few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")

2025-12-09 14:11:29 +00:00 · 2011-07-06 05:44:47 +00:00
parent b8ffcf9495
commit 93b296e02c
12 changed files with 146 additions and 61 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
 """

 import codecs
+import copy
 import ctypes
 import inspect
 import logging
@@ -1924,7 +1925,7 @@ def pushValue(value):
    Push value to the stack (thread dependent)
    """

-    getCurrentThreadData().valueStack.append(value)
+    getCurrentThreadData().valueStack.append(copy.deepcopy(value))

 def popValue():
    """
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -85,6 +85,7 @@ class MOBILES:
    NOKIA = "Nokia N97;Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344"

 class HTTPHEADER:
+    ACCEPT = "Accept"
    ACCEPT_ENCODING = "Accept-Encoding"
    AUTHORIZATION = "Authorization"
    CONNECTION = "Connection"
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -981,8 +981,8 @@ def __setPrefixSuffix():
        else:
            boundary.ptype = 1

-        # Prepend user's provided boundaries to all others boundaries
-        conf.boundaries.insert(0, boundary)
+        # user who knows for --prefix/--suffix doesn't want other combinations
+        conf.boundaries = [boundary]

 def __setHTTPAuthentication():
    """
@@ -1021,7 +1021,7 @@ def __setHTTPAuthentication():
            errMsg = "HTTP %s authentication credentials " % aTypeLower
            errMsg += "value must be in format username:password"
        elif aTypeLower == "ntlm":
-            regExp = "^(.*?)\\\(.*?):(.*?)$"
+            regExp = "^(.*\\\\.*):(.*?)$"
            errMsg = "HTTP NTLM authentication credentials value must "
            errMsg += "be in format DOMAIN\username:password"

--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -156,26 +156,25 @@ optDict = {
                               "trafficFile":       "string",
                               "batch":             "boolean",
                               "charset":           "string",
+                               "crawlDepth":        "integer",
                               "eta":               "boolean",
                               "flushSession":      "boolean",
                               "forms":             "boolean",
                               "freshQueries":      "boolean",
-                               "updateAll":         "boolean"
+                               "parseErrors":       "boolean",
+                               "replicate":         "boolean",
+                               "updateAll":         "boolean",
+                               "tor":               "boolean"
                             },

            "Miscellaneous": {
                               "beep":              "boolean",
                               "checkPayload":      "boolean",
                               "cleanup":           "boolean",
-                               "crawlDepth":        "integer",
                               "dependencies":      "boolean",
-                               "forms":             "boolean",
                               "googlePage":        "integer",
                               "mobile":            "boolean",
                               "pageRank":          "boolean",
-                               "parseErrors":       "boolean",
-                               "replicate":         "boolean",
-                               "tor":               "boolean",
                               "wizard":            "boolean",
                               "verbose":           "integer"
                             },
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -80,6 +80,9 @@ UNION_STDEV_COEFF = 7
 # length of queue for candidates for time delay adjustment
 TIME_DELAY_CANDIDATES = 3

+# standard value for HTTP Accept header
+HTTP_ACCEPT_HEADER_VALUE = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
+
 # HTTP timeout in silent mode
 HTTP_SILENT_TIMEOUT = 3

@@ -370,3 +373,6 @@ BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"

 # Template used for common column existence check
 BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"
+
+# Payload used for checking of existence of IDS/WAF (dummier the better)
+IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables"