Christ van Willegen
|
80fb2e29cc
|
Fix some spelling errors in help texts (through -> thorough)
|
2015-03-04 13:31:29 +01:00 |
|
Miroslav Stampar
|
3347fc25ca
|
Fixes #1185
|
2015-03-03 15:10:06 +01:00 |
|
Miroslav Stampar
|
3f6c3b40dd
|
Minor update (not overriding user given 'Accept-Encoding' header value)
|
2015-03-03 14:37:36 +01:00 |
|
Miroslav Stampar
|
dde400ab8f
|
More suitable version of 6bcc95a (suggested by user)
|
2015-02-25 10:19:51 +01:00 |
|
Miroslav Stampar
|
6bcc95a20d
|
Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z])
|
2015-02-24 15:05:44 +01:00 |
|
Miroslav Stampar
|
1636088b75
|
Minor update
|
2015-02-16 11:48:53 +01:00 |
|
Miroslav Stampar
|
38011743bb
|
Patch for an Issue #1157
|
2015-02-04 15:01:19 +01:00 |
|
Miroslav Stampar
|
59f0da369d
|
Patch for a bug reported via ML (Accept header ignored in --headers)
|
2015-02-02 22:07:16 +01:00 |
|
Miroslav Stampar
|
9e90e357cf
|
Patch for an Issue #1146
|
2015-01-30 21:59:03 +01:00 |
|
Miroslav Stampar
|
e73ac6c8e3
|
Minor patch on request of an user
|
2015-01-17 21:47:57 +01:00 |
|
Miroslav Stampar
|
c2b2ccd2b5
|
Minor bug fix
|
2015-01-17 17:31:00 +01:00 |
|
Miroslav Stampar
|
54e9a1fb2d
|
Minor style update
|
2015-01-14 16:11:55 +01:00 |
|
Miroslav Stampar
|
8e03f4db0f
|
Patch for an Issue #1062
|
2015-01-09 15:33:53 +01:00 |
|
Miroslav Stampar
|
450b3c93cb
|
Potential patch for an Issue #1093
|
2015-01-07 11:40:11 +01:00 |
|
Miroslav Stampar
|
45bdefd29b
|
Update of copyright
|
2015-01-06 15:02:16 +01:00 |
|
Miroslav Stampar
|
c474c16b4a
|
Removing ML email address
|
2015-01-06 12:30:49 +01:00 |
|
Miroslav Stampar
|
41c2f889b2
|
Fix related to the SSLv3 disabling
|
2014-12-30 15:44:55 +01:00 |
|
Miroslav Stampar
|
1e014de6be
|
Patch for an Issue #1066
|
2014-12-26 22:24:28 +01:00 |
|
Miroslav Stampar
|
6972020faf
|
Bug fix for login-like SQLi (OR with 500 result)
|
2014-12-18 15:58:19 +01:00 |
|
Miroslav Stampar
|
180ede0cb3
|
Minor patch
|
2014-12-15 14:07:28 +01:00 |
|
Miroslav Stampar
|
20c272b77d
|
More generic patch for an Issue #994
|
2014-12-07 16:14:48 +01:00 |
|
Miroslav Stampar
|
4e7f835eae
|
Patch for an Issue #994
|
2014-12-07 16:11:07 +01:00 |
|
Miroslav Stampar
|
d3060f20d7
|
Minor improvement
|
2014-12-03 13:22:55 +01:00 |
|
Miroslav Stampar
|
17db587e2c
|
Adding some friendly warning messages (regarding blocking)
|
2014-12-03 10:06:21 +01:00 |
|
Miroslav Stampar
|
7a04595f5e
|
Added a reference url (http charset priority)
|
2014-12-01 11:15:45 +01:00 |
|
Miroslav Stampar
|
a0d95a8ec4
|
Refactoring of #952
|
2014-11-24 12:56:39 +01:00 |
|
Miroslav Stampar
|
27cd9e7064
|
Merge pull request #952 from Rexikon/patch-1
Update httpshandler.py, AttributeError PROTOCOL_SSLv3
|
2014-11-24 12:52:27 +01:00 |
|
Miroslav Stampar
|
05f7b1f121
|
Patch for an Issue #970
|
2014-11-24 10:55:19 +01:00 |
|
Miroslav Stampar
|
1fc4d0e3c4
|
Update for an Issue #431
|
2014-11-21 10:31:55 +01:00 |
