Commit Graph

639 Commits

Author SHA1 Message Date
Miroslav Stampar
6caccc3d93 Bug fix for ultra-slow processing of binary data 2014-08-20 01:38:01 +02:00
Miroslav Stampar
32af0b17b0 Update for an Issue #760 2014-07-10 08:49:20 +02:00
Miroslav Stampar
2a88436417 Patch for an Issue #724 2014-06-16 09:51:24 +02:00
Miroslav Stampar
2e96e3c924 Adding a hidden switch --ignore-401 2014-04-29 23:26:45 +02:00
Miroslav Stampar
bf18b025d6 Minor removal of redundant code 2014-04-06 18:09:54 +02:00
Miroslav Stampar
7cc4159316 Renaming conf.cDel to conf.cookieDel 2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Miroslav Stampar
e8c1c90f2e Whitespace was being double encoded in case of spaceplus (' '->%2B) 2014-03-25 22:02:14 +01:00
Miroslav Stampar
106102bd3c Fix for an Issue #648 2014-03-21 20:28:29 +01:00
Miroslav Stampar
f1f53a5841 Minor cosmetic update 2014-03-06 21:08:31 +01:00
Miroslav Stampar
cc62a8adc9 Bug fix for JSON-like data (proper escaping of quotes) 2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc Adding support for JSON-like data with single quote 2014-02-26 08:56:17 +01:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
b0ca34ff27 Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None) 2013-12-04 10:09:54 +01:00
Miroslav Stampar
344d3f4b5f Minor patch 2013-10-12 21:05:18 +02:00
Miroslav Stampar
81409ce6da Minor patch 2013-09-02 10:54:32 +02:00
Miroslav Stampar
dd39913cf6 Improvement for an --eval mechanism 2013-08-31 00:28:51 +02:00
Miroslav Stampar
3a57af1452 Minor fix 2013-08-30 15:26:03 +02:00
Miroslav Stampar
88b992ad83 Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly) 2013-08-23 11:54:08 +02:00
Miroslav Stampar
23f2c5f166 Finishing implementation for an Issue #58 2013-08-20 19:35:49 +02:00
Miroslav Stampar
4929cff0c0 Minor update 2013-08-13 06:42:49 +02:00
Miroslav Stampar
b2855e0281 Minor patch 2013-08-12 14:25:51 +02:00
Miroslav Stampar
a711c9ed36 Minor cleanup and initial work for #58 2013-08-09 14:13:48 +02:00
Miroslav Stampar
6b826ef64d Reintroducing option --cookie-del 2013-07-31 20:41:19 +02:00
Miroslav Stampar
ca44b23d20 Implementation for --eval to support cookies 2013-07-31 17:29:16 +02:00
Miroslav Stampar
eaacbe0b12 Minor language fix 2013-07-31 09:24:34 +02:00
Miroslav Stampar
f185e5cdd5 Fix for an Issue #463 2013-06-10 22:26:34 +02:00
Miroslav Stampar
6f49b96a2d Fix for an Issue #462 2013-06-10 12:20:58 +02:00
Miroslav Stampar
39612b5d87 Fix for an Issue #457 2013-06-04 23:46:39 +02:00
Miroslav Stampar
3e0f747fad Minor fix 2013-06-04 00:05:25 +02:00
Miroslav Stampar
edc9da1226 Minor refactoring 2013-06-03 15:14:56 +02:00
stamparm
659c0bb418 Minor fix 2013-05-27 10:38:47 +02:00
Miroslav Stampar
ea5c742595 Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled) 2013-05-18 21:30:21 +02:00
stamparm
03732d2592 Minor fix 2013-05-17 16:04:05 +02:00
stamparm
76b4e1ccb9 Implementation for an Issue #450 2013-05-17 15:04:25 +02:00
stamparm
09e7f4f697 Minor bug fix regarding traffic logging of redirected requests 2013-04-30 17:46:26 +02:00
stamparm
e3a02f56e6 Just in case for --force-ssl (if url is returned in e.g. refresh toward the target) 2013-04-24 12:35:39 +02:00
stamparm
6fed1921ed Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy) 2013-04-16 14:17:41 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
Miroslav Stampar
df4fd82515 Minor update 2013-04-03 23:27:27 +02:00
Miroslav Stampar
c75a2d0c40 Minor patch 2013-04-03 21:31:37 +02:00
stamparm
e1ffdde532 Little cleaning a mess with url encoding and post hint types 2013-03-27 13:39:27 +01:00
stamparm
7accba4cf9 Minor update 2013-03-26 16:10:41 +01:00
stamparm
7447773237 Update for consistency (all other enums are using _ in between words) 2013-03-20 11:10:24 +01:00
Miroslav Stampar
8acf033715 Code refactoring 2013-03-19 19:24:14 +01:00
stamparm
e226006766 Trivial fix 2013-03-18 13:29:55 +01:00
stamparm
5e02bcbd58 Minor adjustment 2013-03-18 12:16:16 +01:00
Miroslav Stampar
2f43c3eb9b Minor fix (digest live test case) and some refactoring 2013-03-12 21:16:44 +01:00
Miroslav Stampar
84a5bdb9cf Trivial cosmetics 2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9 Using binary data in dummy mode 2013-03-09 19:40:24 +01:00
Miroslav Stampar
0e89cc62a2 Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections 2013-02-28 20:20:08 +01:00
stamparm
69063947b6 Debug message should go with logging.DEBUG 2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee do not prompt constantly if the page is not found 2013-02-18 18:08:20 +00:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
d78a3e977b Update (allowing regular char * to be inside SOAP/JSON/XML) 2013-02-13 12:24:42 +01:00
Miroslav Stampar
c34f6e25b2 Minor fix for --eval (urldecoded values should be used inside evaluation) 2013-02-12 17:01:47 +01:00
Miroslav Stampar
6d942f92b5 Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.)) 2013-02-01 10:03:06 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
a59ac8e27f Trivial cosmetics 2013-01-29 16:30:38 +01:00
Miroslav Stampar
479f791112 Minor fix 2013-01-25 12:41:51 +01:00
Chris Frohoff
218a6a9695 fixed response header logging for header names with special chars 2013-01-23 11:10:25 -08:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
8480ceddcb Minor style update 2013-01-17 19:55:56 +01:00
Miroslav Stampar
f7eda07d92 Patch for an Issue #347 2013-01-17 15:30:14 +01:00
Miroslav Stampar
fb7243c237 Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs 2013-01-16 16:04:00 +01:00
Miroslav Stampar
5ee653dd89 Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson 2013-01-15 10:14:02 +01:00
Miroslav Stampar
03dd958d96 Implementation for an Issue #48 2013-01-13 16:22:43 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
2b64c10710 Patch for an Issue #304 2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922 Another implementation for an Issue #302 2012-12-17 15:08:54 +01:00
Miroslav Stampar
60baf5071e Patch for an Issue #302 2012-12-17 00:40:01 +01:00
Miroslav Stampar
013dc8bc98 Another minor update for an Issue #267 2012-12-10 13:07:36 +01:00
Miroslav Stampar
8bd0080bf4 Minor update for an Issue #267 2012-12-10 13:05:41 +01:00
Miroslav Stampar
96df0ba061 Implemented support for plain , chars too (Issue #267) 2012-12-10 12:58:17 +01:00
Miroslav Stampar
d0ea4c65c5 Minor styl eupdate for an Issue #267 2012-12-10 12:54:01 +01:00
Miroslav Stampar
5606a860ce Oracle supports inline comments too (Issue #267) 2012-12-10 12:00:15 +01:00
Miroslav Stampar
a024884ca7 Support for a HTTP parameter pollution (Issue #267) 2012-12-10 11:55:31 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46 Introducing 'new style classes' (idea from Pull request #284) 2012-12-06 10:42:53 +01:00
Miroslav Stampar
79fca8e9d5 Fix for an Issue #268 2012-12-03 12:13:59 +01:00
Miroslav Stampar
c40dded28c Fix for an Issue #250 2012-11-20 12:10:29 +01:00
Miroslav Stampar
a52dbc575b Patch for an Issue #246 2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413 Patch for an Issue #235 2012-11-10 11:01:29 +01:00
Miroslav Stampar
12fc9442b9 Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 10:10:23 +02:00
Miroslav Stampar
b5060c0010 Fix for an Issue #205 2012-10-16 14:28:46 +02:00
Miroslav Stampar
2cb1b054bb Implementation for an Issue #79 2012-10-16 12:32:58 +02:00
Miroslav Stampar
e61c4c22c9 Implementation for an Issue #200 2012-10-09 15:19:47 +02:00
Miroslav Stampar
5a91b6e622 Minor cleanup 2012-10-09 10:21:52 +02:00
Miroslav Stampar
ff205f088b Minor update 2012-10-07 20:12:55 +02:00
Miroslav Stampar
098e446ca4 Adding support for generic XML POST data 2012-10-04 18:44:12 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
8865fe69d7 Minor cleanup 2012-10-04 18:26:07 +02:00
Miroslav Stampar
d464678e10 Minor update for an Issue #49 2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18 Better treating of numeric values (Issue #49) 2012-10-04 16:08:37 +02:00
Miroslav Stampar
461e5ebc5f Work for Issue #197 and Issue #49 2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5 Implementation for an Issue #49 2012-10-02 14:23:58 +02:00
Miroslav Stampar
763dc98311 Minor refactoring 2012-10-02 13:36:15 +02:00
Miroslav Stampar
a8aecaa036 Minor style update 2012-10-02 13:33:10 +02:00
Miroslav Stampar
d175decdfc Fix for an Issue #190 2012-09-22 20:59:40 +02:00
Miroslav Stampar
511c3b8dcc Update and fix for an Issue #182 2012-09-11 14:58:52 +02:00
Miroslav Stampar
5d23d72ff5 Fix for an Issue #176 2012-09-08 17:58:03 +02:00
Miroslav Stampar
dbce417cdd Potential fix for an Issue #171 2012-09-02 22:48:41 +02:00
Miroslav Stampar
b916db34a4 Another update for an Issue #79 2012-08-31 12:38:02 +02:00
Miroslav Stampar
47d162f391 Minor update (same but cleaner) 2012-08-31 12:27:40 +02:00
Miroslav Stampar
7286d89cb6 Few fixes for an Issue #79 (problem with case sensitivity of request get_header) 2012-08-31 12:15:09 +02:00
Miroslav Stampar
cdd3ed6abc Minor bug fix 2012-08-30 14:22:18 +02:00
Miroslav Stampar
d421f9a618 Fix for an Issue #157 2012-08-21 14:34:19 +02:00
Miroslav Stampar
b9c63eb908 Fix for an Issue #156 2012-08-21 10:46:29 +02:00
Miroslav Stampar
7a8ace78f9 Removing redundant newline char as logger already adds it's own 2012-08-21 09:58:40 +02:00
Miroslav Stampar
233b9a3815 Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those) 2012-08-20 22:17:39 +02:00
Miroslav Stampar
823dde73ab Minor cleanup 2012-08-20 11:40:49 +02:00
Miroslav Stampar
76338add17 Fix for an Issue #152 2012-08-20 10:41:43 +02:00
Miroslav Stampar
fec8a5cc9d Fix for an Issue #139 2012-08-07 00:50:58 +02:00
Miroslav Stampar
142fc887f1 Fix for an Issue #129 2012-07-31 11:03:44 +02:00
Bernardo Damele
92c2b3bd4c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-26 23:11:11 +01:00
Bernardo Damele
d492291744 working on issue #12 2012-07-26 23:11:07 +01:00
Miroslav Stampar
efa99c4519 Implementation for an Issue #4 2012-07-26 14:07:05 +02:00
Miroslav Stampar
b3552494c4 Minor preparation for an Issue #48 2012-07-26 12:26:57 +02:00
Miroslav Stampar
63bf99ce77 Minor just in case update for an Issue #117 2012-07-23 14:46:43 +02:00
Miroslav Stampar
a7d1a0c250 Implementation for an Issue #117 2012-07-23 14:14:22 +02:00
Miroslav Stampar
534eccc9aa Fix for an Issue #115 2012-07-23 10:16:47 +02:00
Miroslav Stampar
f336afa913 Implementation for Issue #108 2012-07-20 09:48:09 +02:00
Miroslav Stampar
87ecf205cb More work for Issue #66 2012-07-14 17:01:04 +02:00
Miroslav Stampar
805120ac52 Minor refactoring 2012-07-14 11:01:30 +02:00
Miroslav Stampar
3c81f74823 Minor style update 2012-07-13 12:22:37 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
4ac3794e80 minor update 2012-06-12 14:22:14 +00:00
Miroslav Stampar
226547b7dc minor fix for --skip-urlencode and custom post 2012-05-28 09:04:25 +00:00
Miroslav Stampar
09f2144485 full page read is not needed in DNS exfiltration mode 2012-05-26 21:28:43 +00:00
Miroslav Stampar
c394610740 adding switch --skip-urlencode to skip URL encoding of POST data 2012-05-24 23:30:33 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
12d32f58f2 fix for that SOAP reported bug 2012-05-10 13:39:54 +00:00
Miroslav Stampar
775134639d minor update 2012-04-20 20:33:15 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
8c6eb4faa9 adding support for PgSQL DNS data exfiltration 2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48 reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases) 2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5 minor refactoring 2012-04-05 12:55:26 +00:00
Miroslav Stampar
e0994947e2 minor update 2012-04-04 23:37:50 +00:00
Miroslav Stampar
c89a4162e2 bug fix for --dns-domain with --technique=TS 2012-04-04 18:01:39 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
0fc4288a7c modifying redirection code for only two choices 2012-03-18 17:27:08 +00:00
Bernardo Damele
3505503a08 no need to return here 2012-03-16 17:30:16 +00:00
