Commit Graph

838 Commits

Author SHA1 Message Date
Miroslav Stampar
00f190fc92 Fixes #1303 2015-07-17 10:14:35 +02:00
Miroslav Stampar
16f8e4c8ba Removing unused imports 2015-07-12 12:25:02 +02:00
Miroslav Stampar
10f8c6a0b6 Introducing --offline switch (to perform session only lookups) 2015-07-10 16:10:24 +02:00
Miroslav Stampar
9bdbdc136f Minor cosmetics update 2015-07-10 11:33:12 +02:00
Miroslav Stampar
0ba264bfa0 Minor patch 2015-07-10 09:51:11 +02:00
Miroslav Stampar
4baaa4a5ad Minor improvement 2015-07-10 09:24:14 +02:00
Miroslav Stampar
9ff115ce71 Minor patch 2015-07-10 01:33:53 +02:00
Miroslav Stampar
02470ea683 Further decreasing number of testing payloads 2015-07-10 01:19:46 +02:00
Miroslav Stampar
48b627f3ff Prevent double tests (e.g. in same final tests where suffix is cut by the comment) 2015-07-10 00:54:02 +02:00
Miroslav Stampar
ca2f63c672 Test speed up in case of boolean based blind 2015-07-10 00:37:59 +02:00
Miroslav Stampar
96327b6701 Fixes #1290 2015-07-05 01:47:01 +02:00
Miroslav Stampar
1f71d809d4 Fixes #1288 2015-07-03 08:55:33 +02:00
Miroslav Stampar
08caca387b Minor patch of automatic WAF heuristic check 2015-05-29 16:01:41 +02:00
Miroslav Stampar
17bfda1b9c Adding new switch ('--skip-static') 2015-05-18 20:57:15 +02:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
Miroslav Stampar
adc8ac267d Fixes #1190 2015-03-10 09:23:26 +01:00
Bernardo Damele
8281fe48e5 bug fix: test for boundaries with high levels if the test was extended 2015-03-01 11:02:05 +00:00
Bernardo Damele
2f08c8b666 bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup 2015-02-27 13:57:28 +00:00
Bernardo Damele
475cc8b24b trivial code cleanup 2015-02-21 13:12:30 +00:00
Bernardo Damele
d235ee375b code cleanup 2015-02-21 12:59:44 +00:00
Bernardo Damele
52dd92748a rework some of the logic of the detection phase based on identified DBMS along the way 2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719 avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables 2015-02-20 18:36:34 +00:00
Bernardo Damele
214b9360e9 Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup 2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5 trivial code cleanup 2015-02-20 15:42:28 +00:00
Bernardo Damele
201b605f9b Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already 2015-02-20 10:21:44 +00:00
Bernardo Damele
e17d212c23 bug fix introduced with 863d5a6281 2015-02-15 20:07:52 +00:00
Bernardo Damele
863d5a6281 --test-filter now ignores values of --risk and --level 2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427 Closes #1163 2015-02-13 10:59:03 +01:00
Miroslav Stampar
2e9bf47703 Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145) 2015-01-30 22:12:35 +01:00
Miroslav Stampar
b7cfaa6ca5 Minor style update 2015-01-22 08:55:37 +01:00
Miroslav Stampar
a603002acd Adding a choice to automatically turn on --identify-waf if protection has been detected 2015-01-20 09:38:18 +01:00
Miroslav Stampar
0c4d63fb00 Bug fix (reported by user over ML) 2015-01-08 09:00:21 +01:00
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
6fc41ca940 Heuristically checking for WAF/IDS/IPS by default 2015-01-06 14:01:47 +01:00
Miroslav Stampar
beffe85d6c Patch for an Issue #1085 2015-01-03 22:30:21 +01:00
Miroslav Stampar
e6de92ce88 Minor patch (unicode related) 2014-12-15 13:36:08 +01:00
Miroslav Stampar
1e06e7c386 Adding a debug message during name resolution 2014-12-11 13:29:26 +01:00
Miroslav Stampar
a7b21a2f62 Rerun advice update 2014-12-09 09:02:06 +01:00
Miroslav Stampar
034fae0f47 Patch for an Issue #992 2014-12-05 11:24:43 +01:00
Miroslav Stampar
9b32e69f26 Adding new WAF script (UrlScan) 2014-12-04 10:06:15 +01:00
Miroslav Stampar
5c182a0ec4 Update for an Issue #431 2014-11-21 11:33:57 +01:00
Miroslav Stampar
f0802c6fb9 Update for an Issue #431 2014-11-21 11:20:54 +01:00
Miroslav Stampar
cf2d5fd453 Update for an Issue #431 2014-11-21 09:41:49 +01:00
Miroslav Stampar
05d5342f20 Update and patch for an Issue #2 2014-11-17 11:50:05 +01:00
Miroslav Stampar
fc1b05bec9 Implementation for an Issue #2 2014-10-23 11:23:53 +02:00
Miroslav Stampar
34aed7cde0 Bug fix (now it's possible to use multiple parsed requests without mixing associated headers) 2014-10-22 13:49:29 +02:00
Miroslav Stampar
c6a8feea8a Fix for an Issue #831 2014-10-07 12:00:11 +02:00
Miroslav Stampar
f67a38dba9 Minor adjustment 2014-10-01 13:42:10 +02:00
Miroslav Stampar
a9454fbb43 Minor commit related to the last one (bypassing DBMS error trimming problem) 2014-10-01 13:35:20 +02:00
