Commit Graph

737 Commits

Author SHA1 Message Date
Miroslav Stampar
f9fe1dde73 Minor patch (WAFs with 404) 2019-06-01 12:55:53 +02:00
Miroslav Stampar
f8e9f9c87d Further pleasing the pylint gods 2019-05-30 23:03:17 +02:00
Miroslav Stampar
c188eb5608 Minor pylint stuff 2019-05-30 23:03:17 +02:00
Miroslav Stampar
8ca4cffb98 Minor refactoring 2019-05-28 14:12:35 +02:00
Miroslav Stampar
b5e489f0f0 Fixes #3720 2019-05-27 13:03:25 +02:00
Miroslav Stampar
130bcd4b9b Minor update 2019-05-24 14:18:18 +02:00
Miroslav Stampar
ad01aa7449 Further integration of identYwaf 2019-05-24 13:54:10 +02:00
Miroslav Stampar
0c79504ff1 Switching from WAF scripts to identYwaf (avoiding redundant work from my side) 2019-05-24 13:09:28 +02:00
Miroslav Stampar
36f2bb5390 Minor beautification (e.g. HTTP header cases like Host parameter 'Host') 2019-05-21 12:07:19 +02:00
Miroslav Stampar
23a7aea2db Fixes #3687 2019-05-20 19:41:12 +02:00
Miroslav Stampar
dd450b53f4 Less requests in case of non-injectable parameters 2019-05-20 15:13:52 +02:00
Miroslav Stampar
2efcded23b Fixes #3644 2019-05-10 09:30:21 +02:00
Miroslav Stampar
3d89668495 Fixes #3640 2019-05-09 10:16:10 +02:00
Miroslav Stampar
9c247b3833 Last preparations for DREI 2019-05-08 12:47:52 +02:00
Miroslav Stampar
09aba3b5ce More DREI updates 2019-05-08 12:28:50 +02:00
Miroslav Stampar
33b42a17d7 Fixes #3622 2019-05-06 00:54:21 +02:00
Miroslav Stampar
ff968c2331 More drei stuff 2019-05-02 16:54:54 +02:00
Miroslav Stampar
ff61417fc0 Trivial style update 2019-04-29 11:01:40 +02:00
gweeperx
14bf1e4ce7 Add INFERENCE_EQUALS_CHAR during the check for false positives (#3609)
* Update checks.py

* Update checks.py
2019-04-29 10:58:12 +02:00
Miroslav Stampar
da15701a55 Minor DREI updates 2019-04-18 16:06:19 +02:00
Miroslav Stampar
dbd93e2670 Minor refactoring (drei stuff) 2019-03-29 02:28:16 +01:00
Miroslav Stampar
9b72545d09 Some more DREI stuff 2019-03-28 16:04:38 +01:00
Miroslav Stampar
4b020c4257 Some more drei stuff 2019-03-28 15:14:16 +01:00
Miroslav Stampar
afe497a954 Dealing with basesting (one baby step closer to Py3 salvation) 2019-03-28 13:53:54 +01:00
Miroslav Stampar
2f53014685 God help us all with this Python3 non-sense 2019-03-27 13:33:46 +01:00
Miroslav Stampar
e64cc86fc4 Patch related to the #3524 2019-03-25 11:42:16 +01:00
Miroslav Stampar
5a71210c8a Update regarding #2940 (PEP 394) 2019-03-21 14:00:09 +01:00
Miroslav Stampar
bf3edcfc1c Fixes #3542 2019-03-20 11:33:10 +01:00
Miroslav Stampar
10977ca530 Fixes #3510 2019-03-04 13:21:57 +01:00
Miroslav Stampar
e01a7908aa Trivial renaming update 2019-01-26 12:36:03 +01:00
Miroslav Stampar
ef8530af5b Fixing mess with template payloads and URI/JSON/XML/custom cases 2019-01-22 11:08:57 +01:00
Miroslav Stampar
8f13bda035 Some more preparing for 2to3 (keys() is iter in 3) 2019-01-22 03:00:44 +01:00
Miroslav Stampar
db3bed3f44 Update related to the last commit 2019-01-22 01:20:27 +01:00
Miroslav Stampar
