From d4b1cd630e58d5966aad18b963131fb2bb3ade9f Mon Sep 17 00:00:00 2001
From: Steve Pinkham <steve.pinkham@gmail.com>
Date: Mon, 21 Jun 2010 10:57:40 -0400
Subject: [PATCH] 1.41b: if response varies, directory brute force is also
 skipped.

---
 ChangeLog         | 6 ++++++
 assets/index.html | 2 +-
 config.h          | 2 +-
 crawler.c         | 6 +++---
 skipfish.1        | 3 +++
 5 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 63bb98c..6fedcce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Version 1.41b:
+--------------
+
+  - Logic change: if response varies, directory brute force is
+    also skipped.
+
 Version 1.40b:
 --------------
 
diff --git a/assets/index.html b/assets/index.html
index 2e58e71..1d4101c 100644
--- a/assets/index.html
+++ b/assets/index.html
@@ -248,7 +248,7 @@ var issue_desc= {
   "20201": "Behavior checks failed",
   "20202": "IPS filtering enabled",
   "20203": "IPS filtering disabled again",
-  "20204": "Response varies randomly, skipping injection checks",
+  "20204": "Response varies randomly, skipping checks",
   "20301": "Node should be a directory, detection error?",
 
   "30101": "HTTP credentials seen in URLs",
diff --git a/config.h b/config.h
index 6211f4a..4299e1f 100644
--- a/config.h
+++ b/config.h
@@ -23,7 +23,7 @@
 #ifndef _HAVE_CONFIG_H
 #define _HAVE_CONFIG_H
 
-#define VERSION "1.40b"
+#define VERSION "1.41b"
 
 #define USE_COLOR               1       /* Use terminal colors             */
 
diff --git a/crawler.c b/crawler.c
index 748b497..062282b 100644
--- a/crawler.c
+++ b/crawler.c
@@ -34,7 +34,7 @@
 
 u32 crawl_prob = 100;    /* Crawl probability (1-100%)     */
 u8  no_fuzz_ext;         /* Don't fuzz extensions for dirs */
-u8  no_500_dir;		 /* Don't assume dirs on 500       */
+u8  no_500_dir;          /* Don't crawl 500 directories    */
 
 /*
 
@@ -1411,7 +1411,7 @@ static void end_injection_checks(struct pivot_desc* pv) {
        in scope (but got added as a parent of an in-scope
        node), or 404 checks went wrong. */
 
-    if (url_allowed(pv->req)) {
+    if (url_allowed(pv->req) && !pv->res_varies) {
 
       if (pv->r404_cnt) {
         pv->state   = PSTATE_CHILD_DICT;
@@ -1430,7 +1430,7 @@ static void end_injection_checks(struct pivot_desc* pv) {
 
   } else {
 
-    if (pv->bogus_par) {
+    if (pv->bogus_par || pv->res_varies) {
       pv->state = PSTATE_DONE;
     } else {
       crawl_par_numerical_init(pv);
diff --git a/skipfish.1 b/skipfish.1
index 13299e1..81bef5e 100644
--- a/skipfish.1
+++ b/skipfish.1
@@ -63,6 +63,9 @@ exclude pages containing 'string'
 .B \-K string
 do not fuzz query parameters or form fields named 'string'
 .TP
+.B \-Z
+do not descend into directories that return HTTP 500 code
+.TP
 .B \-D domain
 also crawl cross-site links to a specified domain
 .TP