Miroslav Stampar
|
13f8c001a7
|
minor update
|
2011-04-19 11:13:53 +00:00 |
|
Miroslav Stampar
|
a7366bf710
|
SOAP refactoring
|
2011-04-17 21:39:00 +00:00 |
|
Miroslav Stampar
|
29ee760021
|
improving time based data retrieval mechanism
|
2011-04-17 07:24:18 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
8c6f7c7d5f
|
explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay
|
2011-04-15 08:52:53 +00:00 |
|
Miroslav Stampar
|
bb99bd2fbe
|
one more commit related to the issue with displaying of garbled characters
|
2011-04-14 09:43:36 +00:00 |
|
Miroslav Stampar
|
58a93c5b1f
|
better beep for MacOSX
|
2011-04-13 18:32:47 +00:00 |
|
Miroslav Stampar
|
c193b896be
|
just in case update to prevent gibberish "retrieved: " outputs
|
2011-04-12 23:07:50 +00:00 |
|
Miroslav Stampar
|
723a7447b2
|
minor refactoring
|
2011-04-10 07:16:19 +00:00 |
|
Miroslav Stampar
|
c714ac6421
|
added support for handling binary data values (no more garbish chars)
|
2011-04-09 23:13:16 +00:00 |
|
Miroslav Stampar
|
4ad73f9263
|
added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics
|
2011-04-09 22:39:03 +00:00 |
|
Miroslav Stampar
|
83feb097ef
|
greater flexibility for --batch when default is None
|
2011-04-08 22:29:50 +00:00 |
|
Miroslav Stampar
|
ae4ea0af45
|
fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')
|
2011-04-07 13:57:07 +00:00 |
|
Bernardo Damele
|
05d12790f1
|
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
|
2011-04-06 14:41:44 +00:00 |
|
Miroslav Stampar
|
305115a68b
|
important improvement of data handling (POST data and header values)
|
2011-04-03 15:02:52 +00:00 |
|
Bernardo Damele
|
c3b54cc222
|
Cosmetics
|
2011-04-01 16:40:28 +00:00 |
|
Miroslav Stampar
|
156d24203f
|
speed optimization
|
2011-03-31 17:16:26 +00:00 |
|
Miroslav Stampar
|
ce51326bff
|
quick fix
|
2011-03-31 08:43:17 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
b6af80bab3
|
refactoring, cleanup and improvement
|
2011-03-29 21:54:15 +00:00 |
|
Miroslav Stampar
|
12f3024c8a
|
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
|
2011-03-29 20:45:21 +00:00 |
|
Miroslav Stampar
|
c5b6d377fb
|
fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)
|
2011-03-25 12:14:19 +00:00 |
|
Miroslav Stampar
|
1f1c4c0e61
|
better update related to the last commit
|
2011-03-24 20:04:20 +00:00 |
|
Miroslav Stampar
|
d79fae724c
|
minor refactoring
|
2011-03-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
58e9a074d3
|
masking some more command line arguments
|
2011-03-18 16:47:18 +00:00 |
|
Miroslav Stampar
|
00b9d85ffc
|
fix regarding bug report from andyroyalbattle@yahoo.it
|
2011-03-18 16:26:39 +00:00 |
|
Miroslav Stampar
|
6cc745f789
|
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
|
2011-03-11 20:04:15 +00:00 |
|
Miroslav Stampar
|
16b286982d
|
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
|
2011-03-07 09:50:43 +00:00 |
|
Miroslav Stampar
|
f27f05308a
|
minor update for masking sensitive data in error report (added aCred too)
|
2011-03-02 10:09:17 +00:00 |
|
Miroslav Stampar
|
2bf212ffa9
|
minor minor update
|
2011-02-27 20:43:38 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Miroslav Stampar
|
88faedc0fe
