Miroslav Stampar
|
1fc4d0e3c4
|
Update for an Issue #431
|
2014-11-21 10:31:55 +01:00 |
|
Miroslav Stampar
|
cf2d5fd453
|
Update for an Issue #431
|
2014-11-21 09:41:49 +01:00 |
|
Miroslav Stampar
|
05d5342f20
|
Update and patch for an Issue #2
|
2014-11-17 11:50:05 +01:00 |
|
Miroslav Stampar
|
71c43be53a
|
Patch for an Issue #901
|
2014-11-05 10:03:19 +01:00 |
|
Miroslav Stampar
|
49d3860b1f
|
Minor fix
|
2014-10-31 20:22:15 +01:00 |
|
Miroslav Stampar
|
df73be32f1
|
Fix for an Issue #876
|
2014-10-28 14:41:21 +01:00 |
|
Miroslav Stampar
|
3b3b8d4ef2
|
Potential bug fix (escaping formatted regular expressions)
|
2014-10-28 14:02:55 +01:00 |
|
Miroslav Stampar
|
6448d3caf4
|
Implementing support for csrfcookie (Issue #2)
|
2014-10-24 09:37:51 +02:00 |
|
Miroslav Stampar
|
5e31229d48
|
Minor cosmetic update
|
2014-10-23 15:18:22 +02:00 |
|
Miroslav Stampar
|
abbd352392
|
Support for X-CSRF-TOKEN header (Issue #2)
|
2014-10-23 14:33:22 +02:00 |
|
Miroslav Stampar
|
fc1b05bec9
|
Implementation for an Issue #2
|
2014-10-23 11:23:53 +02:00 |
|
Miroslav Stampar
|
2f18df345e
|
Minor patch
|
2014-10-22 13:41:36 +02:00 |
|
Miroslav Stampar
|
1e636fb925
|
Minor patch regarding Issue #840
|
2014-09-28 13:38:09 +02:00 |
|
Miroslav Stampar
|
767c278a0f
|
Fix for an Issue #838
|
2014-09-26 17:00:50 +02:00 |
|
Miroslav Stampar
|
bfc8ab0e35
|
Language update
|
2014-09-08 14:48:31 +02:00 |
|
Miroslav Stampar
|
53d0d5bf8b
|
Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)
|
2014-09-08 14:33:13 +02:00 |
|
Miroslav Stampar
|
bbf0be1f8d
|
Bug fix (Issue #813)
|
2014-09-03 22:09:12 +02:00 |
|
Miroslav Stampar
|
0296081692
|
Minor refactoring
|
2014-08-20 23:42:40 +02:00 |
|
Miroslav Stampar
|
b4fbb9cafe
|
Minor upgrade
|
2014-08-20 13:52:48 +02:00 |
|
Miroslav Stampar
|
6caccc3d93
|
Bug fix for ultra-slow processing of binary data
|
2014-08-20 01:38:01 +02:00 |
|
Miroslav Stampar
|
32af0b17b0
|
Update for an Issue #760
|
2014-07-10 08:49:20 +02:00 |
|
Miroslav Stampar
|
2a88436417
|
Patch for an Issue #724
|
2014-06-16 09:51:24 +02:00 |
|
Miroslav Stampar
|
2e96e3c924
|
Adding a hidden switch --ignore-401
|
2014-04-29 23:26:45 +02:00 |
|
Miroslav Stampar
|
bf18b025d6
|
Minor removal of redundant code
|
2014-04-06 18:09:54 +02:00 |
|
Miroslav Stampar
|
7cc4159316
|
Renaming conf.cDel to conf.cookieDel
|
2014-04-06 16:50:58 +02:00 |
|
Miroslav Stampar
|
0ae8ac707e
|
Renaming conf.pDel to conf.paramDel
|
2014-04-06 16:48:46 +02:00 |
|
Miroslav Stampar
|
e8c1c90f2e
|
Whitespace was being double encoded in case of spaceplus (' '->%2B)
|
2014-03-25 22:02:14 +01:00 |
|
Miroslav Stampar
|
106102bd3c
|
Fix for an Issue #648
|
2014-03-21 20:28:29 +01:00 |
|
Miroslav Stampar
|
f1f53a5841
|
Minor cosmetic update
|
2014-03-06 21:08:31 +01:00 |
|
Miroslav Stampar
|
cc62a8adc9
|
Bug fix for JSON-like data (proper escaping of quotes)
|
2014-02-26 09:30:37 +01:00 |
|
Miroslav Stampar
|
6369a38ebc
|
Adding support for JSON-like data with single quote
|
2014-02-26 08:56:17 +01:00 |
|
Bernardo Damele
|
43a4e85749
|
updated copyright
|
2014-01-13 17:24:49 +00:00 |
|
Miroslav Stampar
|
b0ca34ff27
|
Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None)
|
2013-12-04 10:09:54 +01:00 |
|
Miroslav Stampar
|
344d3f4b5f
|
Minor patch
|
2013-10-12 21:05:18 +02:00 |
|
Miroslav Stampar
|
81409ce6da
|
Minor patch
|
2013-09-02 10:54:32 +02:00 |
|
Miroslav Stampar
|
dd39913cf6
|
Improvement for an --eval mechanism
|
2013-08-31 00:28:51 +02:00 |
|
Miroslav Stampar
|
3a57af1452