|
Miroslav Stampar
|
cf2d5fd453
|
Update for an Issue #431
|
2014-11-21 09:41:49 +01:00 |
|
Miroslav Stampar
|
34ce774acd
|
Patch for an Issue #956
|
2014-11-21 09:41:49 +01:00 |
|
Rexikon
|
4da20679ee
|
Update httpshandler.py
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
|
2014-11-19 16:36:30 +01:00 |
|
Miroslav Stampar
|
05d5342f20
|
Update and patch for an Issue #2
|
2014-11-17 11:50:05 +01:00 |
|
Miroslav Stampar
|
c5df45a14f
|
Minor bug fix (skipping HTML decoding in heuristic mode)
|
2014-11-11 11:23:14 +01:00 |
|
Miroslav Stampar
|
71c43be53a
|
Patch for an Issue #901
|
2014-11-05 10:03:19 +01:00 |
|
Miroslav Stampar
|
49d3860b1f
|
Minor fix
|
2014-10-31 20:22:15 +01:00 |
|
Miroslav Stampar
|
df73be32f1
|
Fix for an Issue #876
|
2014-10-28 14:41:21 +01:00 |
|
Miroslav Stampar
|
3b3b8d4ef2
|
Potential bug fix (escaping formatted regular expressions)
|
2014-10-28 14:02:55 +01:00 |
|
Miroslav Stampar
|
268e774087
|
Minor refactoring
|
2014-10-28 13:44:55 +01:00 |
|
Miroslav Stampar
|
f89e94fb8c
|
Minor refactoring
|
2014-10-28 13:42:13 +01:00 |
|
Miroslav Stampar
|
6448d3caf4
|
Implementing support for csrfcookie (Issue #2)
|
2014-10-24 09:37:51 +02:00 |
|
Miroslav Stampar
|
5e31229d48
|
Minor cosmetic update
|
2014-10-23 15:18:22 +02:00 |
|
Miroslav Stampar
|
abbd352392
|
Support for X-CSRF-TOKEN header (Issue #2)
|
2014-10-23 14:33:22 +02:00 |
|
Miroslav Stampar
|
fc1b05bec9
|
Implementation for an Issue #2
|
2014-10-23 11:23:53 +02:00 |
|
Miroslav Stampar
|
8dcad46805
|
Update basic.py
|
2014-10-22 23:16:46 +02:00 |
|
Miroslav Stampar
|
2f18df345e
|
Minor patch
|
2014-10-22 13:41:36 +02:00 |
|
Miroslav Stampar
|
268095495e
|
Minor patch
|
2014-10-22 13:32:49 +02:00 |
|
Miroslav Stampar
|
3ebc5faa34
|
Falling back to partial UNION if large dump connects out
|
2014-10-21 09:23:34 +02:00 |
|
Miroslav Stampar
|
1e636fb925
|
Minor patch regarding Issue #840
|
2014-09-28 13:38:09 +02:00 |
|
Miroslav Stampar
|
767c278a0f
|
Fix for an Issue #838
|
2014-09-26 17:00:50 +02:00 |
|
Miroslav Stampar
|
bfc8ab0e35
|
Language update
|
2014-09-08 14:48:31 +02:00 |
|
Miroslav Stampar
|
53d0d5bf8b
|
Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)
|
2014-09-08 14:33:13 +02:00 |
|
Miroslav Stampar
|
bbf0be1f8d
|
Bug fix (Issue #813)
|
2014-09-03 22:09:12 +02:00 |
|
Miroslav Stampar
|
9476359255
|
Bug fix
|
2014-08-28 12:50:39 +02:00 |
|
Miroslav Stampar
|
e68326c0fe
|
expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work
|
2014-08-26 22:57:08 +02:00 |
|
Miroslav Stampar
|
dcaad75a1e
|
Fix for an Issue #794
|
2014-08-22 15:08:05 +02:00 |
|
Miroslav Stampar
|
d74b803306
|
Minor patch
|
2014-08-22 14:45:23 +02:00 |
|
Miroslav Stampar
|
58d93ffb2b
|
Fix for falling back to partial union (excluding scalar queries)
|
2014-08-20 23:53:15 +02:00 |
|
Miroslav Stampar
|
90882f081d
|
Language update
|
2014-08-20 23:47:57 +02:00 |
|
Miroslav Stampar
