Miroslav Stampar
|
723a7447b2
|
minor refactoring
|
2011-04-10 07:16:19 +00:00 |
|
Miroslav Stampar
|
c714ac6421
|
added support for handling binary data values (no more garbish chars)
|
2011-04-09 23:13:16 +00:00 |
|
Miroslav Stampar
|
83feb097ef
|
greater flexibility for --batch when default is None
|
2011-04-08 22:29:50 +00:00 |
|
Miroslav Stampar
|
228cc68747
|
fix for those ugly DEBUG messages in brute mode
|
2011-04-08 11:02:21 +00:00 |
|
Bernardo Damele
|
5b21352656
|
cosmeticados ;)
|
2011-04-08 10:39:07 +00:00 |
|
Miroslav Stampar
|
265fa52600
|
minor code cosmetics
|
2011-04-04 18:24:16 +00:00 |
|
Miroslav Stampar
|
018b6b9430
|
fix for a charset encoding reported by Kirill
|
2011-04-04 18:20:09 +00:00 |
|
Miroslav Stampar
|
e957c4400c
|
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
|
2011-04-04 08:04:47 +00:00 |
|
Miroslav Stampar
|
305115a68b
|
important improvement of data handling (POST data and header values)
|
2011-04-03 15:02:52 +00:00 |
|
Bernardo Damele
|
c3b54cc222
|
Cosmetics
|
2011-04-01 16:40:28 +00:00 |
|
Miroslav Stampar
|
557ed7d665
|
minor fix for a invalid charset reported by Kirill
|
2011-03-31 14:39:01 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
850328df6c
|
minor cosmetics
|
2011-03-29 22:03:48 +00:00 |
|
Miroslav Stampar
|
9f707febf5
|
minor update
|
2011-03-29 15:43:17 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
ae53ad4c30
|
making an update for special case of timed out response
|
2011-03-28 21:05:04 +00:00 |
|
Miroslav Stampar
|
762397854e
|
fix for a bug reported by Kirill (unknown charset '8859-1')
|
2011-03-24 09:27:19 +00:00 |
|
Miroslav Stampar
|
d79fae724c
|
minor refactoring
|
2011-03-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
cbfb10cbd1
|
fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)
|
2011-03-21 16:43:46 +00:00 |
|
Miroslav Stampar
|
b53c9a2599
|
minor fix and some refactoring
|
2011-03-18 00:24:02 +00:00 |
|
Bernardo Damele
|
9526f0c4c2
|
Minor layout adjustments
|
2011-03-17 12:35:40 +00:00 |
|
Miroslav Stampar
|
cbdd9e921e
|
minor cosmetics
|
2011-03-17 12:23:56 +00:00 |
|
Miroslav Stampar
|
6607a240cf
|
added logging to redirecthandler
|
2011-03-17 12:21:27 +00:00 |
|
Miroslav Stampar
|
9a513198dd
|
minor fix regarding last couple of commits
|
2011-03-17 11:25:37 +00:00 |
|
Miroslav Stampar
|
fbd0cfda29
|
minor update toward the implementation of request from Santiago
|
2011-03-17 06:39:05 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
2fd3f0d7b2
|
minor update (added comment)
|
2011-03-11 20:07:52 +00:00 |
|
Miroslav Stampar
|
5eae525010
|
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
|
2011-03-11 19:57:44 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
154d947c62
|
minor update
|
2011-03-07 10:15:41 +00:00 |
|
Miroslav Stampar
|
3a1f5744be
|
minor update to make counting variable totally independent of the urllib2's self.retried
|
2011-03-02 10:42:17 +00:00 |
|
Miroslav Stampar
|
a010386a23
|
finally a proper fix for that annoying recursive bug
|
2011-03-02 10:29:38 +00:00 |
|
Miroslav Stampar
|
9856cb71de
|
redo of the last commit with comments added
|
2011-02-28 18:58:05 +00:00 |
|
Miroslav Stampar
|
ade31b2cb0
|
removal of obsolete item
|
2011-02-28 18:49:25 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Bernardo Damele
|
60605b6e7c
|
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
|
2011-02-27 12:14:13 +00:00 |
|
Miroslav Stampar
|
63b8156c00
|
some update (if header key is non-unicode comformant)
|
2011-02-25 09:43:04 +00:00 |
|
Miroslav Stampar
|
aa88361ab1
|
incorporation of method for neutralization of reflective values
|
2011-02-25 09:22:44 +00:00 |
|
Miroslav Stampar
|
12ede1e5de
|
minor JIC (just-in-case) update
|
2011-02-22 13:18:47 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
dcad5410fe
|
minor refactoring
|
2011-02-22 12:54:22 +00:00 |
|
Miroslav Stampar
|
17c39fe231
|
fix for that non-HTML stuff
|
2011-02-22 11:32:55 +00:00 |
|
Miroslav Stampar
|
0c57f2af0f
|
minor fix
|
2011-02-20 12:20:44 +00:00 |
|
Bernardo Damele
|
60b05ff49f
|
Reflect new switch name
|
2011-02-19 21:05:15 +00:00 |
|
Miroslav Stampar
|
3badf92ceb
|
not doing "basic" filtering in default cases because of a bug reported by Kazim
|
2011-02-18 07:38:13 +00:00 |
|
Bernardo Damele
|
429ab631fe
|
Minor refactoring
|
2011-02-13 21:25:01 +00:00 |
|
Miroslav Stampar
|
1cd483f42f
|
one more update
|
2011-02-12 10:24:09 +00:00 |
|
Miroslav Stampar
|
25a3a64327
|
we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.
|
2011-02-12 10:15:42 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Bernardo Damele
|
864eade744
|
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
|
2011-02-10 11:14:05 +00:00 |
|