|
Minor fix
|
2013-08-30 15:26:03 +02:00 |
|
Miroslav Stampar
|
88b992ad83
|
Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly)
|
2013-08-23 11:54:08 +02:00 |
|
Miroslav Stampar
|
23f2c5f166
|
Finishing implementation for an Issue #58
|
2013-08-20 19:35:49 +02:00 |
|
Miroslav Stampar
|
4929cff0c0
|
Minor update
|
2013-08-13 06:42:49 +02:00 |
|
Miroslav Stampar
|
b2855e0281
|
Minor patch
|
2013-08-12 14:25:51 +02:00 |
|
Miroslav Stampar
|
a711c9ed36
|
Minor cleanup and initial work for #58
|
2013-08-09 14:13:48 +02:00 |
|
Miroslav Stampar
|
6b826ef64d
|
Reintroducing option --cookie-del
|
2013-07-31 20:41:19 +02:00 |
|
Miroslav Stampar
|
ca44b23d20
|
Implementation for --eval to support cookies
|
2013-07-31 17:29:16 +02:00 |
|
Miroslav Stampar
|
eaacbe0b12
|
Minor language fix
|
2013-07-31 09:24:34 +02:00 |
|
Miroslav Stampar
|
f185e5cdd5
|
Fix for an Issue #463
|
2013-06-10 22:26:34 +02:00 |
|
Miroslav Stampar
|
6f49b96a2d
|
Fix for an Issue #462
|
2013-06-10 12:20:58 +02:00 |
|
Miroslav Stampar
|
39612b5d87
|
Fix for an Issue #457
|
2013-06-04 23:46:39 +02:00 |
|
Miroslav Stampar
|
3e0f747fad
|
Minor fix
|
2013-06-04 00:05:25 +02:00 |
|
Miroslav Stampar
|
edc9da1226
|
Minor refactoring
|
2013-06-03 15:14:56 +02:00 |
|
stamparm
|
659c0bb418
|
Minor fix
|
2013-05-27 10:38:47 +02:00 |
|
Miroslav Stampar
|
ea5c742595
|
Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled)
|
2013-05-18 21:30:21 +02:00 |
|
stamparm
|
03732d2592
|
Minor fix
|
2013-05-17 16:04:05 +02:00 |
|
stamparm
|
76b4e1ccb9
|
Implementation for an Issue #450
|
2013-05-17 15:04:25 +02:00 |
|
stamparm
|
09e7f4f697
|
Minor bug fix regarding traffic logging of redirected requests
|
2013-04-30 17:46:26 +02:00 |
|
stamparm
|
e3a02f56e6
|
Just in case for --force-ssl (if url is returned in e.g. refresh toward the target)
|
2013-04-24 12:35:39 +02:00 |
|
stamparm
|
6fed1921ed
|
Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy)
|
2013-04-16 14:17:41 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
Miroslav Stampar
|
df4fd82515
|
Minor update
|
2013-04-03 23:27:27 +02:00 |
|
Miroslav Stampar
|
c75a2d0c40
|
Minor patch
|
2013-04-03 21:31:37 +02:00 |
|
stamparm
|
e1ffdde532
|
Little cleaning a mess with url encoding and post hint types
|
2013-03-27 13:39:27 +01:00 |
|
stamparm
|
7accba4cf9
|
Minor update
|
2013-03-26 16:10:41 +01:00 |
|
stamparm
|
7447773237
|
Update for consistency (all other enums are using _ in between words)
|
2013-03-20 11:10:24 +01:00 |
|
Miroslav Stampar
|
8acf033715
|
Code refactoring
|
2013-03-19 19:24:14 +01:00 |
|
stamparm
|
e226006766
|
Trivial fix
|
2013-03-18 13:29:55 +01:00 |
|
stamparm
|
5e02bcbd58
|
Minor adjustment
|
2013-03-18 12:16:16 +01:00 |
|
Miroslav Stampar
|
2f43c3eb9b
|
Minor fix (digest live test case) and some refactoring
|
2013-03-12 21:16:44 +01:00 |
|
Miroslav Stampar
|
84a5bdb9cf
|
Trivial cosmetics
|
2013-03-09 19:41:24 +01:00 |
|
Miroslav Stampar
|
79d6a0e9c9
|
Using binary data in dummy mode
|
2013-03-09 19:40:24 +01:00 |
|
Miroslav Stampar
|
0e89cc62a2
|
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
|
2013-02-28 20:20:08 +01:00 |
|
stamparm
|
69063947b6
|
Debug message should go with logging.DEBUG
|
2013-02-19 09:46:51 +01:00 |
|
Bernardo Damele
|
d7247a51ee
|
do not prompt constantly if the page is not found
|
2013-02-18 18:08:20 +00:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Miroslav Stampar
|
d78a3e977b
|
Update (allowing regular char * to be inside SOAP/JSON/XML)
|
2013-02-13 12:24:42 +01:00 |
