1.38b: Small bugfixes
- Decompression now honors user-specified size limits more reliably. - Retry logic corrected to account for certain Oracle servers. - Terminal I/O fix for debug mode.
This commit is contained in:
parent
30aa479d14
commit
15c43e8675
|
@ -1,3 +1,12 @@
|
|||
Version 1.38b:
|
||||
--------------
|
||||
|
||||
- Decompression now honors user-specified size limits more reliably.
|
||||
|
||||
- Retry logic corrected to account for certain Oracle servers.
|
||||
|
||||
- Terminal I/O fix for debug mode.
|
||||
|
||||
Version 1.37b:
|
||||
--------------
|
||||
|
||||
|
|
|
@ -405,6 +405,7 @@ function show_dat(path, ignore) {
|
|||
return false;
|
||||
}
|
||||
|
||||
|
||||
/* Displays request or response dump in a proper window. */
|
||||
|
||||
function show_win(path, ignore) {
|
||||
|
|
2
config.h
2
config.h
|
@ -23,7 +23,7 @@
|
|||
#ifndef _HAVE_CONFIG_H
|
||||
#define _HAVE_CONFIG_H
|
||||
|
||||
#define VERSION "1.37b"
|
||||
#define VERSION "1.38b"
|
||||
|
||||
#define USE_COLOR 1 /* Use terminal colors */
|
||||
|
||||
|
|
|
@ -204,7 +204,7 @@ u8 parse_url(u8* url, struct http_request* req, struct http_request* ref) {
|
|||
|
||||
/* Interpret, skip //[login[:pass@](\[ipv4\]|\[ipv6\]|host)[:port] part of the
|
||||
URL, if present. Note that "http:blarg" is a valid relative URL to most
|
||||
browsers, and "//example.com/blarg" is a valid non-FQDN absolute one.
|
||||
browsers, and "//example.com/blarg" is a valid non-FQ absolute one.
|
||||
We need to mimick this, which complicates the code a bit.
|
||||
|
||||
We only accept /, ?, #, and : to mark the end of a host name. Some browsers
|
||||
|
@ -432,7 +432,7 @@ u8* url_decode_token(u8* str, u32 len, u8 plus) {
|
|||
|
||||
|
||||
/* URL-encodes a string according to custom rules. The assumption here is that
|
||||
the data is already tokenized as "special" boundaries such as ?, =, &, /,
|
||||
the data is already tokenized at "special" boundaries such as ?, =, &, /,
|
||||
;, !, $, and , so these characters must always be escaped if present in
|
||||
tokens. We otherwise let pretty much everything else go through, as it
|
||||
may help with the exploitation of certain vulnerabilities. */
|
||||
|
@ -906,9 +906,11 @@ u8* build_request_data(struct http_request* req) {
|
|||
}
|
||||
|
||||
|
||||
/* Request a limited range up front to minimize unwanted traffic. */
|
||||
/* Request a limited range up front to minimize unwanted traffic.
|
||||
Note that some Oracle servers apparently fail on certain ranged
|
||||
requests; maybe do something smarter to detect this? */
|
||||
|
||||
if (size_limit) {
|
||||
{
|
||||
u8 limit[32];
|
||||
sprintf((char*)limit, "Range: bytes=0-%u\r\n", size_limit - 1);
|
||||
ASD(limit);
|
||||
|
@ -1511,12 +1513,12 @@ u8 parse_response(struct http_request* req, struct http_response* res,
|
|||
u8* tmp_buf;
|
||||
|
||||
/* Deflate or gzip - zlib can handle both the same way. We lazily allocate
|
||||
a SIZE_LIMIT output buffer, then truncate it if necessary. */
|
||||
a size_limit output buffer, then truncate it if necessary. */
|
||||
|
||||
z_stream d;
|
||||
s32 err;
|
||||
|
||||
tmp_buf = ck_alloc(SIZE_LIMIT + 1);
|
||||
tmp_buf = ck_alloc(size_limit + 1);
|
||||
|
||||
d.zalloc = 0;
|
||||
d.zfree = 0;
|
||||
|
@ -1524,7 +1526,7 @@ u8 parse_response(struct http_request* req, struct http_response* res,
|
|||
d.next_in = res->payload;
|
||||
d.avail_in = res->pay_len;
|
||||
d.next_out = tmp_buf;
|
||||
d.avail_out = SIZE_LIMIT;
|
||||
d.avail_out = size_limit;
|
||||
|
||||