|
fix for a bug reported by -insane-
|
2011-02-26 17:48:19 +00:00 |
|
Miroslav Stampar
|
2bbbc9a41e
|
few updates
|
2011-02-25 09:35:24 +00:00 |
|
Miroslav Stampar
|
aa88361ab1
|
incorporation of method for neutralization of reflective values
|
2011-02-25 09:22:44 +00:00 |
|
Miroslav Stampar
|
dcad5410fe
|
minor refactoring
|
2011-02-22 12:54:22 +00:00 |
|
Miroslav Stampar
|
6cdf08b81c
|
minor fix
|
2011-02-17 21:51:40 +00:00 |
|
Miroslav Stampar
|
22cd49a217
|
--technique can now be something like 123 which includes both techniques 1, 2 and 3
|
2011-02-17 21:39:16 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Bernardo Damele
|
c3eb82e60b
|
Proper fix
|
2011-02-08 10:08:48 +00:00 |
|
Miroslav Stampar
|
dba2f74588
|
revert of r3274
|
2011-02-08 09:44:34 +00:00 |
|
Bernardo Damele
|
cfe2da0195
|
Minor fix
|
2011-02-08 00:13:39 +00:00 |
|
Miroslav Stampar
|
e023e0d233
|
proper fix
|
2011-02-07 12:32:08 +00:00 |
|
Bernardo Damele
|
3719f085ae
|
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
|
2011-02-07 00:21:17 +00:00 |
|
Miroslav Stampar
|
4df8a03c04
|
using OrderedDict to store parameters in order of appearance
|
2011-02-04 18:07:21 +00:00 |
|
Bernardo Damele
|
fec88f6a6d
|
Minor fix
|
2011-02-04 15:57:53 +00:00 |
|
Miroslav Stampar
|
accf4e6ce0
|
one important fix (URI injection parameter '*' now can go anywhere)
|
2011-02-04 12:43:18 +00:00 |
|
Miroslav Stampar
|
c229efba05
|
revert
|
2011-02-04 11:33:21 +00:00 |
|
Miroslav Stampar
|
d211def899
|
minor adjustment (accepting strange new looking uri formats)
|
2011-02-04 10:55:03 +00:00 |
|
Miroslav Stampar
|
9a1a28c804
|
adding comments to filtering function
|
2011-02-03 23:09:08 +00:00 |
|
Miroslav Stampar
|
2dae57a56d
|
cosmetics
|
2011-02-02 14:35:21 +00:00 |
|
Miroslav Stampar
|
6c87bd1c63
|
added maskSensitiveData function
|
2011-02-02 14:25:16 +00:00 |
|
Bernardo Damele
|
3d966bd569
|
You never know..
|
2011-02-01 22:05:12 +00:00 |
|
Miroslav Stampar
|
705d45f4db
|
minor cosmetics
|
2011-02-01 11:10:23 +00:00 |
|
Miroslav Stampar
|
196e2d35b2
|
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
|
2011-02-01 11:06:56 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
25c175a9a5
|
minor bug fix
|
2011-01-31 22:34:57 +00:00 |
|
Bernardo Damele
|
b04e1a0313
|
More detailed message for unhandled exception
|
2011-01-31 21:23:40 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Miroslav Stampar
|
5e768be509
|
minor bug fix
|
2011-01-31 09:34:54 +00:00 |
|
Miroslav Stampar
|
f7feebe0df
|
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
|
2011-01-31 09:28:16 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
ddd296030d
|
added some more info to unhandled exception message(s)
|
2011-01-28 16:15:45 +00:00 |
|
Miroslav Stampar
|
81722b6881
|
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
|
2011-01-27 18:36:28 +00:00 |
|
Miroslav Stampar
|
6cc69f5e16
|
now --technique is appliable also after the injections have been identified
|
2011-01-24 16:47:24 +00:00 |
|
Miroslav Stampar
|
81011be0d7
|
minor update of parseTargetUrl method
|
2011-01-24 14:52:50 +00:00 |
|
Miroslav Stampar
|
b18397fbc7
|
major revisit of --os-shell methods