Miroslav Stampar
8c9014c39f Adding a dummy (auxiliary) XSS check 2014-10-01 13:31:48 +02:00
Miroslav Stampar
bfc8ab0e35 Language update 2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved) 2014-09-08 14:33:13 +02:00
Miroslav Stampar
20ff402103 Minor patch 2014-08-30 22:04:55 +02:00
Miroslav Stampar
dc2ee8bfa0 Minor update 2014-08-30 21:53:09 +02:00
Miroslav Stampar
1a9a331422 Bug fix (proper extending of tests when dbms is known) 2014-08-30 21:34:23 +02:00
Miroslav Stampar
834f8e18c8 Minor patch for an Issue #802 2014-08-28 00:45:57 +02:00
Miroslav Stampar
b77d8d617b Minor patch for an Issue #800 2014-08-28 00:31:49 +02:00
Miroslav Stampar
7828f61642 Minor style update 2014-08-20 13:35:41 +02:00
Miroslav Stampar
6795b51c7e Another minor update 2014-08-20 01:59:30 +02:00
Miroslav Stampar
d08c1b7c04 Minor update 2014-08-20 01:45:42 +02:00
Miroslav Stampar
ebc964267f Better reporting on filtered-chars cases 2014-08-20 01:11:26 +02:00
Miroslav Stampar
b31e141012 Fix for an Issue #772 2014-07-29 14:37:48 +02:00
Miroslav Stampar
0eb5fb1e5a Update for an Issue #757 2014-07-19 23:02:14 +02:00
Miroslav Stampar
2a88436417 Patch for an Issue #724 2014-06-16 09:51:24 +02:00
Miroslav Stampar
cb0044b2c4 Minor beauty patch 2014-04-07 20:28:17 +02:00
Miroslav Stampar
9456dc68e7 Minor patch 2014-04-06 17:24:27 +02:00
Miroslav Stampar
cf250a0381 Minor patch (it would go boom if special character was inside the --param-del) 2014-04-06 17:02:32 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Miroslav Stampar
106102bd3c Fix for an Issue #648 2014-03-21 20:28:29 +01:00
Miroslav Stampar
3b47418a1d Fix for an Issue #640 2014-03-14 22:20:20 +01:00
Miroslav Stampar
2ffdee5733 Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed) 2014-02-26 11:41:48 +01:00
Miroslav Stampar
edc8ef9d5b Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used) 2014-02-25 13:48:34 +01:00
Miroslav Stampar
2a423d61ef Raising number of requests for false positive testing in case of higher levels 2014-02-23 19:40:01 +01:00
Miroslav Stampar
fe0ff6e679 Changing 'is injectable' to 'seems to be injectable' for boolean and time-based blind injection cases - for false positive cases 2014-02-09 17:50:16 +01:00
Miroslav Stampar
f97fcb7bb3 Adding a switch --invalid-string 2014-01-23 21:56:06 +01:00
Miroslav Stampar
f88f6dcd7e Changing --invalid-bignum from float producing to int producing 2014-01-23 09:07:25 +01:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
6c80f2903b Patch for an Issue #564 2013-12-27 11:02:59 +01:00
Miroslav Stampar
bf3fbb0ae0 Ignore Google analytics cookies 2013-12-04 09:56:37 +01:00
Miroslav Stampar
7ed05f01b3 Minor update 2013-10-27 00:24:57 +02:00
Miroslav Stampar
334c698d53 Adding change verbosity level in testing phase when Ctrl+C pressed 2013-10-17 16:54:53 +02:00
Moshe Kaplan
8cd641a2a6 minor typos corrected
"choosen" -> "chosen"
2013-10-15 13:26:24 -04:00
Miroslav Stampar
2dc570d7a8 Minor patch (for ORDER BY 'col' cases) 2013-10-10 23:08:20 +02:00
Miroslav Stampar
369006ca73 Bug fix 2013-10-07 12:54:25 +02:00
Miroslav Stampar
0cf2bdeb1c Minor language update 2013-08-22 11:11:30 +02:00
Miroslav Stampar
38ee95e2c9 Minor language update 2013-08-13 18:58:24 +02:00
Miroslav Stampar
52a71546d0 Implementation for an Issue #507 2013-08-13 18:55:23 +02:00
Miroslav Stampar
941b2387c0 Minor fix 2013-07-31 09:22:45 +02:00
Miroslav Stampar
b921ff0729 Fix for an Issue #495 2013-07-27 11:20:43 +02:00
stamparm
e6f71c2130 Making 10% less requests in futile higher level/risk runs (using static template payloads for where==NEGATIVE) 2013-07-15 16:24:49 +02:00
stamparm
c9d3974205 Minor fix (templatePayload had duplicate string patterns for where==NEGATIVE) 2013-07-15 13:54:02 +02:00
stamparm
ac2d40e259 Revert of last commit (there is a chance that that big integer value is really valid :) 2013-07-15 13:34:38 +02:00
stamparm
a097ee1505 Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant) 2013-07-15 13:31:56 +02:00
stamparm
d7c0805e7c Removing leftover 2013-07-08 12:45:02 +02:00
stamparm
a548eb5c70 Minor text update 2013-07-08 12:44:14 +02:00
stamparm
d0e79a4d15 Minor text update 2013-07-08 12:38:36 +02:00
stamparm
a530817727 Minor typo fix 2013-07-08 11:52:46 +02:00
stamparm
8d3435ab0b Removing reflective warning for parsing heuristic test 2013-07-08 11:48:33 +02:00
stamparm
04046f38eb Minor update (Issue #475) 2013-07-01 12:26:57 +02:00
stamparm
f7d15cb465 Official naming is HSQLDB (and/or HyperSQL) 2013-07-01 11:57:47 +02:00