|
Miroslav Stampar
|
c34f6e25b2
|
Minor fix for --eval (urldecoded values should be used inside evaluation)
|
2013-02-12 17:01:47 +01:00 |
|
Miroslav Stampar
|
6d942f92b5
|
Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))
|
2013-02-01 10:03:06 +01:00 |
|
Miroslav Stampar
|
f41460f8d8
|
Better naming
|
2013-01-29 20:53:11 +01:00 |
|
Miroslav Stampar
|
a59ac8e27f
|
Trivial cosmetics
|
2013-01-29 16:30:38 +01:00 |
|
Miroslav Stampar
|
479f791112
|
Minor fix
|
2013-01-25 12:41:51 +01:00 |
|
Chris Frohoff
|
218a6a9695
|
fixed response header logging for header names with special chars
|
2013-01-23 11:10:25 -08:00 |
|
Miroslav Stampar
|
bb6b89fe93
|
Patch for an Issue #360
|
2013-01-19 18:06:36 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Miroslav Stampar
|
8480ceddcb
|
Minor style update
|
2013-01-17 19:55:56 +01:00 |
|
Miroslav Stampar
|
f7eda07d92
|
Patch for an Issue #347
|
2013-01-17 15:30:14 +01:00 |
|
Miroslav Stampar
|
fb7243c237
|
Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs
|
2013-01-16 16:04:00 +01:00 |
|
Miroslav Stampar
|
5ee653dd89
|
Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson
|
2013-01-15 10:14:02 +01:00 |
|
Miroslav Stampar
|
03dd958d96
|
Implementation for an Issue #48
|
2013-01-13 16:22:43 +01:00 |
|
Miroslav Stampar
|
934d41dac2
|
Minor style update (PEP8)
|
2013-01-10 15:02:28 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
2b64c10710
|
Patch for an Issue #304
|
2012-12-18 09:36:26 +01:00 |
|
Miroslav Stampar
|
4ea0c9e922
|
Another implementation for an Issue #302
|
2012-12-17 15:08:54 +01:00 |
|
Miroslav Stampar
|
60baf5071e
|
Patch for an Issue #302
|
2012-12-17 00:40:01 +01:00 |
|
Miroslav Stampar
|
013dc8bc98
|
Another minor update for an Issue #267
|
2012-12-10 13:07:36 +01:00 |
|
Miroslav Stampar
|
8bd0080bf4
|
Minor update for an Issue #267
|
2012-12-10 13:05:41 +01:00 |
|
Miroslav Stampar
|
96df0ba061
|
Implemented support for plain , chars too (Issue #267)
|
2012-12-10 12:58:17 +01:00 |
|
Miroslav Stampar
|
d0ea4c65c5
|
Minor styl eupdate for an Issue #267
|
2012-12-10 12:54:01 +01:00 |
|
Miroslav Stampar
|
5606a860ce
|
Oracle supports inline comments too (Issue #267)
|
2012-12-10 12:00:15 +01:00 |
|
Miroslav Stampar
|
a024884ca7
|
Support for a HTTP parameter pollution (Issue #267)
|
2012-12-10 11:55:31 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
b6650add46
|
Introducing 'new style classes' (idea from Pull request #284)
|
2012-12-06 10:42:53 +01:00 |
|
Miroslav Stampar
|
79fca8e9d5
|
Fix for an Issue #268
|
2012-12-03 12:13:59 +01:00 |
|
Miroslav Stampar
|
c40dded28c
|
Fix for an Issue #250
|
2012-11-20 12:10:29 +01:00 |
|
Miroslav Stampar
|
a52dbc575b
|
Patch for an Issue #246
|
2012-11-13 10:21:11 +01:00 |
|
Miroslav Stampar
|
f305dde413
|
Patch for an Issue #235
|
2012-11-10 11:01:29 +01:00 |
|
Miroslav Stampar
|
12fc9442b9
|
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)
|
2012-10-25 10:10:23 +02:00 |
|
Miroslav Stampar
|
b5060c0010
|
Fix for an Issue #205
|
2012-10-16 14:28:46 +02:00 |
|
Miroslav Stampar
|
2cb1b054bb
|
Implementation for an Issue #79
|
2012-10-16 12:32:58 +02:00 |
|
Miroslav Stampar
|
e61c4c22c9
|
Implementation for an Issue #200
|
2012-10-09 15:19:47 +02:00 |
|
Miroslav Stampar
|
5a91b6e622
|
Minor cleanup
|
2012-10-09 10:21:52 +02:00 |
|
Miroslav Stampar
|
ff205f088b
|
Minor update
|
2012-10-07 20:12:55 +02:00 |
|
Miroslav Stampar
|
098e446ca4
|
Adding support for generic XML POST data
|
2012-10-04 18:44:12 +02:00 |
|
Miroslav Stampar
|
f71b937add
|
Minor language cleanup
|
2012-10-04 18:28:36 +02:00 |
|
Miroslav Stampar
|
8865fe69d7
|
Minor cleanup
|
2012-10-04 18:26:07 +02:00 |
|
Miroslav Stampar
|
d464678e10
|
Minor update for an Issue #49
|
2012-10-04 18:01:42 +02:00 |
|
Miroslav Stampar
|
84b05e2d18
|
Better treating of numeric values (Issue #49)
|
2012-10-04 16:08:37 +02:00 |
|
Miroslav Stampar
|
461e5ebc5f
|
Work for Issue #197 and Issue #49
|
2012-10-04 11:25:44 +02:00 |
|
Miroslav Stampar
|
bcbf0571a5
|
Implementation for an Issue #49
|
2012-10-02 14:23:58 +02:00 |
|
Miroslav Stampar
|
763dc98311
|
Minor refactoring
|
2012-10-02 13:36:15 +02:00 |
|
Miroslav Stampar
|
a8aecaa036
|
Minor style update
|
2012-10-02 13:33:10 +02:00 |
|
Miroslav Stampar
|
d175decdfc
|
Fix for an Issue #190
|
2012-09-22 20:59:40 +02:00 |
|
Miroslav Stampar
|
511c3b8dcc
|
Update and fix for an Issue #182
|
2012-09-11 14:58:52 +02:00 |
|
Miroslav Stampar
|
5d23d72ff5
|
Fix for an Issue #176
|
2012-09-08 17:58:03 +02:00 |
|
Miroslav Stampar
|
dbce417cdd
|
Potential fix for an Issue #171
|
2012-09-02 22:48:41 +02:00 |
|
Miroslav Stampar
|
b916db34a4
|
Another update for an Issue #79
|
2012-08-31 12:38:02 +02:00 |
|
Miroslav Stampar
|
47d162f391
|
Minor update (same but cleaner)
|
2012-08-31 12:27:40 +02:00 |
|
Miroslav Stampar
|
7286d89cb6
|
Few fixes for an Issue #79 (problem with case sensitivity of request get_header)
|
2012-08-31 12:15:09 +02:00 |
|
Miroslav Stampar
|
cdd3ed6abc
|
Minor bug fix
|
2012-08-30 14:22:18 +02:00 |
|
Miroslav Stampar
|
d421f9a618
|
Fix for an Issue #157
|
2012-08-21 14:34:19 +02:00 |
|
Miroslav Stampar
|
b9c63eb908
|
Fix for an Issue #156
|
2012-08-21 10:46:29 +02:00 |
|
Miroslav Stampar
|
7a8ace78f9
|
Removing redundant newline char as logger already adds it's own
|
2012-08-21 09:58:40 +02:00 |
|
Miroslav Stampar
|
233b9a3815
|
Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those)
|
2012-08-20 22:17:39 +02:00 |
|
Miroslav Stampar
|
823dde73ab
|
Minor cleanup
|
2012-08-20 11:40:49 +02:00 |
|
Miroslav Stampar
|
76338add17
|
Fix for an Issue #152
|
2012-08-20 10:41:43 +02:00 |
|
Miroslav Stampar
|
fec8a5cc9d
|
Fix for an Issue #139
|
2012-08-07 00:50:58 +02:00 |
|
Miroslav Stampar
|
142fc887f1
|
Fix for an Issue #129
|
2012-07-31 11:03:44 +02:00 |
|
Bernardo Damele
|
92c2b3bd4c
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2012-07-26 23:11:11 +01:00 |
|
Bernardo Damele
|
d492291744
|
working on issue #12
|
2012-07-26 23:11:07 +01:00 |
|
Miroslav Stampar
|
efa99c4519
|
Implementation for an Issue #4
|
2012-07-26 14:07:05 +02:00 |
|
Miroslav Stampar
|
b3552494c4
|
Minor preparation for an Issue #48
|
2012-07-26 12:26:57 +02:00 |
|
Miroslav Stampar
|
63bf99ce77
|
Minor just in case update for an Issue #117
|
2012-07-23 14:46:43 +02:00 |
|
Miroslav Stampar
|
a7d1a0c250
|
Implementation for an Issue #117
|
2012-07-23 14:14:22 +02:00 |
|
Miroslav Stampar
|
534eccc9aa
|
Fix for an Issue #115
|
2012-07-23 10:16:47 +02:00 |
|
Miroslav Stampar
|
f336afa913
|
Implementation for Issue #108
|
2012-07-20 09:48:09 +02:00 |
|
Miroslav Stampar
|
87ecf205cb
|
More work for Issue #66
|
2012-07-14 17:01:04 +02:00 |
|
Miroslav Stampar
|
805120ac52
|
Minor refactoring
|
2012-07-14 11:01:30 +02:00 |
|
Miroslav Stampar
|
3c81f74823
|
Minor style update
|
2012-07-13 12:22:37 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
4ac3794e80
|
minor update
|
2012-06-12 14:22:14 +00:00 |
|
Miroslav Stampar
|
226547b7dc
|
