Miroslav Stampar
|
d211def899
|
minor adjustment (accepting strange new looking uri formats)
|
2011-02-04 10:55:03 +00:00 |
|
Miroslav Stampar
|
e4933f0c92
|
refactoring
|
2011-02-03 23:25:56 +00:00 |
|
Miroslav Stampar
|
9a1a28c804
|
adding comments to filtering function
|
2011-02-03 23:09:08 +00:00 |
|
Miroslav Stampar
|
e5f54644f0
|
minor "statistical" update
|
2011-02-03 16:59:49 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Miroslav Stampar
|
1b9850b73a
|
revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )
|
2011-02-03 12:21:29 +00:00 |
|
Miroslav Stampar
|
5edba2ffbc
|
minor change (conf.updateAll to conf.update)
|
2011-02-03 11:13:39 +00:00 |
|
Miroslav Stampar
|
5f49e20cc8
|
adding --random-agent and removing -a
|
2011-02-02 14:51:12 +00:00 |
|
Miroslav Stampar
|
2dae57a56d
|
cosmetics
|
2011-02-02 14:35:21 +00:00 |
|
Miroslav Stampar
|
6c87bd1c63
|
added maskSensitiveData function
|
2011-02-02 14:25:16 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Miroslav Stampar
|
d6c9515f78
|
minor update
|
2011-02-02 13:03:24 +00:00 |
|
Miroslav Stampar
|
e73a147fb5
|
minor update
|
2011-02-02 11:49:59 +00:00 |
|
Miroslav Stampar
|
e33428b833
|
adding __findUnionCharCount function
|
2011-02-02 11:22:35 +00:00 |
|
Miroslav Stampar
|
99aa38b58f
|
minor refactoring
|
2011-02-02 10:10:28 +00:00 |
|
Miroslav Stampar
|
23c95107ed
|
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
|
2011-02-02 09:24:37 +00:00 |
|
Miroslav Stampar
|
af99105c27
|
lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)
|
2011-02-01 22:45:38 +00:00 |
|
Bernardo Damele
|
2619e4895f
|
Properly handle --technique at save/resume phase
|
2011-02-01 22:05:48 +00:00 |
|
Bernardo Damele
|
3d966bd569
|
You never know..
|
2011-02-01 22:05:12 +00:00 |
|
Miroslav Stampar
|
705d45f4db
|
minor cosmetics
|
2011-02-01 11:10:23 +00:00 |
|
Miroslav Stampar
|
196e2d35b2
|
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
|
2011-02-01 11:06:56 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
25c175a9a5
|
minor bug fix
|
2011-01-31 22:34:57 +00:00 |
|
Bernardo Damele
|
b04e1a0313
|
More detailed message for unhandled exception
|
2011-01-31 21:23:40 +00:00 |
|
Bernardo Damele
|
ec9ebb3479
|
Set threads to 4 when optimization switch is provided, -o
|
2011-01-31 21:21:13 +00:00 |
|
Bernardo Damele
|
8397c526d8
|
Minor adjustment
|
2011-01-31 21:20:23 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Miroslav Stampar
|
60a2364f2b
|
now union technique parses headers too
|
2011-01-31 12:41:39 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Miroslav Stampar
|
fb3513650d
|
adding ID properties
|
2011-01-31 11:41:28 +00:00 |
|
Miroslav Stampar
|
f9eac97fe8
|
refactoring of MSSQL XML banner parsing
|
2011-01-31 11:38:00 +00:00 |
|
Miroslav Stampar
|
7175efcae1
|
another minor cosmetic update
|
2011-01-31 10:59:51 +00:00 |
|
Miroslav Stampar
|
97328c3104
|
minor fix
|
2011-01-31 10:54:13 +00:00 |
|
Miroslav Stampar
|
5e768be509
|
minor bug fix
|
2011-01-31 09:34:54 +00:00 |
|
Miroslav Stampar
|
f7feebe0df
|
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
|
2011-01-31 09:28:16 +00:00 |
|
Miroslav Stampar
|
fc9c626f9e
|
minor refactoring (removed URL_ENCODE_PAYLOAD)
|
2011-01-30 17:03:06 +00:00 |
|
Bernardo Damele
|
21e7223779
|
perhaps this is better english
|
2011-01-30 16:34:13 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
ddd296030d
|
added some more info to unhandled exception message(s)
|
2011-01-28 16:15:45 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
81722b6881
|
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
|
2011-01-27 18:36:28 +00:00 |
|
Miroslav Stampar
|
03413bd5e0
|
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
|
2011-01-27 16:55:58 +00:00 |
|
Miroslav Stampar
|
bb6e36fb02
|
minor updates
|
2011-01-27 12:38:39 +00:00 |
|
Miroslav Stampar
|
6cc69f5e16
|
now --technique is appliable also after the injections have been identified
|
2011-01-24 16:47:24 +00:00 |
|
Miroslav Stampar
|
81011be0d7
|
minor update of parseTargetUrl method
|
2011-01-24 14:52:50 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
4441e11f68
|
fix for case -r with no params and cookie available
|
2011-01-24 11:26:51 +00:00 |
|