...) 2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
226547b7dc minor fix for --skip-urlencode and custom post 2012-05-28 09:04:25 +00:00
Miroslav Stampar
e967bbd70f minor patch 2012-05-27 21:44:42 +00:00
Miroslav Stampar
fed0212631 now working with recursive queries too 2012-05-27 10:03:02 +00:00
Miroslav Stampar
09f2144485 full page read is not needed in DNS exfiltration mode 2012-05-26 21:28:43 +00:00
Miroslav Stampar
c394610740 adding switch --skip-urlencode to skip URL encoding of POST data 2012-05-24 23:30:33 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
333f8057a5 minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces 2012-05-14 14:06:43 +00:00
Miroslav Stampar
12d32f58f2 fix for that SOAP reported bug 2012-05-10 13:39:54 +00:00
Miroslav Stampar
fdf61015ad minor patch 2012-05-09 08:41:05 +00:00
Miroslav Stampar
6af110d631 avoiding --no-cast/--hex warning message before a DBMS is fingerprinted 2012-05-08 14:06:41 +00:00
Miroslav Stampar
775134639d minor update 2012-04-20 20:33:15 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate 2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9 adding support for PgSQL DNS data exfiltration 2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48 reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases) 2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5 minor refactoring 2012-04-05 12:55:26 +00:00
Miroslav Stampar
e0994947e2 minor update 2012-04-04 23:37:50 +00:00
Miroslav Stampar
b1dd03731a minor cosmetics 2012-04-04 23:34:08 +00:00
Miroslav Stampar
c89a4162e2 bug fix for --dns-domain with --technique=TS 2012-04-04 18:01:39 +00:00