|
2011-01-23 20:47:06 +00:00 |
|
Bernardo Damele
|
7d1c704575
|
Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
|
2011-01-20 21:56:10 +00:00 |
|
Miroslav Stampar
|
345e2288e1
|
important fix regarding encoding stuff
|
2011-01-20 13:54:18 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Miroslav Stampar
|
aea43a1e43
|
minor refactoring
|
2011-01-19 15:26:57 +00:00 |
|
Miroslav Stampar
|
eadaf680de
|
fuck yea
|
2011-01-19 15:25:48 +00:00 |
|
Miroslav Stampar
|
89e0fd0709
|
back to roots
|
2011-01-19 14:06:26 +00:00 |
|
Bernardo Damele
|
33485198e1
|
Code cleanup
|
2011-01-18 23:05:32 +00:00 |
|
Bernardo Damele
|
47565f9459
|
Minor code refactoring
|
2011-01-17 21:13:59 +00:00 |
|
Miroslav Stampar
|
041abb56e2
|
you can't believe how much man can learn when having good testing points
|
2011-01-17 13:59:22 +00:00 |
|
Miroslav Stampar
|
d225c5c9aa
|
was wrong about this one (just now tested on a real site)
|
2011-01-17 11:00:09 +00:00 |
|
Miroslav Stampar
|
ac0b5e6dbc
|
proper way to handle this (console output has totally different encoding than the page one)
|
2011-01-17 10:27:36 +00:00 |
|
Miroslav Stampar
|
2041361695
|
minor cosmetics
|
2011-01-16 23:20:52 +00:00 |
|
Miroslav Stampar
|
e2c821eb81
|
minor cosmetics
|
2011-01-16 22:35:54 +00:00 |
|
Miroslav Stampar
|
e881465a9f
|
minor improvement
|
2011-01-16 20:55:07 +00:00 |
|
Miroslav Stampar
|
30d6791968
|
update regarding time based data retrieval
|
2011-01-16 17:52:42 +00:00 |
|
Miroslav Stampar
|
2001bad7e1
|
automatic adjustment of timeSec for delayed queries
|
2011-01-16 12:04:32 +00:00 |
|
Miroslav Stampar
|
71391874eb
|
slightly faster and thread safer inference
|
2011-01-16 10:52:42 +00:00 |
|
Miroslav Stampar
|
29ea0950b6
|
now False is also affected (along with None and "")
|
2011-01-15 23:43:26 +00:00 |
|
Bernardo Damele
|
558f3894f4
|
Minor improvement
|
2011-01-15 23:20:52 +00:00 |
|
Miroslav Stampar
|
5bdb50c224
|
code review part 3
|
2011-01-15 13:15:10 +00:00 |
|
Miroslav Stampar
|
6a0e0cde3c
|
code review of modules in lib/core directory
|
2011-01-15 12:13:45 +00:00 |
|
Miroslav Stampar
|
daf5662eab
|
update
|
2011-01-14 15:33:49 +00:00 |
|
Bernardo Damele
|
1cfd6a6b9d
|
Code cleanup
|
2011-01-14 15:16:34 +00:00 |
|
Miroslav Stampar
|
08f7e20c51
|
minor code refactoring
|
2011-01-14 14:55:59 +00:00 |
|
Miroslav Stampar
|
fb9d7cdfaa
|
refactoring, code clearing and removal of obsolete switch --longest-common
|
2011-01-14 14:37:03 +00:00 |
|
Bernardo Damele
|
3c95d71ea5
|
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
|
2011-01-14 11:55:20 +00:00 |
|
Bernardo Damele
|
7d9fd5a7b7
|
Minor bug fix
|
2011-01-14 09:49:14 +00:00 |
|
Miroslav Stampar
|
676b95b30a
|
minor code refactoring
|
2011-01-14 09:44:56 +00:00 |
|
Bernardo Damele
|
f8c04ce020
|
Minor bug fix
|
2011-01-13 20:59:13 +00:00 |
|
Bernardo Damele
|
2ac8debea0
|
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
|
2011-01-13 17:36:54 +00:00 |
|
Bernardo Damele
|
877ea31521
|
Verbose docstring
|
2011-01-13 12:05:14 +00:00 |
|
Miroslav Stampar
|
ac5b49f555
|
update
|
2011-01-13 11:24:03 +00:00 |
|
Bernardo Damele
|
af4ee81e62
|
Cosmetics
|
2011-01-13 11:23:07 +00:00 |
|