Miroslav Stampar
67b470245e
Minor cleanup of NULL connection
2017-11-09 13:45:52 +01:00
Miroslav Stampar
58b87e4b6b
Some more refactoring
2017-11-08 15:58:23 +01:00
Miroslav Stampar
496075ef20
Trivial refactoring
2017-10-31 10:10:22 +01:00
Miroslav Stampar
1f60dfc835
Minor patch for WAF mechanism
2017-10-16 11:42:11 +02:00
Miroslav Stampar
8c6b761044
Replacing doc/COPYING to LICENSE
2017-10-11 14:50:46 +02:00
Miroslav Stampar
12f802c70f
Minor text update
2017-09-11 10:41:50 +02:00
Miroslav Stampar
96ffb4b911
Fixes #2693
2017-09-11 10:38:19 +02:00
Miroslav Stampar
cb2258fea4
Fixes #2603
2017-08-28 13:02:08 +02:00
Miroslav Stampar
c871cedae4
Adding hidden option '--force-dbms' to skip fingerprinting
2017-08-28 12:30:42 +02:00
Miroslav Stampar
8b0c50f25d
Update related to the #2663
2017-08-23 13:17:37 +02:00
Miroslav Stampar
62ae149464
Minor patch
2017-07-29 03:35:05 +02:00
Miroslav Stampar
5745d650f8
Fixes #2635
2017-07-29 02:42:20 +02:00
Miroslav Stampar
0f9c81965b
Implementation on request
2017-07-26 00:24:13 +02:00
Miroslav Stampar
d12b65d38c
Fixes #2624
2017-07-25 23:32:30 +02:00
Louis-Philippe Huberdeau
e38267a61e
Include tracking properties in the HAR to identify which test the requests were associated to
2017-07-18 15:46:52 -04:00
Miroslav Stampar
1678b606a2
Update for #2597
2017-07-03 16:55:24 +02:00
Louis-Philippe Huberdeau
0d756a8823
Parse request data and convert to HAR, include in injection data
2017-06-23 11:50:21 -04:00
Miroslav Stampar
864711b434
Minor improvement
2017-06-05 16:48:14 +02:00
Miroslav Stampar
996ad59126
Minor patch
2017-06-05 16:28:19 +02:00
Miroslav Stampar
359bfb2704
Minor adjustment
2017-05-26 14:14:35 +02:00
Miroslav Stampar
644ea2e3aa
Minor patch
2017-05-26 14:08:08 +02:00
Miroslav Stampar
4ce08dcfa3
Patch for an Issue #2536
2017-05-17 00:22:18 +02:00
Miroslav Stampar
d3a08a2d22
Implementation for an Issue #2505
2017-05-07 23:12:42 +02:00
Miroslav Stampar
fc8eede952
Minor cleanup and one bug fix
2017-04-19 14:46:27 +02:00
Miroslav Stampar
c8a0c525fc
Fixes #2489
2017-04-19 14:19:39 +02:00
Miroslav Stampar
5f2bb88037
Some code refactoring
2017-04-18 15:48:05 +02:00
Miroslav Stampar
7ebba5614a
Moving brute from techniques to utils
2017-04-18 13:53:41 +02:00
Miroslav Stampar
d9a931f77a
Minor cleanup
2017-04-14 13:14:53 +02:00
Miroslav Stampar
0e206da7c0
Minor patches (pydiatra)
2017-04-14 13:08:51 +02:00
Miroslav Stampar
9b3d229294
Fixes #2471
2017-04-10 19:21:22 +02:00
Miroslav Stampar
60e8c725f9
Fixes #2437
2017-03-12 23:24:13 +01:00
Miroslav Stampar
7960045cf9
Fixes #2277 and #2300
2017-02-27 13:58:07 +01:00
Miroslav Stampar
4b420e7579
Removing Google PageRank as it is dead now
2017-02-23 11:33:39 +01:00
Miroslav Stampar
38f16decef
Update for an Issue #2384
2017-02-06 13:28:33 +01:00
Miroslav Stampar
03bbf552ef
Patch for an Issue #2382
2017-02-06 11:14:45 +01:00
Miroslav Stampar
55272f7a3b
New version preparation
2017-01-02 14:19:18 +01:00
Francisco Blas Izquierdo Riera (klondike)
025e9ac5b4
Fix the logic used for --param-exclude
...