minor fix for --skip-urlencode and custom post
|
2012-05-28 09:04:25 +00:00 |
|
Miroslav Stampar
|
09f2144485
|
full page read is not needed in DNS exfiltration mode
|
2012-05-26 21:28:43 +00:00 |
|
Miroslav Stampar
|
c394610740
|
adding switch --skip-urlencode to skip URL encoding of POST data
|
2012-05-24 23:30:33 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
12d32f58f2
|
fix for that SOAP reported bug
|
2012-05-10 13:39:54 +00:00 |
|
Miroslav Stampar
|
775134639d
|
minor update
|
2012-04-20 20:33:15 +00:00 |
|
Miroslav Stampar
|
6ebb621228
|
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
|
2012-04-17 14:23:00 +00:00 |
|
Miroslav Stampar
|
052d9455fe
|
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
|
2012-04-12 09:44:54 +00:00 |
|
Miroslav Stampar
|
8c6eb4faa9
|
adding support for PgSQL DNS data exfiltration
|
2012-04-07 14:06:11 +00:00 |
|
Miroslav Stampar
|
b2afa87e48
|
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
|
2012-04-06 08:42:36 +00:00 |
|
Miroslav Stampar
|
2223c884e5
|
minor refactoring
|
2012-04-05 12:55:26 +00:00 |
|
Miroslav Stampar
|
e0994947e2
|
minor update
|
2012-04-04 23:37:50 +00:00 |
|
Miroslav Stampar
|
c89a4162e2
|
bug fix for --dns-domain with --technique=TS
|
2012-04-04 18:01:39 +00:00 |
|
Miroslav Stampar
|
637a8d8273
|
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
|
2012-03-29 14:33:27 +00:00 |
|
Miroslav Stampar
|
0fc4288a7c
|
modifying redirection code for only two choices
|
2012-03-18 17:27:08 +00:00 |
|
Bernardo Damele
|
3505503a08
|
no need to return here
|
2012-03-16 17:30:16 +00:00 |
|
Miroslav Stampar
|
577caac4de
|
putting kb.negativeLogic setting to the safe place
|
2012-03-16 09:17:11 +00:00 |
|
Miroslav Stampar
|
209e795369
|
minor just in case update
|
2012-03-16 09:02:17 +00:00 |
|
Miroslav Stampar
|
adb5fff6b2
|
one more update related to the redirection mechanism
|
2012-03-15 20:17:40 +00:00 |
|
Miroslav Stampar
|
ddd92476a8
|
minor fix
|
2012-03-15 15:58:25 +00:00 |
|
Miroslav Stampar
|
8dd570057b
|
minor fix (double traffic log for -t in case of HTTP error)
|
2012-03-15 14:51:16 +00:00 |
|
Miroslav Stampar
|
f7df755f37
|
minor update
|
2012-03-15 12:55:22 +00:00 |
|
Miroslav Stampar
|
a8c9a47092
|
redirect logic rewritten from scratch
|
2012-03-15 11:10:58 +00:00 |
|
Miroslav Stampar
|
52a8b25ff4
|
minor fix
|
2012-03-14 14:31:41 +00:00 |
|
Miroslav Stampar
|
a7fbc55748
|
grammar fix
|
2012-03-13 22:03:23 +00:00 |
|
Miroslav Stampar
|
edfcddd3c3
|
minor fix for logging only cookies used by request (e.g. --load-cookies case)
|
2012-03-13 10:58:15 +00:00 |
|
Miroslav Stampar
|
e6c610abab
|
minor fix
|
2012-03-13 09:14:56 +00:00 |
|
Miroslav Stampar
|
48bcde478e
|
more general update
|
2012-03-12 15:29:55 +00:00 |
|
Miroslav Stampar
|
1d0c8a7f44
|
minor update
|
2012-03-12 15:19:02 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
dcf7277a0f
|
some more refactorings
|
2012-02-16 14:42:28 +00:00 |
|
Miroslav Stampar
|
85a4ef6593
|
minor update
|
2012-02-08 12:00:03 +00:00 |
|
Miroslav Stampar
|
a7970d094a
|
minor update
|
2012-02-01 15:10:06 +00:00 |
|
Miroslav Stampar
|
8405ef59ac
|
some estetic updates
|
2012-02-01 14:49:42 +00:00 |
|
Miroslav Stampar
|
527ce070a3
|
minor fix
|
2012-01-16 10:04:18 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
1d0b43b1a2
|
implemented mechanism for merging cookies by request
|
2012-01-11 14:28:08 +00:00 |
|
Miroslav Stampar
|
40398f358c
|
minor update
|
2012-01-05 14:55:23 +00:00 |
|
Miroslav Stampar
|
1f085a0241
|