Miroslav Stampar
577caac4de putting kb.negativeLogic setting to the safe place 2012-03-16 09:17:11 +00:00
Miroslav Stampar
209e795369 minor just in case update 2012-03-16 09:02:17 +00:00
Miroslav Stampar
adb5fff6b2 one more update related to the redirection mechanism 2012-03-15 20:17:40 +00:00
Miroslav Stampar
ddd92476a8 minor fix 2012-03-15 15:58:25 +00:00
Miroslav Stampar
8dd570057b minor fix (double traffic log for -t in case of HTTP error) 2012-03-15 14:51:16 +00:00
Miroslav Stampar
f7df755f37 minor update 2012-03-15 12:55:22 +00:00
Miroslav Stampar
a8c9a47092 redirect logic rewritten from scratch 2012-03-15 11:10:58 +00:00
Miroslav Stampar
52a8b25ff4 minor fix 2012-03-14 14:31:41 +00:00
Miroslav Stampar
a7fbc55748 grammar fix 2012-03-13 22:03:23 +00:00
Miroslav Stampar
edfcddd3c3 minor fix for logging only cookies used by request (e.g. --load-cookies case) 2012-03-13 10:58:15 +00:00
Miroslav Stampar
e6c610abab minor fix 2012-03-13 09:14:56 +00:00
Miroslav Stampar
48bcde478e more general update 2012-03-12 15:29:55 +00:00
Miroslav Stampar
1d0c8a7f44 minor update 2012-03-12 15:19:02 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
dcf7277a0f some more refactorings 2012-02-16 14:42:28 +00:00
Miroslav Stampar
85a4ef6593 minor update 2012-02-08 12:00:03 +00:00
Miroslav Stampar
a7970d094a minor update 2012-02-01 15:10:06 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
527ce070a3 minor fix 2012-01-16 10:04:18 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2 implemented mechanism for merging cookies by request 2012-01-11 14:28:08 +00:00
Miroslav Stampar
40398f358c minor update 2012-01-05 14:55:23 +00:00
Miroslav Stampar
1f085a0241 now [SLEEPTIME] is changeable properly in vivo 2012-01-05 14:45:05 +00:00
Miroslav Stampar
ea87c89c25 minor fix 2012-01-03 23:44:56 +00:00
Miroslav Stampar
63bc4ce116 minor patch 2011-12-30 14:11:02 +00:00
Miroslav Stampar
c20546dcaa minor refactoring 2011-12-26 12:24:39 +00:00
Miroslav Stampar
526aacb640 code cleanup 2011-12-21 22:59:23 +00:00
Miroslav Stampar
95cd9e2af3 adding support for scanning Host header values (-p host) 2011-12-20 12:52:41 +00:00
Miroslav Stampar
1b16b5e0f1 minor fix 2011-12-20 09:10:44 +00:00
Miroslav Stampar
c57941c102 minor beautification 2011-12-15 23:33:44 +00:00
Miroslav Stampar
563c0c1066 adding switch --tor-type 2011-12-15 23:19:55 +00:00
Miroslav Stampar
e6820ebbd2 minor update 2011-12-14 10:26:03 +00:00
Miroslav Stampar
364113441b adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles) 2011-12-14 10:19:45 +00:00
Miroslav Stampar
0f5d48ff20 minor update 2011-12-05 09:25:56 +00:00
Miroslav Stampar
9bc735963b update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself)) 2011-12-04 22:42:19 +00:00
Miroslav Stampar
b03a5e8928 people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value 2011-12-01 13:30:47 +00:00
Miroslav Stampar
3cd8f47686 minor bug fix 2011-11-29 17:17:06 +00:00
Miroslav Stampar
d958c2fe48 minor fix 2011-11-28 11:21:39 +00:00
Miroslav Stampar
ba4234dc42 switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings) 2011-11-23 21:17:08 +00:00
Miroslav Stampar
4fa24ec704 minor improvement 2011-11-21 17:39:18 +00:00
Miroslav Stampar
65b2b0ad87 adding switch --eval 2011-11-21 16:41:02 +00:00
Miroslav Stampar
df0b451389 minor update 2011-11-20 23:17:57 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
b888829d12 minor update 2011-11-14 11:39:18 +00:00
Miroslav Stampar
ccbd93cc2e fix for redirect/HOST header bug 2011-11-11 11:28:27 +00:00
Miroslav Stampar
1061c06617 improvement of redirecting code 2011-11-11 11:07:49 +00:00
Miroslav Stampar
e183437f0b minor typo 2011-11-10 10:30:53 +00:00
Miroslav Stampar
62f8f8d36c bug fix (thanks to zhen zhou) 2011-11-10 10:22:35 +00:00
Miroslav Stampar
c1486ed4be adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request 2011-10-25 09:53:44 +00:00
Miroslav Stampar
6d64f87190 minor update 2011-10-24 00:46:54 +00:00