The current logic will skip all existing parameters if no param-exclude is defined.
This breaks previous behaviour, makes it harder to use the tool and is quite confusing.
The new logic will always check the parameter is set before running any other checks instead of shortcircuit an empoty(always true) regexp.
2016-12-28 12:25:05 +01:00
Miroslav Stampar
89bbf5284c
Adding new option --param-exclude on private request
2016-12-25 23:16:44 +01:00
Miroslav Stampar
edc6f47758
Some refactoring
2016-12-19 23:47:39 +01:00
Hanno Heinrichs
2cc604e356
Fix several typos
2016-10-26 21:41:57 +02:00
Miroslav Stampar
24eaf55dc8
Removing bad decision for -d (user should be able to choose)
2016-10-17 22:32:23 +02:00
Miroslav Stampar
6130185ac6
Minor consistency update with the wiki
2016-10-11 00:35:39 +02:00
Miroslav Stampar
171cf6f54d
Minor fine tuning for SQLi heuristic check
2016-10-04 11:32:06 +02:00
Miroslav Stampar
dc8301689e
Implementation for an Issue #2204
2016-10-02 11:13:40 +02:00
Miroslav Stampar
332726356c
Minor language update
2016-09-29 14:03:46 +02:00
Miroslav Stampar
381deb68ff
Implementation for an Issue #2137
2016-09-27 13:26:11 +02:00
Miroslav Stampar
7151df16f6
Adding extra validation step in case of boolean-based blind (e.g. if unexpected 500 occurs)
2016-09-27 11:21:12 +02:00
Miroslav Stampar
8994bf2dba
Further dealing with time-based SQLi (Issue #1973 )
2016-09-27 10:32:22 +02:00
Miroslav Stampar
09617c8243
Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973
2016-09-27 10:20:36 +02:00
Miroslav Stampar
556b4d289e
Minor cosmetic patch (removing multiple same content '...appears...' messages)
2016-09-26 17:02:40 +02:00
Miroslav Stampar
1b48ff223d
Adding initial support for Informix (Issue #552 )
2016-09-23 12:33:27 +02:00
Miroslav Stampar
56a918c408
Minor refactoring
2016-09-20 10:03:00 +02:00
Miroslav Stampar
bcd62ecc5b
Minor optimization (avoiding unnecessary deepcopies)
2016-09-20 09:56:08 +02:00
Miroslav Stampar
32dd4a938c
Minor patch of message
2016-09-09 11:37:16 +02:00
Miroslav Stampar
6b91b7b7fa
Minor cosmetics
2016-09-02 16:10:11 +02:00
Miroslav Stampar
cb43c03712
Definite patch for MemoryError(s) ( fixes #1991 )
2016-06-30 14:57:56 +02:00
Miroslav Stampar
8b4367d354
Revert of last commit
2016-06-26 01:42:21 +02:00
Miroslav Stampar
0a9d69a7d0
Minor patch
2016-06-26 01:10:47 +02:00
Miroslav Stampar
0175acd028
Bug fix (in some cases lack of warning message for SQLi appearing)
2016-06-23 17:52:37 +02:00
Miroslav Stampar
78fdb27a0b
More improvements
2016-06-03 15:51:52 +02:00
Miroslav Stampar
350baf0a0a
Minor update
2016-06-03 14:29:32 +02:00
Miroslav Stampar
9886b646eb
Proper update regarding the last commit
2016-06-03 14:18:28 +02:00
Miroslav Stampar
c5197b99a0
Minor patch and minor improvement
2016-06-03 13:59:32 +02:00
Miroslav Stampar
0e65043c84
Minor adjustment
2016-06-03 09:48:49 +02:00
Miroslav Stampar
229d3a7dd0
Patch for cases when error page looks more like original, than the False one does
2016-05-30 16:46:23 +02:00
Miroslav Stampar
b965e5bf1c
Minor refactoring
2016-05-30 16:06:39 +02:00
Miroslav Stampar
3bd74c5351
Minor patch
2016-05-30 15:20:21 +02:00
Miroslav Stampar
55624ec1a2
Minor message update
2016-05-30 14:40:22 +02:00
Miroslav Stampar
83b82a5e98
Bug fix (wrong handler used in case of DBMS resolution)
2016-05-30 10:32:49 +02:00
Miroslav Stampar
69fd900108
Adding waf script for detection of generic/unknown
2016-05-27 16:34:41 +02:00
Miroslav Stampar
de9f23939f
Major bug fix in WAF/IDS/IPS detection (question 'do you want..to try to detect backend WAF/IPS/IDS' never worked)
2016-05-27 13:41:03 +02:00
Miroslav Stampar
7a2ac23f0b
Adding new waf script (sitelock)
2016-05-27 02:13:01 +02:00
Miroslav Stampar
a5f8cae599
Fixes #1892
2016-05-24 17:58:35 +02:00
Miroslav Stampar
c395958dff
Fixes #1888
2016-05-24 14:55:19 +02:00
Miroslav Stampar
798b539eec
Minor update
2016-05-24 14:50:56 +02:00
Miroslav Stampar
f7cae68378
More formal language
2016-05-22 21:44:17 +02:00
Miroslav Stampar
f6ff1a115a
Better (automatic) picking of a --string candidate (especially in case of international pages)
2016-05-22 21:29:08 +02:00
Miroslav Stampar
32ee586e2a
Minor language update
2016-05-22 14:30:32 +02:00
Miroslav Stampar
6623c3f877
Pesky bug fix (nobody noticed :)
2016-05-22 14:22:31 +02:00
Miroslav Stampar
30a4173249
I like users which don't know the difference between detection and identification
2016-05-22 12:40:23 +02:00
Miroslav Stampar
5e8b105677
Fixes #1880
2016-05-19 19:46:12 +02:00
Miroslav Stampar
1e07269fe3
Patch for an Issue #1860
2016-05-12 16:42:12 +02:00
Miroslav Stampar
be9381abc5
Implements #1845
2016-05-06 13:06:59 +02:00
Miroslav Stampar
c797129956
Fixes #1833
2016-05-02 11:10:12 +02:00
Miroslav Stampar
9dd5cd8eb6
Removing CloudFlare check
2016-04-29 00:17:07 +02:00
Miroslav Stampar
aa21550712
Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself)
2016-04-15 13:47:19 +02:00
Miroslav Stampar
66061e8c5f
Fixes #1811
2016-04-15 12:04:54 +02:00
Miroslav Stampar
0245ce6228
Fixes #1782
2016-03-28 19:55:33 +02:00
Miroslav Stampar
d7cdb6cbd8
Minor update
2016-02-06 20:16:33 +01:00
Miroslav Stampar
62f94f6587
Adding comments (Issue #1681 )
2016-01-26 07:52:25 +01:00
Miroslav Stampar
574b3a79aa
Adding support for detection of CloudFlare responses
2016-01-21 10:16:23 +01:00
Miroslav Stampar
59695af101
Minor improvement of heuristic checks
2016-01-14 22:21:47 +01:00
Miroslav Stampar
bdcf3fffba
Minor update related to the last (error results in OR boolean-based blind should not be the same as True to be able to do proper comparison)
2016-01-14 13:40:50 +01:00
Miroslav Stampar
c7ef9429ae
Minor check for problematic injections
2016-01-14 13:16:44 +01:00
Miroslav Stampar
4c1fc095d8
Adding heuristic check for FI vulnerability
2016-01-14 09:59:13 +01:00
Miroslav Stampar
a8c6c6fca1
Minor update related to the last one
2016-01-13 23:47:34 +01:00
Miroslav Stampar
4e29e1b351
Fixing wrong commit #4f939b5719716dfe9bd085c4f67696bc11064edd
2016-01-13 23:34:42 +01:00
Miroslav Stampar
8362bdcf66
Fix for screw up made by #52dd92748a50bcee4fb979ea49185840ff6743b9
2016-01-13 23:16:27 +01:00
Miroslav Stampar
eb989469f3
Minor just in case update
2016-01-12 10:27:04 +01:00
Miroslav Stampar
48ac2101f2
Using only once the dummy checkWaf payload
2016-01-08 23:23:41 +01:00
Miroslav Stampar
d0d676ccce
Update of copyright string
2016-01-06 00:06:12 +01:00
Miroslav Stampar
c6d4217495
Minor update (just in case)
2015-12-03 02:08:59 +01:00
Miroslav Stampar
d41cd53d31
Minor style fix (distinguish form from URL testing when --forms --crawl combo used)
2015-10-28 14:03:21 +01:00
Miroslav Stampar
78bbf5d63c
Fixes #1451
2015-10-06 14:17:35 +02:00
Miroslav Stampar
53de0e8949
Implements #1442
2015-10-01 11:57:33 +02:00
Miroslav Stampar
81caf14b6d
Adding switch --skip-waf
2015-09-21 14:57:44 +02:00
Miroslav Stampar
e81e474646
Minor adjustment
2015-09-21 14:46:34 +02:00
Miroslav Stampar
56f0b811a6
Minor patch
2015-09-21 13:23:56 +02:00
Miroslav Stampar
c05c0ff435
Minor patch with imports
2015-09-10 15:55:49 +02:00
Miroslav Stampar
f494004f44
Switching to the getSafeExString (where it can be used)
2015-09-10 15:51:33 +02:00
Miroslav Stampar
c1f829d131
Removing last remnants of bad handling the exceptions as strings
2015-09-08 11:15:31 +02:00
Miroslav Stampar
e623ee66ad
Better approach for #1320
2015-07-30 23:29:31 +02:00
Miroslav Stampar
58002c5057
Minor cosmetics
2015-07-23 09:55:59 +02:00
Miroslav Stampar
21e8182ac6
Fixes #1305
2015-07-18 17:01:34 +02:00
Miroslav Stampar
00f190fc92
Fixes #1303
2015-07-17 10:14:35 +02:00
Miroslav Stampar
16f8e4c8ba
Removing unused imports
2015-07-12 12:25:02 +02:00
Miroslav Stampar
10f8c6a0b6
Introducing --offline switch (to perform session only lookups)
2015-07-10 16:10:24 +02:00
Miroslav Stampar
9bdbdc136f
Minor cosmetics update
2015-07-10 11:33:12 +02:00
Miroslav Stampar
0ba264bfa0
Minor patch
2015-07-10 09:51:11 +02:00
Miroslav Stampar
4baaa4a5ad
Minor improvement
2015-07-10 09:24:14 +02:00
Miroslav Stampar
9ff115ce71
Minor patch
2015-07-10 01:33:53 +02:00
Miroslav Stampar
02470ea683
Further decreasing number of testing payloads
2015-07-10 01:19:46 +02:00
Miroslav Stampar
48b627f3ff
Prevent double tests (e.g. in same final tests where suffix is cut by the comment)
2015-07-10 00:54:02 +02:00
Miroslav Stampar
ca2f63c672
Test speed up in case of boolean based blind
2015-07-10 00:37:59 +02:00
Miroslav Stampar
96327b6701
Fixes #1290
2015-07-05 01:47:01 +02:00
Miroslav Stampar
1f71d809d4
Fixes #1288
2015-07-03 08:55:33 +02:00
Miroslav Stampar
08caca387b
Minor patch of automatic WAF heuristic check
2015-05-29 16:01:41 +02:00
Miroslav Stampar
17bfda1b9c
Adding new switch ('--skip-static')
2015-05-18 20:57:15 +02:00
Miroslav Stampar
7587528ebd
Fixes #1202
2015-03-26 11:40:19 +01:00
Miroslav Stampar
adc8ac267d
Fixes #1190
2015-03-10 09:23:26 +01:00
Bernardo Damele
8281fe48e5
bug fix: test for boundaries with high levels if the test was extended
2015-03-01 11:02:05 +00:00
Bernardo Damele
2f08c8b666
bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup
2015-02-27 13:57:28 +00:00
Bernardo Damele
475cc8b24b
trivial code cleanup
2015-02-21 13:12:30 +00:00
Bernardo Damele
d235ee375b
code cleanup
2015-02-21 12:59:44 +00:00
Bernardo Damele
52dd92748a
rework some of the logic of the detection phase based on identified DBMS along the way
2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719
avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables
2015-02-20 18:36:34 +00:00
Bernardo Damele
214b9360e9
Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup
2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5
trivial code cleanup
2015-02-20 15:42:28 +00:00
Bernardo Damele
201b605f9b
Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already
2015-02-20 10:21:44 +00:00
Bernardo Damele
e17d212c23
bug fix introduced with 863d5a6281
2015-02-15 20:07:52 +00:00
Bernardo Damele
863d5a6281
--test-filter now ignores values of --risk and --level
2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427
Closes #1163