|
0296081692
|
Minor refactoring
|
2014-08-20 23:42:40 +02:00 |
|
Miroslav Stampar
|
b4fbb9cafe
|
Minor upgrade
|
2014-08-20 13:52:48 +02:00 |
|
Miroslav Stampar
|
6caccc3d93
|
Bug fix for ultra-slow processing of binary data
|
2014-08-20 01:38:01 +02:00 |
|
Miroslav Stampar
|
3cfa63646b
|
Minor bug fix
|
2014-07-19 23:17:23 +02:00 |
|
Miroslav Stampar
|
32af0b17b0
|
Update for an Issue #760
|
2014-07-10 08:49:20 +02:00 |
|
Miroslav Stampar
|
686fe4d0e9
|
Another patch for DNS exfiltration and boolean checks
|
2014-06-27 14:22:00 +02:00 |
|
Miroslav Stampar
|
2f8d17bcb7
|
Appendix to last commit
|
2014-06-27 13:45:40 +02:00 |
|
Miroslav Stampar
|
75279ea75a
|
Fix for DNS exfiltration of boolean checks
|
2014-06-27 13:07:34 +02:00 |
|
Miroslav Stampar
|
2a88436417
|
Patch for an Issue #724
|
2014-06-16 09:51:24 +02:00 |
|
Miroslav Stampar
|
f558b800ac
|
Patch for an Issue #719
|
2014-06-12 09:08:55 +02:00 |
|
Miroslav Stampar
|
c50560c3a6
|
Patch for an Issue #716
|
2014-06-10 21:57:54 +02:00 |
|
Miroslav Stampar
|
680ab10ca6
|
Patch for an Issue #703
|
2014-05-27 21:41:07 +02:00 |
|
Miroslav Stampar
|
2d5461d250
|
Minor fix (related to the unknown encoding reported by ML)
|
2014-05-22 09:03:14 +02:00 |
|
Miroslav Stampar
|
c181e909b5
|
Minor fix
|
2014-05-16 23:47:00 +02:00 |
|
Miroslav Stampar
|
2e96e3c924
|
Adding a hidden switch --ignore-401
|
2014-04-29 23:26:45 +02:00 |
|
Miroslav Stampar
|
2d3a74a0fe
|
Patch for an Issue #667
|
2014-04-07 21:01:40 +02:00 |
|
Miroslav Stampar
|
bf18b025d6
|
Minor removal of redundant code
|
2014-04-06 18:09:54 +02:00 |
|
Miroslav Stampar
|
7cc4159316
|
Renaming conf.cDel to conf.cookieDel
|
2014-04-06 16:50:58 +02:00 |
|
Miroslav Stampar
|
0ae8ac707e
|
Renaming conf.pDel to conf.paramDel
|
2014-04-06 16:48:46 +02:00 |
|
Miroslav Stampar
|
492a410bcc
|
Minor fix
|
2014-04-04 16:14:53 +02:00 |
|
Miroslav Stampar
|
e7e8a3965a
|
Minor fix
|
2014-04-03 09:00:14 +02:00 |
|
Miroslav Stampar
|
80d4426dbd
|
Patch related to the Issue #661
|
2014-04-02 22:34:37 +02:00 |
|
Miroslav Stampar
|
e8c1c90f2e
|
Whitespace was being double encoded in case of spaceplus (' '->%2B)
|
2014-03-25 22:02:14 +01:00 |
|
Miroslav Stampar
|
106102bd3c
|
Fix for an Issue #648
|
2014-03-21 20:28:29 +01:00 |
|
Miroslav Stampar
|
be3fd8bb29
|
Fix for an Issue #638
|
2014-03-14 16:44:56 +01:00 |
|
Miroslav Stampar
|
f1f53a5841
|
Minor cosmetic update
|
2014-03-06 21:08:31 +01:00 |
|
Miroslav Stampar
|
cc62a8adc9
|
Bug fix for JSON-like data (proper escaping of quotes)
|
2014-02-26 09:30:37 +01:00 |
|
Miroslav Stampar
|
6369a38ebc
|
Adding support for JSON-like data with single quote
|
2014-02-26 08:56:17 +01:00 |
|
Miroslav Stampar
|
fc02badf40
|
Minor update
|
2014-01-23 08:33:21 +01:00 |
|
Bernardo Damele
|
43a4e85749
|
updated copyright
|
2014-01-13 17:24:49 +00:00 |
|
Miroslav Stampar
|
36f3ab5798
|
Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True)