7672b9a0a2 Baby steps (2 to 3 at a time) 2019-01-22 00:40:48 +01:00
Miroslav Stampar
5274c88c7d Minor patch of --identify-waf mechanism 2019-01-09 16:26:11 +01:00
Miroslav Stampar
9a221470e7 Minor patch 2019-01-09 15:44:11 +01:00
Miroslav Stampar
3b4e44a38d Better results with following the redirect in identifyWaf phase 2019-01-07 16:05:59 +01:00
Miroslav Stampar
590e8ed5ae update_copyright_year() 2019-01-05 21:38:52 +01:00
Miroslav Stampar
9564c8e8b1 Refactoring regarding casting warnings 2018-12-21 11:29:57 +01:00
Miroslav Stampar
101d1f0d49 Fixes #3395 2018-12-03 23:18:52 +01:00
Miroslav Stampar
843126702d Fixes #3392 2018-12-03 23:12:45 +01:00
Miroslav Stampar
73d83280fe Minor patch (bounded injection case with leftover marker) 2018-11-01 22:24:36 +01:00
Miroslav Stampar
feb93dce44 Update related to the #3304 2018-10-17 12:24:52 +02:00
Miroslav Stampar
411f56e710 Initial implementation for #3283 2018-10-16 12:23:07 +02:00
Miroslav Stampar
880d438418 Fixes #3284 2018-10-12 00:29:43 +02:00
Miroslav Stampar
459e1dd9a4 Update related to the #3252 2018-09-24 10:26:27 +02:00
Miroslav Stampar
0c7eecee9f Trivial update (message language) 2018-09-18 16:52:17 +02:00
Miroslav Stampar
3e72da66f9 Minor update (preventing WAF specific response reports on generic 403) 2018-09-18 16:45:08 +02:00
Miroslav Stampar
a5e3dce26f Proper naming 2018-09-14 10:01:31 +02:00
Miroslav Stampar
12012b36b1 Automatic disabling of socket-preconnect for known problematic server (SimpleHTTPServer) 2018-09-04 23:01:17 +02:00
Miroslav Stampar
0507234add Minor update 2018-08-29 11:06:45 +02:00
Miroslav Stampar
a296d22195 Fixes #3205 2018-08-10 14:01:55 +02:00
Miroslav Stampar
d47c16e196 Minor refactoring 2018-06-07 00:55:32 +02:00
Miroslav Stampar
091c8ab2dd Minor update (switching --invalid-logical to LIKE version) 2018-06-07 00:37:22 +02:00
Miroslav Stampar
6b3f01bfeb Minor patch 2018-05-28 11:07:06 +02:00
Miroslav Stampar
2a810fb796 Trivial modifications (thou shalt not judge people by trivial commits) 2018-05-03 14:10:55 +02:00
Miroslav Stampar
8f7a7bed20 Minor patch 2018-05-03 13:31:27 +02:00
Miroslav Stampar
8ca3287df4 Proper way to skip already used payloads (important to --suffix/--prefix cases) 2018-04-12 14:38:32 +02:00
Miroslav Stampar
a8cb14ed4a Minor patch (disable tamper script usage in WAF/IDS/IPS check phase) 2018-04-11 14:48:54 +02:00
Miroslav Stampar
7f3f1dcdee Fixes #3022 2018-04-03 12:50:09 +02:00
Miroslav Stampar
4147f44e63 Potential patch for Issues like #3013 and #3017 2018-04-01 12:45:47 +02:00
Miroslav Stampar
2cc6214227 Fixes #3020 2018-04-01 11:25:51 +02:00
Miroslav Stampar
8a90512354 One more commit related to the last one (reduce false hopes in heavily dynamic cases) 2018-03-31 11:02:48 +02:00
Miroslav Stampar
ae8699f258 Reducing false-positive 'appears' messages in heavily dynamic environment 2018-03-29 14:47:30 +02:00
Miroslav Stampar
cdb1e79370 Disabling ORDER BY tests in heavily dynamic environment 2018-03-29 14:37:33 +02:00
Miroslav Stampar
16cd13d7db Fixes #3014 2018-03-28 17:24:12 +02:00
Miroslav Stampar
45fb5ab4a5 Patch for cases when http: is immediatelly being redirected to https: 2018-03-28 15:13:33 +02:00
Miroslav Stampar
f287ff3767 Trivial comment update 2018-03-21 14:29:54 +01:00
Miroslav Stampar
7d5a0ed2dc Use false-positive checks in dummy mode 2018-03-21 14:22:59 +01:00
Miroslav Stampar
74de40b9c5 Minor patch of a previous commit 2018-03-16 15:21:19 +01:00
Miroslav Stampar
6c2b7cff80 Minor patch of UNION checking logic 2018-03-16 15:11:04 +01:00
Miroslav Stampar
fa4c1c5251 Some more PEPing (I hope that I haven't broke anything) 2018-03-13 13:45:42 +01:00
Miroslav Stampar
5380e8174b Safer WAF heuristics in case of URI injections 2018-03-11 03:20:33 +01:00
Miroslav Stampar
4cefff7e98 Bug fix (misencoding inside check waf payload) 2018-03-11 03:13:33 +01:00
Miroslav Stampar
9e75bb7f68 Minor patch 2018-01-31 11:43:17 +01:00
Miroslav Stampar
8a122401aa Update of copyright years 2018-01-02 00:48:10 +01:00
Miroslav Stampar
66c1f72a16 Minor optimization 2017-12-29 13:04:52 +01:00
Miroslav Stampar
5326df1071 Minor grammar fix 2017-12-13 13:49:55 +01:00
Miroslav Stampar
8cef17b583 Minor just in case patch (error set in case of --string) 2017-12-12 11:18:17 +01:00
Miroslav Stampar
220dffbcfa Couple of wording updates 2017-12-04 13:59:35 +01:00
Miroslav Stampar
7c5b051d60 Fixes #2808 2017-11-29 15:59:00 +01:00
Miroslav Stampar
132a72c9bd Minor update of logging messages 2017-11-24 12:20:57 +01:00
Miroslav Stampar
67b470245e Minor cleanup of NULL connection 2017-11-09 13:45:52 +01:00
Miroslav Stampar
58b87e4b6b Some more refactoring 2017-11-08 15:58:23 +01:00
Miroslav Stampar
496075ef20 Trivial refactoring 2017-10-31 10:10:22 +01:00
Miroslav Stampar
1f60dfc835 Minor patch for WAF mechanism 2017-10-16 11:42:11 +02:00
Miroslav Stampar
8c6b761044 Replacing doc/COPYING to LICENSE 2017-10-11 14:50:46 +02:00
Miroslav Stampar
12f802c70f Minor text update 2017-09-11 10:41:50 +02:00
Miroslav Stampar
96ffb4b911 Fixes #2693 2017-09-11 10:38:19 +02:00
Miroslav Stampar
cb2258fea4 Fixes #2603 2017-08-28 13:02:08 +02:00
Miroslav Stampar
8b0c50f25d Update related to the #2663 2017-08-23 13:17:37 +02:00
Miroslav Stampar
62ae149464 Minor patch 2017-07-29 03:35:05 +02:00
Miroslav Stampar
0f9c81965b Implementation on request 2017-07-26 00:24:13 +02:00
Miroslav Stampar
d12b65d38c Fixes #2624 2017-07-25 23:32:30 +02:00
Louis-Philippe Huberdeau
e38267a61e Include tracking properties in the HAR to identify which test the requests were associated to 2017-07-18 15:46:52 -04:00
Miroslav Stampar
1678b606a2 Update for #2597 2017-07-03 16:55:24 +02:00
Louis-Philippe Huberdeau
0d756a8823 Parse request data and convert to HAR, include in injection data 2017-06-23 11:50:21 -04:00
Miroslav Stampar
864711b434 Minor improvement 2017-06-05 16:48:14 +02:00
Miroslav Stampar
996ad59126 Minor patch 2017-06-05 16:28:19 +02:00
Miroslav Stampar
359bfb2704 Minor adjustment 2017-05-26 14:14:35 +02:00