2015-02-13 10:59:03 +01:00
Miroslav Stampar
2e9bf47703
Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145 )
2015-01-30 22:12:35 +01:00
Miroslav Stampar
b7cfaa6ca5
Minor style update
2015-01-22 08:55:37 +01:00
Miroslav Stampar
a603002acd
Adding a choice to automatically turn on --identify-waf if protection has been detected
2015-01-20 09:38:18 +01:00
Miroslav Stampar
0c4d63fb00
Bug fix (reported by user over ML)
2015-01-08 09:00:21 +01:00
Miroslav Stampar
45bdefd29b
Update of copyright
2015-01-06 15:02:16 +01:00
Miroslav Stampar
6fc41ca940
Heuristically checking for WAF/IDS/IPS by default
2015-01-06 14:01:47 +01:00
Miroslav Stampar
beffe85d6c
Patch for an Issue #1085
2015-01-03 22:30:21 +01:00
Miroslav Stampar
e6de92ce88
Minor patch (unicode related)
2014-12-15 13:36:08 +01:00
Miroslav Stampar
1e06e7c386
Adding a debug message during name resolution
2014-12-11 13:29:26 +01:00
Miroslav Stampar
a7b21a2f62
Rerun advice update
2014-12-09 09:02:06 +01:00
Miroslav Stampar
034fae0f47
Patch for an Issue #992
2014-12-05 11:24:43 +01:00
Miroslav Stampar
9b32e69f26
Adding new WAF script (UrlScan)
2014-12-04 10:06:15 +01:00
Miroslav Stampar
5c182a0ec4
Update for an Issue #431
2014-11-21 11:33:57 +01:00
Miroslav Stampar
f0802c6fb9
Update for an Issue #431
2014-11-21 11:20:54 +01:00
Miroslav Stampar
cf2d5fd453
Update for an Issue #431
2014-11-21 09:41:49 +01:00
Miroslav Stampar
05d5342f20
Update and patch for an Issue #2
2014-11-17 11:50:05 +01:00
Miroslav Stampar
fc1b05bec9
Implementation for an Issue #2
2014-10-23 11:23:53 +02:00
Miroslav Stampar
34aed7cde0
Bug fix (now it's possible to use multiple parsed requests without mixing associated headers)
2014-10-22 13:49:29 +02:00
Miroslav Stampar
c6a8feea8a
Fix for an Issue #831
2014-10-07 12:00:11 +02:00
Miroslav Stampar
f67a38dba9
Minor adjustment
2014-10-01 13:42:10 +02:00
Miroslav Stampar
a9454fbb43
Minor commit related to the last one (bypassing DBMS error trimming problem)
2014-10-01 13:35:20 +02:00
Miroslav Stampar
8c9014c39f
Adding a dummy (auxiliary) XSS check
2014-10-01 13:31:48 +02:00
Miroslav Stampar
bfc8ab0e35
Language update
2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b
Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)
2014-09-08 14:33:13 +02:00
Miroslav Stampar
20ff402103
Minor patch
2014-08-30 22:04:55 +02:00
Miroslav Stampar
dc2ee8bfa0
Minor update
2014-08-30 21:53:09 +02:00
Miroslav Stampar
1a9a331422
Bug fix (proper extending of tests when dbms is known)
2014-08-30 21:34:23 +02:00
Miroslav Stampar
834f8e18c8
Minor patch for an Issue #802
2014-08-28 00:45:57 +02:00
Miroslav Stampar
b77d8d617b
Minor patch for an Issue #800
2014-08-28 00:31:49 +02:00
Miroslav Stampar
7828f61642
Minor style update
2014-08-20 13:35:41 +02:00
Miroslav Stampar
6795b51c7e
Another minor update
2014-08-20 01:59:30 +02:00
Miroslav Stampar
d08c1b7c04
Minor update
2014-08-20 01:45:42 +02:00
Miroslav Stampar
ebc964267f
Better reporting on filtered-chars cases
2014-08-20 01:11:26 +02:00
Miroslav Stampar
b31e141012
Fix for an Issue #772
2014-07-29 14:37:48 +02:00
Miroslav Stampar
0eb5fb1e5a
Update for an Issue #757
2014-07-19 23:02:14 +02:00
Miroslav Stampar
2a88436417
Patch for an Issue #724
2014-06-16 09:51:24 +02:00
Miroslav Stampar
cb0044b2c4
Minor beauty patch
2014-04-07 20:28:17 +02:00
Miroslav Stampar
9456dc68e7
Minor patch
2014-04-06 17:24:27 +02:00