now [SLEEPTIME] is changeable properly in vivo
|
2012-01-05 14:45:05 +00:00 |
|
Miroslav Stampar
|
ea87c89c25
|
minor fix
|
2012-01-03 23:44:56 +00:00 |
|
Miroslav Stampar
|
63bc4ce116
|
minor patch
|
2011-12-30 14:11:02 +00:00 |
|
Miroslav Stampar
|
c20546dcaa
|
minor refactoring
|
2011-12-26 12:24:39 +00:00 |
|
Miroslav Stampar
|
526aacb640
|
code cleanup
|
2011-12-21 22:59:23 +00:00 |
|
Miroslav Stampar
|
95cd9e2af3
|
adding support for scanning Host header values (-p host)
|
2011-12-20 12:52:41 +00:00 |
|
Miroslav Stampar
|
1b16b5e0f1
|
minor fix
|
2011-12-20 09:10:44 +00:00 |
|
Miroslav Stampar
|
c57941c102
|
minor beautification
|
2011-12-15 23:33:44 +00:00 |
|
Miroslav Stampar
|
563c0c1066
|
adding switch --tor-type
|
2011-12-15 23:19:55 +00:00 |
|
Miroslav Stampar
|
e6820ebbd2
|
minor update
|
2011-12-14 10:26:03 +00:00 |
|
Miroslav Stampar
|
364113441b
|
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
|
2011-12-14 10:19:45 +00:00 |
|
Miroslav Stampar
|
0f5d48ff20
|
minor update
|
2011-12-05 09:25:56 +00:00 |
|
Miroslav Stampar
|
9bc735963b
|
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))
|
2011-12-04 22:42:19 +00:00 |
|
Miroslav Stampar
|
b03a5e8928
|
people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value
|
2011-12-01 13:30:47 +00:00 |
|
Miroslav Stampar
|
3cd8f47686
|
minor bug fix
|
2011-11-29 17:17:06 +00:00 |
|
Miroslav Stampar
|
d958c2fe48
|
minor fix
|
2011-11-28 11:21:39 +00:00 |
|
Miroslav Stampar
|
ba4234dc42
|
switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)
|
2011-11-23 21:17:08 +00:00 |
|
Miroslav Stampar
|
4fa24ec704
|
minor improvement
|
2011-11-21 17:39:18 +00:00 |
|
Miroslav Stampar
|
65b2b0ad87
|
adding switch --eval
|
2011-11-21 16:41:02 +00:00 |
|
Miroslav Stampar
|
df0b451389
|
minor update
|
2011-11-20 23:17:57 +00:00 |
|
Miroslav Stampar
|
440b7efe55
|
minor optimization
|
2011-11-20 20:14:47 +00:00 |
|
Miroslav Stampar
|
b888829d12
|
minor update
|
2011-11-14 11:39:18 +00:00 |
|
Miroslav Stampar
|
ccbd93cc2e
|
fix for redirect/HOST header bug
|
2011-11-11 11:28:27 +00:00 |
|
Miroslav Stampar
|
1061c06617
|
improvement of redirecting code
|
2011-11-11 11:07:49 +00:00 |
|
Miroslav Stampar
|
e183437f0b
|
minor typo
|
2011-11-10 10:30:53 +00:00 |
|
Miroslav Stampar
|
62f8f8d36c
|
bug fix (thanks to zhen zhou)
|
2011-11-10 10:22:35 +00:00 |
|
Miroslav Stampar
|
c1486ed4be
|
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
|
2011-10-25 09:53:44 +00:00 |
|
Miroslav Stampar
|
6d64f87190
|
minor update
|
2011-10-24 00:46:54 +00:00 |
|
Miroslav Stampar
|
1f7d87c6a4
|
bug fix for --code (previously redirecting codes where not considered)
|
2011-10-23 20:48:37 +00:00 |
|
Miroslav Stampar
|
77e630d89e
|
replaced longer CHAR form of escaped MySQL strings with more compact hex form
|
2011-10-23 20:19:42 +00:00 |
|
Miroslav Stampar
|
3f0517d3f3
|
support for non-latin (e.g. cyrillic) URLs
|
2011-10-23 17:02:48 +00:00 |
|
Miroslav Stampar
|
0db0571f35
|
minor patch
|
2011-10-21 09:06:00 +00:00 |
|
Miroslav Stampar
|
dd0ed5f5da
|
adding redirect response to the traffic file
|
2011-09-28 08:13:46 +00:00 |
|
Miroslav Stampar
|
e0f521cf9d
|
minor update regarding --randomize
|
2011-08-29 13:08:25 +00:00 |
|
Miroslav Stampar
|
ac00014c4a
|
implemented --randomize switch by request
|
2011-08-29 12:50:52 +00:00 |
|
Miroslav Stampar
|
75ec146224
|
minor beautification
|
2011-08-17 21:17:02 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
fff4c34e33
|
Search for --string and --regexp matches also in HTTP response headers