|
2014-01-09 15:46:55 +01:00 |
|
Miroslav Stampar
|
5437f8bf36
|
Fix for an Issue #85
|
2014-01-02 12:09:58 +01:00 |
|
Miroslav Stampar
|
4de83daf03
|
Minor style update
|
2014-01-02 11:06:19 +01:00 |
|
Miroslav Stampar
|
b0ca34ff27
|
Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None)
|
2013-12-04 10:09:54 +01:00 |
|
Bernardo Damele
|
59b6791faa
|
minor improvement
|
2013-11-19 00:24:47 +00:00 |
|
Miroslav Stampar
|
8dac47f7e5
|
Minor patch (for recognition of x-mac-turkish codec)
|
2013-10-21 20:04:48 +02:00 |
|
Miroslav Stampar
|
344d3f4b5f
|
Minor patch
|
2013-10-12 21:05:18 +02:00 |
|
Miroslav Stampar
|
18d9e1dbc3
|
Minor update due to reported (debug) problems with SSLv23
|
2013-10-04 10:53:49 +02:00 |
|
Miroslav Stampar
|
a3defc175d
|
Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself)
|
2013-09-11 23:17:18 +02:00 |
|
Miroslav Stampar
|
81409ce6da
|
Minor patch
|
2013-09-02 10:54:32 +02:00 |
|
Miroslav Stampar
|
dd39913cf6
|
Improvement for an --eval mechanism
|
2013-08-31 00:28:51 +02:00 |
|
Miroslav Stampar
|
3a57af1452
|
Minor fix
|
2013-08-30 15:26:03 +02:00 |
|
Miroslav Stampar
|
88b992ad83
|
Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly)
|
2013-08-23 11:54:08 +02:00 |
|
Miroslav Stampar
|
23f2c5f166
|
Finishing implementation for an Issue #58
|
2013-08-20 19:35:49 +02:00 |
|
Miroslav Stampar
|
4929cff0c0
|
Minor update
|
2013-08-13 06:42:49 +02:00 |
|
Miroslav Stampar
|
b2855e0281
|
Minor patch
|
2013-08-12 14:25:51 +02:00 |
|
Miroslav Stampar
|
a711c9ed36
|
Minor cleanup and initial work for #58
|
2013-08-09 14:13:48 +02:00 |
|
Miroslav Stampar
|
32c1cb20f5
|
Fix for an Issue #497
|
2013-08-01 19:48:20 +02:00 |
|
Miroslav Stampar
|
953b5815d8
|
Implementation for an Issue #496
|
2013-07-31 21:15:03 +02:00 |
|
Miroslav Stampar
|
6b826ef64d
|
Reintroducing option --cookie-del
|
2013-07-31 20:41:19 +02:00 |
|
Miroslav Stampar
|
ca44b23d20
|
Implementation for --eval to support cookies
|
2013-07-31 17:29:16 +02:00 |
|
Miroslav Stampar
|
eaacbe0b12
|
Minor language fix
|
2013-07-31 09:24:34 +02:00 |
|
Miroslav Stampar
|
f54082111d
|
Better way how to deal with required extensions
|
2013-07-13 19:25:49 +02:00 |
|
Miroslav Stampar
|
3f6d4083a7
|
Minor language update
|
2013-07-13 17:19:16 +02:00 |
|
Miroslav Stampar
|
31efabfca1
|
Appropriate error messaging when one of core libraries are missing due to erroneous Python build
|
2013-07-13 16:07:36 +02:00 |
|
Miroslav Stampar
|
4d9f8ad0dd
|
Commit related to the last one
|
2013-07-13 12:00:03 +02:00 |
|
stamparm
|
a53823f9b7
|
Minor refactoring
|
2013-06-19 10:59:26 +02:00 |
|
Miroslav Stampar
|
f185e5cdd5
|
Fix for an Issue #463
|
2013-06-10 22:26:34 +02:00 |
|
Miroslav Stampar
|
6f49b96a2d
|
Fix for an Issue #462
|
2013-06-10 12:20:58 +02:00 |
|
Miroslav Stampar
|
39612b5d87
|
Fix for an Issue #457
|
2013-06-04 23:46:39 +02:00 |
|
Miroslav Stampar
|
3e0f747fad