Miroslav Stampar
cf250a0381
Minor patch (it would go boom if special character was inside the --param-del)
2014-04-06 17:02:32 +02:00
Miroslav Stampar
0ae8ac707e
Renaming conf.pDel to conf.paramDel
2014-04-06 16:48:46 +02:00
Miroslav Stampar
106102bd3c
Fix for an Issue #648
2014-03-21 20:28:29 +01:00
Miroslav Stampar
3b47418a1d
Fix for an Issue #640
2014-03-14 22:20:20 +01:00
Miroslav Stampar
2ffdee5733
Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed)
2014-02-26 11:41:48 +01:00
Miroslav Stampar
edc8ef9d5b
Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used)
2014-02-25 13:48:34 +01:00
Miroslav Stampar
2a423d61ef
Raising number of requests for false positive testing in case of higher levels
2014-02-23 19:40:01 +01:00
Miroslav Stampar
fe0ff6e679
Changing 'is injectable' to 'seems to be injectable' for boolean and time-based blind injection cases - for false positive cases
2014-02-09 17:50:16 +01:00
Miroslav Stampar
f97fcb7bb3
Adding a switch --invalid-string
2014-01-23 21:56:06 +01:00
Miroslav Stampar
f88f6dcd7e
Changing --invalid-bignum from float producing to int producing
2014-01-23 09:07:25 +01:00
Bernardo Damele
43a4e85749
updated copyright
2014-01-13 17:24:49 +00:00
Miroslav Stampar
6c80f2903b
Patch for an Issue #564
2013-12-27 11:02:59 +01:00
Miroslav Stampar
bf3fbb0ae0
Ignore Google analytics cookies
2013-12-04 09:56:37 +01:00
Miroslav Stampar
7ed05f01b3
Minor update
2013-10-27 00:24:57 +02:00
Miroslav Stampar
334c698d53
Adding change verbosity level in testing phase when Ctrl+C pressed
2013-10-17 16:54:53 +02:00
Moshe Kaplan
8cd641a2a6
minor typos corrected
...
"choosen" -> "chosen"
2013-10-15 13:26:24 -04:00
Miroslav Stampar
2dc570d7a8
Minor patch (for ORDER BY 'col' cases)
2013-10-10 23:08:20 +02:00
Miroslav Stampar
369006ca73
Bug fix
2013-10-07 12:54:25 +02:00
Miroslav Stampar
0cf2bdeb1c
Minor language update
2013-08-22 11:11:30 +02:00
Miroslav Stampar
38ee95e2c9
Minor language update
2013-08-13 18:58:24 +02:00
Miroslav Stampar
52a71546d0
Implementation for an Issue #507
2013-08-13 18:55:23 +02:00
Miroslav Stampar
941b2387c0
Minor fix
2013-07-31 09:22:45 +02:00
Miroslav Stampar
b921ff0729
Fix for an Issue #495
2013-07-27 11:20:43 +02:00
stamparm
e6f71c2130
Making 10% less requests in futile higher level/risk runs (using static template payloads for where==NEGATIVE)
2013-07-15 16:24:49 +02:00
stamparm
c9d3974205
Minor fix (templatePayload had duplicate string patterns for where==NEGATIVE)
2013-07-15 13:54:02 +02:00
stamparm
ac2d40e259
Revert of last commit (there is a chance that that big integer value is really valid :)
2013-07-15 13:34:38 +02:00
stamparm
a097ee1505
Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant)
2013-07-15 13:31:56 +02:00
stamparm
d7c0805e7c
Removing leftover
2013-07-08 12:45:02 +02:00
stamparm
a548eb5c70
Minor text update
2013-07-08 12:44:14 +02:00
stamparm
d0e79a4d15
Minor text update
2013-07-08 12:38:36 +02:00
stamparm
a530817727
Minor typo fix
2013-07-08 11:52:46 +02:00
stamparm
8d3435ab0b
Removing reflective warning for parsing heuristic test
2013-07-08 11:48:33 +02:00
stamparm
04046f38eb
Minor update (Issue #475 )
2013-07-01 12:26:57 +02:00
stamparm
f7d15cb465
Official naming is HSQLDB (and/or HyperSQL)
2013-07-01 11:57:47 +02:00
Miroslav Stampar
aeb83ba651
Merge pull request #475 from Meatballs1/hsql_clean
...