|
2011-08-12 15:33:37 +00:00 |
|
Bernardo Damele
|
5e5133b8e7
|
Should be fixed now
|
2011-08-12 15:00:11 +00:00 |
|
Bernardo Damele
|
1505cb2a80
|
typo
|
2011-08-12 14:51:39 +00:00 |
|
Bernardo Damele
|
702ca22d54
|
Minor bug fix for URI injections
|
2011-08-12 14:48:44 +00:00 |
|
Bernardo Damele
|
28bba9f5e6
|
More verbose warning message
|
2011-08-12 13:47:38 +00:00 |
|
Miroslav Stampar
|
10bdd90e60
|
minor speed optimizations (as a result of profiling)
|
2011-08-12 13:40:37 +00:00 |
|
Miroslav Stampar
|
02bfd05b20
|
more general approach
|
2011-07-08 10:03:14 +00:00 |
|
Miroslav Stampar
|
ba2c06c9dc
|
quick fix
|
2011-07-08 09:01:32 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Miroslav Stampar
|
93b296e02c
|
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
|
2011-07-06 05:44:47 +00:00 |
|
Miroslav Stampar
|
75524c283d
|
minor update
|
2011-06-27 21:59:31 +00:00 |
|
Miroslav Stampar
|
831f083223
|
minor update
|
2011-06-27 21:38:12 +00:00 |
|
Miroslav Stampar
|
e9286ddd5b
|
fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
47: ordinal not in range(128))
|
2011-06-24 19:24:11 +00:00 |
|
Miroslav Stampar
|
e76cb19e35
|
minor patch
|
2011-06-22 09:11:12 +00:00 |
|
Miroslav Stampar
|
b16b92fe46
|
minor update
|
2011-06-21 20:59:34 +00:00 |
|
Miroslav Stampar
|
2220afbdf5
|
fix by request
|
2011-06-21 20:50:16 +00:00 |
|
Miroslav Stampar
|
bdb530da1f
|
minor update
|
2011-06-19 10:11:27 +00:00 |
|
Miroslav Stampar
|
d5bc149636
|
made changes by buawig request (504 is treated as a classical timeout)
|
2011-06-19 09:57:41 +00:00 |
|
Bernardo Damele
|
0d8d6a4ace
|
Cosmetics
|
2011-06-08 16:08:20 +00:00 |
|
Miroslav Stampar
|
4a9640160e
|
more concise
|
2011-06-08 14:35:23 +00:00 |
|
Miroslav Stampar
|
6b81eef65a
|
refactoring
|
2011-06-08 14:30:12 +00:00 |
|
Miroslav Stampar
|
75c12c5edb
|
fix for a bug reported by cclements@flatearth.net (TypeError: argument of type 'NoneType' is not iterable)
|
2011-06-07 21:46:49 +00:00 |
|
Miroslav Stampar
|
a5a70f0895
|
minor update
|
2011-05-28 18:21:03 +00:00 |
|
Miroslav Stampar
|
c11ea35d53
|
adding some user input for "refreshing" cases (like redirect ones)
|
2011-05-27 22:42:23 +00:00 |
|
Miroslav Stampar
|
cf69809c3c
|
minor update
|
2011-05-27 16:26:00 +00:00 |
|
Miroslav Stampar
|
61b960f65f
|
minor update related to the last one
|
2011-05-26 22:05:10 +00:00 |
|
Miroslav Stampar
|
45caadbd4a
|
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
|
2011-05-26 21:54:19 +00:00 |
|
Miroslav Stampar
|
4f2c999146
|
fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders)
|
2011-05-26 13:47:20 +00:00 |
|
Miroslav Stampar
|
f774d8fea0
|
proper Tor settings (reverted r3915 and implemented it the right way)
|
2011-05-24 11:06:58 +00:00 |
|
Miroslav Stampar
|
915c206e3d
|
minor fix for socks proxy issues
|
2011-05-24 09:47:10 +00:00 |
|
Miroslav Stampar
|
ad25bcc2be
|
better way for dealing with relative paths
|
2011-05-24 05:26:51 +00:00 |
|
Miroslav Stampar
|
a536bf210f
|
improved redirection mechanism
|
2011-05-23 23:20:03 +00:00 |
|
Miroslav Stampar
|
40971aca94
|
fixing nasty bug caused by retrying counter
|
2011-05-22 10:59:56 +00:00 |
|
Miroslav Stampar
|
712e238f33
|
another minor fix
|
2011-05-22 10:29:25 +00:00 |
|
Miroslav Stampar
|
2795aeff34
|
minor fix
|
2011-05-22 10:27:45 +00:00 |
|
Miroslav Stampar
|
806e898694
|
no more CRITICAL drop outs in test mode - lots of reports were related to this
|
2011-05-22 10:21:49 +00:00 |
|
