Commit Graph

1065 Commits

Author SHA1 Message Date
Bernardo Damele
05d12790f1 closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) 2011-04-06 14:41:44 +00:00
Miroslav Stampar
a379463213 cosmeticado 2011-04-06 08:40:06 +00:00
Miroslav Stampar
b327bbcd9b minor fix (it was quite ... to have this check at the later stage) 2011-04-06 08:39:24 +00:00
Bernardo Damele
81034140c0 Reduced number of threads to 3 when -o is provided 2011-04-06 08:15:20 +00:00
Miroslav Stampar
2c01fc56e6 minor update regarding misusage of --proxy and --ignore-proxy switches 2011-04-04 09:19:43 +00:00
Miroslav Stampar
305115a68b important improvement of data handling (POST data and header values) 2011-04-03 15:02:52 +00:00
Miroslav Stampar
bbd4c128b0 minor update related to the last commit 2011-04-01 22:19:42 +00:00
Miroslav Stampar
cd7e4f5afc improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form) 2011-04-01 22:12:24 +00:00
Bernardo Damele
c3b54cc222 Cosmetics 2011-04-01 16:40:28 +00:00
Miroslav Stampar
e27afef6be minor update regarding --current-db on Oracle 2011-04-01 15:56:11 +00:00
Bernardo Damele
eb99f68a7a Minor improvement to --wizard. This does not mean I like the kiddie feature though ;) 2011-04-01 14:55:39 +00:00
Miroslav Stampar
de4e0c7346 minor update related to the problem with request files reported by jorge_a_santos@hotmail.com 2011-04-01 12:09:11 +00:00
Miroslav Stampar
ee15988878 another minor update related to previous commit 2011-03-31 17:34:07 +00:00
Miroslav Stampar
156d24203f speed optimization 2011-03-31 17:16:26 +00:00
Miroslav Stampar
220366b6e8 minor update (ip addresses will not be confused any more for crypt_generic hashes) 2011-03-31 16:56:26 +00:00
Miroslav Stampar
c5de903eab minor improvement ("quick defense against substr fields") 2011-03-31 09:35:09 +00:00
Miroslav Stampar
ce51326bff quick fix 2011-03-31 08:43:17 +00:00
Miroslav Stampar
dd01d66f13 proper update regarding last commit 2011-03-29 22:10:08 +00:00
Miroslav Stampar
b6af80bab3 refactoring, cleanup and improvement 2011-03-29 21:54:15 +00:00
Miroslav Stampar
adfbfef8c1 minor refactoring 2011-03-29 21:01:47 +00:00
Miroslav Stampar
12f3024c8a removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header) 2011-03-29 20:45:21 +00:00
Miroslav Stampar
d0861a00e2 minor improvement 2011-03-29 15:37:57 +00:00
Miroslav Stampar
d28ca5809b adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page) 2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc minor refactoring and comment update 2011-03-29 12:08:07 +00:00
Miroslav Stampar
5560196648 minor fix 2011-03-29 11:50:12 +00:00
Miroslav Stampar
e20d460809 Bernardo will kill me (added --wizard for total beginners) 2011-03-29 11:42:55 +00:00
Miroslav Stampar
86f93713d3 fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update 2011-03-29 06:25:17 +00:00
Miroslav Stampar
bf0e3c4662 improvement for --forms with empty fields 2011-03-28 22:48:00 +00:00
Miroslav Stampar
1e22ff45de minor update regarding testing of GET parameters if --data and/or --forms is used 2011-03-28 16:14:08 +00:00
Miroslav Stampar
625f124263 little info message 2011-03-28 12:13:17 +00:00
Miroslav Stampar
47924fb92e fix for a bug reported by malice.anon@gmail.co​m (AttributeError: 'unicode' object has no attribute 'geturl') 2011-03-27 13:41:54 +00:00
Miroslav Stampar
76b7e3517d minor update 2011-03-27 07:58:15 +00:00
Miroslav Stampar
afe2be6a9f implementation of Standard DES hashing (crypt) 2011-03-26 20:46:25 +00:00
Miroslav Stampar
c5b6d377fb fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages) 2011-03-25 12:14:19 +00:00
Miroslav Stampar
af5342c495 fix for partial inband queries on MSSQL 2011-03-25 11:19:15 +00:00
Miroslav Stampar
e80c9e08d8 minor update regarding --live-test 2011-03-25 09:03:08 +00:00
Miroslav Stampar
1f1c4c0e61 better update related to the last commit 2011-03-24 20:04:20 +00:00
Miroslav Stampar
c0cc5d1dad minor update 2011-03-24 17:18:03 +00:00
Miroslav Stampar
f3858a5fcf another fix related to the bug reported by Alone Shell 2011-03-24 17:08:14 +00:00
Miroslav Stampar
e42cdfd138 adding possibility to run only one live test (e.g. --run-case=8) 2011-03-24 12:07:47 +00:00
Miroslav Stampar
2b15ad57c2 basic live tests against 3 major DBMSes 2011-03-24 11:47:01 +00:00
Miroslav Stampar
ecbbfeba6e introduction of --fresh-queries 2011-03-24 10:08:47 +00:00
Miroslav Stampar
d79fae724c minor refactoring 2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2 fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file 2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9 implementing a --page-rank switch as requested by l0rda@l0rda.biz 2011-03-23 11:57:57 +00:00
Miroslav Stampar
5a1aaecf16 minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION') 2011-03-22 13:07:37 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
3ca5cddca7 massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL) 2011-03-20 23:54:56 +00:00