HSQL Payloads and Query Support
2013-07-01 02:38:04 -07:00
stamparm
fd5b665f7d
Removing arithmetic operations from false positive checking to minimize affect of character filtering ('>' and '=' have to stay because those are minimal requirements)
2013-06-26 10:55:34 +02:00
Meatballs
62000c6406
Remaining files
2013-06-24 14:42:58 +01:00
stamparm
690645f6c7
Cosmetic fix
2013-06-19 10:50:00 +02:00
stamparm
f4ca4cd6c5
Minor update
2013-05-29 15:49:09 +02:00
Miroslav Stampar
d3ad408a21
Minor cosmetics
2013-05-19 22:17:53 +02:00
Miroslav Stampar
980a0e3adb
Trivial update
2013-05-18 21:00:53 +02:00
Miroslav Stampar
1ff98c2ff9
Another minor text update
2013-05-18 21:00:11 +02:00
Miroslav Stampar
967513e1bb
Minor message update
2013-05-18 20:59:23 +02:00
Miroslav Stampar
caa4ee96cd
Minor cosmetic update
2013-05-18 18:28:44 +02:00
Miroslav Stampar
6608410320
Adding a question after WAF has been identified
2013-05-18 18:26:40 +02:00
stamparm
03732d2592
Minor fix
2013-05-17 16:04:05 +02:00
stamparm
76b4e1ccb9
Implementation for an Issue #450
2013-05-17 15:04:25 +02:00
stamparm
f1f34a65a2
Minor update
2013-05-15 13:38:26 +02:00
Miroslav Stampar
034e123b0c
Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent)
2013-05-12 16:24:13 +02:00
Miroslav Stampar
840ee26a14
If SQLAlchemy is available and it has problems while connecting then it should be smarter to not force the other (standard) method - if available
2013-04-15 18:42:26 +02:00
stamparm
1c2197e8de
Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends)
2013-04-15 16:18:40 +02:00
stamparm
a3d36fcb73
Minor update
2013-04-15 16:07:27 +02:00
stamparm
aed738d6e6
Update for an Issue #361
2013-04-15 14:20:21 +02:00
stamparm
3e65037a05
Introducing lib/utils/sqlalchemy.py (Issue #361 )
2013-04-15 10:33:25 +02:00
stamparm
661b44135d
Minor bug fix
2013-04-10 11:59:07 +02:00
stamparm
8c9da95343
Style and consistency update (url -> URL)
2013-04-09 11:48:42 +02:00
Miroslav Stampar
153aa10b77
Minor cosmetic update
2013-04-03 19:00:54 +02:00
stamparm
5dd2529b02
Minor language update
2013-03-26 14:18:37 +01:00
stamparm
4d2b77dde3
Minor language update
2013-03-26 14:15:40 +01:00
stamparm
3f8dafedae
Minor text update
2013-03-26 14:08:35 +01:00
stamparm
7447773237
Update for consistency (all other enums are using _ in between words)
2013-03-20 11:10:24 +01:00
Miroslav Stampar
8acf033715
Code refactoring
2013-03-19 19:24:14 +01:00
Miroslav Stampar
a3d9a7b1ff
Minor fix
2013-03-19 19:06:51 +01:00
Martin Bjerregaard Jepsen
d7a77c79ad
Fixed incorrect call to checkBooleanExpression when testing for false positives
2013-03-01 22:51:34 +01:00
stamparm
3a3f9c5ea1
Trivial commit related to the last one
2013-03-01 12:09:03 +01:00
stamparm
440b484bf6
Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)
2013-03-01 10:59:04 +01:00
Miroslav Stampar
e42350ddce
Minor style update
2013-02-28 20:28:34 +01:00
Miroslav Stampar
0e89cc62a2
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
2013-02-28 20:20:08 +01:00
stamparm
af4762ace2
Minor style update
2013-02-26 11:16:09 +01:00
stamparm
f6b43b4b13
Minor update for an Issue #290
2013-02-26 11:08:06 +01:00