712 Commits

Author	SHA1	Message	Date
Miroslav Stampar	c83e9f6ca5	foundation for filtering binary string values (for example, replacement of non readable chars with #)	2011-01-04 21:56:37 +00:00
Miroslav Stampar	aa81ed4033	implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)	2011-01-04 15:49:20 +00:00
Miroslav Stampar	fdc463d08b	fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)	2011-01-03 23:36:35 +00:00
Miroslav Stampar	0eabca9fd4	update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)	2011-01-03 22:31:29 +00:00
Miroslav Stampar	08ccbf2c1e	important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)	2011-01-03 22:02:58 +00:00
Miroslav Stampar	92e4cdb241	raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic	2011-01-03 14:21:41 +00:00
Miroslav Stampar	d19a8d53e4	minor update	2011-01-03 08:46:20 +00:00
Miroslav Stampar	8625494ff2	added one new quick check for multiple target(s) mode	2011-01-03 08:32:06 +00:00
Miroslav Stampar	5f9b6b2254	code refactoring	2011-01-02 16:51:21 +00:00
Miroslav Stampar	f762f32de8	bug fix for proper --parse-errors on .aspx pages	2011-01-02 13:00:04 +00:00
Miroslav Stampar	dce9a762f1	important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode	2011-01-02 10:37:32 +00:00
Miroslav Stampar	6651ba05eb	another fix (OS was set to None at all previous sessions if there was no explicit OS testing done)	2011-01-02 08:08:38 +00:00
Miroslav Stampar	da138c46c1	added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)	2011-01-02 07:37:47 +00:00
Miroslav Stampar	428e817a32	some refactoring	2011-01-01 23:57:27 +00:00
Miroslav Stampar	212035e64d	user can now choose if he wants to skip non-heuristic based DBMS tests	2011-01-01 23:38:11 +00:00
Miroslav Stampar	0e815177c8	minor update	2011-01-01 19:07:40 +00:00
Miroslav Stampar	613242e298	bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)	2010-12-29 19:48:19 +00:00
Miroslav Stampar	8f32c740ff	code refactoring	2010-12-29 19:39:32 +00:00
Miroslav Stampar	93838fb155	"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)	2010-12-28 14:40:34 +00:00
Miroslav Stampar	9fb0e0fc85	resume of brute forced data is now available	2010-12-27 14:17:20 +00:00
Miroslav Stampar	51a492e17d	pretty important commit (now dumped tables are prone to dictionary attack)	2010-12-27 10:56:28 +00:00
Miroslav Stampar	269d6bde24	this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)	2010-12-27 00:14:29 +00:00
Miroslav Stampar	89c2640d23	basic --search now works with MS Access	2010-12-26 23:50:16 +00:00
Miroslav Stampar	ceeb6374e8	bug fix (TypeError: object of type 'NoneType' has no len())	2010-12-26 13:27:24 +00:00
Miroslav Stampar	569e060aab	important improvement	2010-12-26 13:20:52 +00:00
Miroslav Stampar	a555d1ad68	minor improvement	2010-12-26 11:15:02 +00:00
Miroslav Stampar	562a6440d1	fix for a bug reported by nightman (same as http://bugs.python.org/issue8797)	2010-12-26 09:33:04 +00:00
Miroslav Stampar	b472b96f92	bug fix, refactoring and improved extractErrorMessage capabilities	2010-12-25 10:16:20 +00:00
Miroslav Stampar	2c23a59ba5	fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)	2010-12-24 12:13:48 +00:00
Miroslav Stampar	aab14fa2d3	minor refactoring/cosmetics	2010-12-24 11:06:57 +00:00
Miroslav Stampar	23dc408901	prioritization of tests based on DBMS error messages and some comments in common.py	2010-12-24 10:55:41 +00:00
Miroslav Stampar	d9f08e4aa3	randomization of user agents	2010-12-24 10:04:27 +00:00
Miroslav Stampar	d5eebb1cbf	fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6	2010-12-24 09:49:19 +00:00
Miroslav Stampar	017ea9e686	update	2010-12-23 14:06:22 +00:00
Miroslav Stampar	73f33c1999	bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)	2010-12-23 11:28:13 +00:00
Miroslav Stampar	7c06dbffc3	bug fix (AttributeError: 'unicode' object has no attribute 'sort')	2010-12-22 18:55:50 +00:00
Bernardo Damele	c1f2534e9a	More bug fixes to properly distinguish between full inband and single-entry inband sql injections	2010-12-22 15:47:52 +00:00
Miroslav Stampar	8212b7b745	bug fix	2010-12-22 12:16:04 +00:00
Miroslav Stampar	5be9c04e44	update regarding Sybase syntax	2010-12-22 10:39:56 +00:00
Miroslav Stampar	d974a966b8	minor fix for end phase (Ctrl+C)	2010-12-21 23:55:55 +00:00
Miroslav Stampar	fb75d0636b	minor update	2010-12-21 23:42:59 +00:00
Miroslav Stampar	09479c85dc	minor bug fix	2010-12-21 22:35:44 +00:00
Miroslav Stampar	7a525f28d4	cosmetics	2010-12-21 15:26:23 +00:00
Miroslav Stampar	b2e7f9484d	minor tuning (2 techniques MAX per value used)	2010-12-21 15:24:14 +00:00
Miroslav Stampar	6c1133c4d4	some code refactoring	2010-12-21 15:13:13 +00:00
Miroslav Stampar	385e208f38	code refactoring regarding standard output suppression and some threading issues	2010-12-21 14:21:24 +00:00
Bernardo Damele	aca074b769	Removed unused outdated code	2010-12-21 10:49:52 +00:00
Miroslav Stampar	6b37ddada4	removed some blank trailing spaces (with extra/shutils/blanks.sh)	2010-12-21 10:31:56 +00:00
Bernardo Damele	1a3f57e5fe	Cosmetics	2010-12-21 09:23:00 +00:00
Miroslav Stampar	116c141dfa	another fix	2010-12-21 00:47:07 +00:00