|
Minor fix
|
2013-06-04 00:05:25 +02:00 |
|
Miroslav Stampar
|
edc9da1226
|
Minor refactoring
|
2013-06-03 15:14:56 +02:00 |
|
stamparm
|
6b280d8da4
|
Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup)
|
2013-05-28 14:40:45 +02:00 |
|
stamparm
|
659c0bb418
|
Minor fix
|
2013-05-27 10:38:47 +02:00 |
|
stamparm
|
4b2cf07262
|
Minor style update
|
2013-05-20 16:15:35 +02:00 |
|
Miroslav Stampar
|
ea5c742595
|
Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled)
|
2013-05-18 21:30:21 +02:00 |
|
Miroslav Stampar
|
f24c8c6b6b
|
Changing logging type to warning for parsed error messages
|
2013-05-18 16:17:56 +02:00 |
|
stamparm
|
03732d2592
|
Minor fix
|
2013-05-17 16:04:05 +02:00 |
|
stamparm
|
76b4e1ccb9
|
Implementation for an Issue #450
|
2013-05-17 15:04:25 +02:00 |
|
stamparm
|
887109a12d
|
Minor bug fix (for not displaying heuristic detected page charset None)
|
2013-04-30 18:16:32 +02:00 |
|
stamparm
|
ebe8ee3500
|
Fix for crawler and redirection case
|
2013-04-30 18:08:26 +02:00 |
|
stamparm
|
09e7f4f697
|
Minor bug fix regarding traffic logging of redirected requests
|
2013-04-30 17:46:26 +02:00 |
|
stamparm
|
1035ee9c3d
|
Patch for an Issue #442
|
2013-04-26 14:49:24 +02:00 |
|
stamparm
|
e3a02f56e6
|
Just in case for --force-ssl (if url is returned in e.g. refresh toward the target)
|
2013-04-24 12:35:39 +02:00 |
|
stamparm
|
6fed1921ed
|
Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy)
|
2013-04-16 14:17:41 +02:00 |
|
stamparm
|
140cffbde2
|
Patch for an Issue #434
|
2013-04-15 15:57:28 +02:00 |
|
Miroslav Stampar
|
ed5599f489
|
In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority
|
2013-04-12 19:20:33 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
Miroslav Stampar
|
240e9f3f7e
|
Minor patch
|
2013-04-07 11:02:43 +02:00 |
|
Miroslav Stampar
|
df4fd82515
|
Minor update
|
2013-04-03 23:27:27 +02:00 |
|
Miroslav Stampar
|
c75a2d0c40
|
Minor patch
|
2013-04-03 21:31:37 +02:00 |
|
stamparm
|
e1ffdde532
|
Little cleaning a mess with url encoding and post hint types
|
2013-03-27 13:39:27 +01:00 |
|
Miroslav Stampar
|
c19a283434
|
Minor patch
|
2013-03-26 20:06:50 +01:00 |
|
stamparm
|
7accba4cf9
|
Minor update
|
2013-03-26 16:10:41 +01:00 |
|
stamparm
|
7447773237
|
Update for consistency (all other enums are using _ in between words)
|
2013-03-20 11:10:24 +01:00 |
|
Miroslav Stampar
|
8acf033715
|
Code refactoring
|
2013-03-19 19:24:14 +01:00 |
|
stamparm
|
6969874c02
|
Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values)
|
2013-03-19 10:52:37 +01:00 |
|
stamparm
|
e226006766
|
Trivial fix
|
2013-03-18 13:29:55 +01:00 |
|
stamparm
|
5e02bcbd58
|
Minor adjustment
|
2013-03-18 12:16:16 +01:00 |
|
Miroslav Stampar
|
eb08c8d752
|
Another update for an Issue #352
|
2013-03-13 19:42:22 +01:00 |
|
Miroslav Stampar
|
2f43c3eb9b
|
Minor fix (digest live test case) and some refactoring
|
2013-03-12 21:16:44 +01:00 |
|