Miroslav Stampar
|
9b2623514a
|
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
|
2011-05-22 09:48:46 +00:00 |
|
Miroslav Stampar
|
2ea613b170
|
type correction and adding global flag kb.ignoreTimeout which could be useful
|
2011-05-22 08:24:13 +00:00 |
|
Miroslav Stampar
|
27f0e73cc9
|
refactoring of 'target' flag in connect.py
|
2011-05-22 07:46:09 +00:00 |
|
Miroslav Stampar
|
25fff8c135
|
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
|
2011-05-21 11:46:57 +00:00 |
|
Miroslav Stampar
|
053c245114
|
few minor fixes
|
2011-05-13 09:56:12 +00:00 |
|
Miroslav Stampar
|
a7d7be5ce0
|
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)
|
2011-05-13 01:01:53 +00:00 |
|
Miroslav Stampar
|
0b2da2f9f5
|
minor beautification for --tor switch
|
2011-05-12 05:46:17 +00:00 |
|
Miroslav Stampar
|
1dea609019
|
fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query)
|
2011-05-10 12:51:37 +00:00 |
|
Miroslav Stampar
|
a64407d9db
|
minor bug fix for multithreading and lots of connection retries
|
2011-05-10 12:40:01 +00:00 |
|
Miroslav Stampar
|
22a1870c2c
|
adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1
|
2011-05-10 12:32:07 +00:00 |
|
Miroslav Stampar
|
b324b99f6e
|
minor update of warning message
|
2011-05-04 10:41:08 +00:00 |
|
Miroslav Stampar
|
1e6c2fea74
|
update regarding warning for --random-agent during connection timeout in connection test phase
|
2011-05-03 10:05:42 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Miroslav Stampar
|
b299912de4
|
fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost
|
2011-04-29 16:56:02 +00:00 |
|
Miroslav Stampar
|
6bb4dce3aa
|
minor refactoring
|
2011-04-29 15:22:32 +00:00 |
|
Bernardo Damele
|
11ecd16099
|
cosmetics
|
2011-04-21 10:08:38 +00:00 |
|
Miroslav Stampar
|
fc90974940
|
revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)
|
2011-04-19 14:50:09 +00:00 |
|
Miroslav Stampar
|
7abbd0c029
|
removing a leftover
|
2011-04-19 14:29:51 +00:00 |
|
Miroslav Stampar
|
96b5fede5a
|
automatic increasing of time delay on lagging connections
|
2011-04-19 14:28:51 +00:00 |
|
Miroslav Stampar
|
7a06af9a92
|
added "lagging" critical message
|
2011-04-19 10:37:20 +00:00 |
|
Miroslav Stampar
|
6463cad8c5
|
minor update for SOAP payloads
|
2011-04-18 14:29:52 +00:00 |
|
Miroslav Stampar
|
a7366bf710
|
SOAP refactoring
|
2011-04-17 21:39:00 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
83feb097ef
|
greater flexibility for --batch when default is None
|
2011-04-08 22:29:50 +00:00 |
|
Miroslav Stampar
|
e957c4400c
|
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
|
2011-04-04 08:04:47 +00:00 |
|
Miroslav Stampar
|
305115a68b
|
important improvement of data handling (POST data and header values)
|
2011-04-03 15:02:52 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
850328df6c
|
minor cosmetics
|
2011-03-29 22:03:48 +00:00 |
|
Miroslav Stampar
|
9f707febf5
|
minor update
|
2011-03-29 15:43:17 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
ae53ad4c30
|
making an update for special case of timed out response
|
2011-03-28 21:05:04 +00:00 |
|
Miroslav Stampar
|
b53c9a2599
|
minor fix and some refactoring
|
2011-03-18 00:24:02 +00:00 |
|
Bernardo Damele
|
9526f0c4c2
|
Minor layout adjustments
|
2011-03-17 12:35:40 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
2fd3f0d7b2
|
minor update (added comment)
|
2011-03-11 20:07:52 +00:00 |
|
Miroslav Stampar
|
5eae525010
|
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
|
2011-03-11 19:57:44 +00:00 |
|