/* Say hello to third-party vulnerabilities! */
|
||||
|
||||
|
@ -1546,7 +1548,7 @@ u8 parse_response(struct http_request* req, struct http_response* res,
|
|||
|
||||
bytes_deflated += res->pay_len;
|
||||
|
||||
res->pay_len = SIZE_LIMIT - d.avail_out;
|
||||
res->pay_len = size_limit - d.avail_out;
|
||||
res->payload = ck_realloc(tmp_buf, res->pay_len + 1);
|
||||
res->payload[res->pay_len] = 0;
|
||||
|
||||
|
@ -1967,11 +1969,12 @@ network_error:
|
|||
and failed instantly with no data read; might be just that
|
||||
the server got bored. */
|
||||
|
||||
if (c->q && c->reused && !c->read_len) {
|
||||
if (c->q && !c->q->retrying && c->reused && !c->read_len) {
|
||||
|
||||
c->q->res->state = STATE_NOTINIT;
|
||||
c->q->c = 0;
|
||||
c->q = 0;
|
||||
c->q->retrying = 1;
|
||||
c->q->c = 0;
|
||||
c->q = 0;
|
||||
|
||||
req_retried++;
|
||||
|
||||
|
|
|
@ -213,6 +213,7 @@ struct queue_entry {
|
|||
struct conn_entry* c; /* Connection currently used */
|
||||
struct queue_entry* prev; /* Previous queue entry */
|
||||
struct queue_entry* next; /* Next queue entry */
|
||||
u8 retrying; /* Request being retried? */
|
||||
};
|
||||
|
||||
/* DNS cache item: */
|
||||
|
|
4
report.c
4
report.c
|
@ -287,7 +287,7 @@ static void compute_counts(struct pivot_desc* pv) {
|
|||
}
|
||||
|
||||
if ((!(proc_cnt++ % 50)) || pv->type == PIVOT_ROOT) {
|
||||
SAY(cLGN "\r[+] " cNOR "Counting unique issues: %u", proc_cnt);
|
||||
SAY(cLGN "\r[+] " cNOR "Counting unique nodes: %u", proc_cnt);
|
||||
fflush(0);
|
||||
}
|
||||
|
||||
|
@ -598,7 +598,7 @@ static void output_crawl_tree(struct pivot_desc* pv) {
|
|||
}
|
||||
|
||||
if ((!(proc_cnt++ % 50)) || pv->type == PIVOT_ROOT) {
|
||||
SAY(cLGN "\r[+] " cNOR "Counting unique issues: %u", proc_cnt);
|
||||
SAY(cLGN "\r[+] " cNOR "Writing crawl tree: %u", proc_cnt);
|
||||
fflush(0);
|
||||
}
|
||||
|
||||
|
|
|
@ -60,6 +60,9 @@ exclude URLs matching 'string'
|
|||
.B \-S string
|
||||
exclude pages containing 'string'
|
||||
.TP
|
||||
.B \-K string
|
||||
do not fuzz query parameters or form fields named 'string'
|
||||
.TP
|
||||
.B \-D domain
|
||||
also crawl cross-site links to a specified domain
|
||||
.TP
|
||||
|
|
13
skipfish.c
13
skipfish.c
|
@ -434,11 +434,11 @@ int main(int argc, char** argv) {
|
|||
optind++;
|
||||
}
|
||||
|
||||
/* Char-by char stdio. */
|
||||
/* Char-by char stdin. */
|
||||
|
||||
tcgetattr(0, &term);
|
||||
term.c_lflag &= ~ICANON;
|
||||
tcsetattr(0, TCSAFLUSH, &term);
|
||||
tcsetattr(0, TCSANOW, &term);
|
||||
fcntl(0, F_SETFL, O_NONBLOCK);
|
||||
|
||||
gettimeofday(&tv, NULL);
|
||||
|
@ -474,7 +474,7 @@ int main(int argc, char** argv) {
|
|||
|
||||
SAY(" \r");
|
||||
|
||||
if (read(0, keybuf, sizeof(keybuf)) > 0) {
|
||||
if (fread(keybuf, 1, sizeof(keybuf), stdin) > 0) {
|
||||
display_mode ^= 1;
|
||||
clear_screen = 1;
|
||||
}
|
||||
|
@ -484,11 +484,14 @@ int main(int argc, char** argv) {
|
|||
gettimeofday(&tv, NULL);
|
||||
en_time = tv.tv_sec * 1000 + tv.tv_usec / 1000;
|
||||
|
||||
SAY("\n");
|
||||
|
||||
if (stop_soon)
|
||||
SAY(cYEL "[!] " cBRI "Scan aborted by user, bailing out!" cNOR "\n");
|
||||
|
||||
term.c_lflag |= ICANON;
|
||||
tcsetattr(0, TCSAFLUSH, &term);
|
||||
tcsetattr(0, TCSANOW, &term);
|
||||
fcntl(0, F_SETFL, O_SYNC);
|
||||
|
||||
if (!dont_save_words) save_keywords((u8*)wordlist);
|
||||
|
||||
|
@ -511,6 +514,8 @@ int main(int argc, char** argv) {
|
|||
}
|
||||
#endif /* DEBUG_ALLOCATOR */
|
||||
|
||||
fflush(0);
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue