Commit Graph

847 Commits

Author SHA1 Message Date
Miroslav Stampar
99aa38b58f minor refactoring 2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) 2011-02-02 09:24:37 +00:00
Miroslav Stampar
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) 2011-02-01 22:45:38 +00:00
Bernardo Damele
2619e4895f Properly handle --technique at save/resume phase 2011-02-01 22:05:48 +00:00
Bernardo Damele
3d966bd569 You never know.. 2011-02-01 22:05:12 +00:00
Miroslav Stampar
705d45f4db minor cosmetics 2011-02-01 11:10:23 +00:00
Miroslav Stampar
196e2d35b2 maybe we could ask user "are you willing to import local data content into error report" and use this function respectably 2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Miroslav Stampar
25c175a9a5 minor bug fix 2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313 More detailed message for unhandled exception 2011-01-31 21:23:40 +00:00
Bernardo Damele
ec9ebb3479 Set threads to 4 when optimization switch is provided, -o 2011-01-31 21:21:13 +00:00
Bernardo Damele
8397c526d8 Minor adjustment 2011-01-31 21:20:23 +00:00
Miroslav Stampar
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) 2011-01-31 20:36:01 +00:00
Miroslav Stampar
b1dc928e68 implemented validation for time-based inference 2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c fix for a bug (--predict-output) noticed by Bernardo 2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Miroslav Stampar
fb3513650d adding ID properties 2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8 refactoring of MSSQL XML banner parsing 2011-01-31 11:38:00 +00:00
Miroslav Stampar
7175efcae1 another minor cosmetic update 2011-01-31 10:59:51 +00:00
Miroslav Stampar
97328c3104 minor fix 2011-01-31 10:54:13 +00:00
Miroslav Stampar
5e768be509 minor bug fix 2011-01-31 09:34:54 +00:00
Miroslav Stampar
f7feebe0df fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments) 2011-01-31 09:28:16 +00:00
Miroslav Stampar
fc9c626f9e minor refactoring (removed URL_ENCODE_PAYLOAD) 2011-01-30 17:03:06 +00:00
Bernardo Damele
21e7223779 perhaps this is better english 2011-01-30 16:34:13 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d added some more info to unhandled exception message(s) 2011-01-28 16:15:45 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0 minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) 2011-01-27 16:55:58 +00:00
Miroslav Stampar
bb6e36fb02 minor updates 2011-01-27 12:38:39 +00:00
Miroslav Stampar
6cc69f5e16 now --technique is appliable also after the injections have been identified 2011-01-24 16:47:24 +00:00
Miroslav Stampar
81011be0d7 minor update of parseTargetUrl method 2011-01-24 14:52:50 +00:00
Bernardo Damele
e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads 2011-01-24 12:25:45 +00:00
Miroslav Stampar
4441e11f68 fix for case -r with no params and cookie available 2011-01-24 11:26:51 +00:00
Miroslav Stampar
a3e3387113 fix for proper Firebird resume of version 2011-01-24 11:04:32 +00:00
Miroslav Stampar
c1145c244e fix for user-agent injections 2011-01-23 23:23:30 +00:00
Miroslav Stampar
b18397fbc7 major revisit of --os-shell methods 2011-01-23 20:47:06 +00:00
Miroslav Stampar
f5ff78d40c revert 2011-01-23 11:21:27 +00:00
Miroslav Stampar
3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) 2011-01-23 10:12:01 +00:00
Miroslav Stampar
30cd877c4a fix for URI based injections 2011-01-22 16:23:33 +00:00
Bernardo Damele
f1b402b103 Proper handling of CASE in Oracle, finally 2011-01-20 21:58:50 +00:00
Bernardo Damele
4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. 2011-01-20 21:57:54 +00:00
Bernardo Damele
7d1c704575 Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
2011-01-20 21:56:10 +00:00
Bernardo Damele
9770db597e Centralization of unescape() 2011-01-20 21:55:13 +00:00
Miroslav Stampar
dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode 2011-01-20 17:53:49 +00:00
Miroslav Stampar
ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) 2011-01-20 16:27:59 +00:00
Miroslav Stampar
e8c037de1a minor update 2011-01-20 16:17:38 +00:00
Miroslav Stampar
4e5f0da1ae minor update 2011-01-20 16:07:08 +00:00