Miroslav Stampar
088c815567 minor update (exposing --tor switch) 2011-03-19 18:28:51 +00:00
Miroslav Stampar
2cc91b8470 minor fix 2011-03-19 17:44:34 +00:00
Miroslav Stampar
7c2b3afafb minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r) 2011-03-19 17:37:26 +00:00
Miroslav Stampar
139448eeb9 little stabilization regarding POST url(de/en)coding 2011-03-19 16:53:14 +00:00
Miroslav Stampar
0fcd999e51 fix for a bug reported by malice 2011-03-18 16:52:46 +00:00
Miroslav Stampar
58e9a074d3 masking some more command line arguments 2011-03-18 16:47:18 +00:00
Miroslav Stampar
36233fac42 update regarding a feature request from andyroyalbattle@yahoo.it 2011-03-18 16:35:30 +00:00
Miroslav Stampar
00b9d85ffc fix regarding bug report from andyroyalbattle@yahoo.it 2011-03-18 16:26:39 +00:00
Miroslav Stampar
4e300baaf2 minor cosmetics 2011-03-18 14:09:18 +00:00
Miroslav Stampar
3628887110 los cosmeticados 2011-03-18 14:08:36 +00:00
Miroslav Stampar
75c0e09f43 little refactoring 2011-03-18 13:46:51 +00:00
Miroslav Stampar
c301b245a9 adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value) 2011-03-18 13:39:51 +00:00
Miroslav Stampar
b53c9a2599 minor fix and some refactoring 2011-03-18 00:24:02 +00:00
Miroslav Stampar
fbd0cfda29 minor update toward the implementation of request from Santiago 2011-03-17 06:39:05 +00:00
Bernardo Damele
f00aff5303 -v 0 shows both error, critical and raw_input messages 2011-03-11 22:02:38 +00:00
Bernardo Damele
d7d47b6257 Minor bug fix (revert) 2011-03-11 21:56:45 +00:00
Miroslav Stampar
e64f225e65 minor refactoring 2011-03-11 20:16:34 +00:00
Miroslav Stampar
6cc745f789 removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut) 2011-03-11 20:04:15 +00:00
Miroslav Stampar
5eae525010 this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly) 2011-03-11 19:57:44 +00:00
Bernardo Damele
3cb0ca4b63 Minor bug fix for --privileges on PgSQL with error-based SQL inj technique 2011-03-11 15:24:25 +00:00
Bernardo Damele
5af7410cb1 Another bug fix for --privileges on PgSQL with UNION query technique 2011-03-11 15:13:09 +00:00
Bernardo Damele
74ef1e53c7 Minor bug fixes to --privileges for PostgreSQL query (corner case) 2011-03-11 14:54:41 +00:00
Miroslav Stampar
eb1cda7065 minor refactoring (more consistent) 2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387 minor refactoring 2011-03-09 11:37:37 +00:00
Miroslav Stampar
5c97f9a496 improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries) 2011-03-09 09:36:56 +00:00
Miroslav Stampar
9b2962ff1c now when we don't urlencode whole URI using : and \ as safe chars is not a good idea 2011-03-09 08:56:29 +00:00
Miroslav Stampar
30619c599b minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...) 2011-03-08 11:53:59 +00:00
Miroslav Stampar
cc0306044c adding SVN revision number support for non SVN client platforms 2011-03-07 21:54:30 +00:00
Miroslav Stampar
16b286982d fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split') 2011-03-07 09:50:43 +00:00
Miroslav Stampar
8edc3b3302 further update regarding last commit 2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17 possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms) 2011-03-03 09:42:50 +00:00
Miroslav Stampar
f27f05308a minor update for masking sensitive data in error report (added aCred too) 2011-03-02 10:09:17 +00:00
Miroslav Stampar
ad2e4002ea minor improvement 2011-03-01 10:38:27 +00:00
Miroslav Stampar
0f3cc153a3 fix for --technique 2011-03-01 09:54:06 +00:00
Miroslav Stampar
2bf212ffa9 minor minor update 2011-02-27 20:43:38 +00:00
Miroslav Stampar
7036190e8e minor improvement of regular expression 2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90 further reflective value handling improvement 2011-02-27 17:43:41 +00:00
Bernardo Damele
6e8ebd35f4 Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable 2011-02-27 12:17:41 +00:00
Miroslav Stampar
88faedc0fe fix for a bug reported by -insane- 2011-02-26 17:48:19 +00:00
Miroslav Stampar
11996ce12e bug fix for international encoded letters 2011-02-25 22:43:01 +00:00
Miroslav Stampar
2bbbc9a41e few updates 2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e If no Accept header field is present, then it is assumed that the client accepts all media types. 2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068 adding experimental for --group-concat 2011-02-22 14:35:38 +00:00
Miroslav Stampar
3f8eadf4fe minor refactoring 2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe minor refactoring 2011-02-22 12:54:22 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
aac817935a further improvement of MaxDB support 2011-02-20 22:41:42 +00:00
Miroslav Stampar
70449eb01b minor bug fix 2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d minor update 2011-02-20 21:27:38 +00:00
Bernardo Damele
8e60acae5d Added support for --scope also in WebScarab logs (-l) 2011-02-19 21:03:55 +00:00