Tekil Mesaj gösterimi
25-Nis-2012, 15:31:58   #5 (permalink)
Forum Uzmanı
NightWoLf - ait Kullanıcı Resmi (Avatar)
Üyelik: #3029 / Mar 2011
Mesaj/konu: 3.080 / 265
Ref: 13 / 2177
Seviye: NightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyorNightWoLf refe ref demiyor

Centurion nickli üyeden alıntı Mesajı göster
Ne gibi yenilikler var.Bilginiz var mı?

Release Notes:
- Added support for three fields bruteforcing. Now when you'll start a bruteforcer session, MBA will ask you how to map the bruteforcer fields to the loaded wordlist. It works in this way:
The bruteforcer fields are called <USER>, <PASS> and <EMAIL>. Take note that even if the third field is called <EMAIL> it doesn't need to be linked to an email!
Each word of the loaded wordlist is treated like field1:field2:field3, i.e. now each word in the wordlist can be either a single, double or triple word. It will be called anyway a combo since i like the word to be named combo
So from the start bruteforcer form you will be able to assign field 1 to either <USER>, <PASS> and <EMAIL>. Same rule applies to field2 or field3.
Finally take note that in basic mode you should always assign field1 to <USER> and field2 to <PASS>. If you need otherwise, then you must switch to master mode.
- POST Wizard is now called Master Wizard. Here the main changes/additions:
1) For all the HTTP stages (except for the OCR one) user can set the call method: Head, Get, Post, Post MultiForm, Post Json. Take note that for the new POST methods you must format the POST data in the usual way...MBA will change the format
automatically once the POST data is built. Moreover for Json if you need to add a multivalue parameter just add \s at the end of the name parameter. In order to close a multiparameters section, add \e at the end of the name of the last parameter
of the section. Sections left open will be closed automatically, so no need to add \e to the last parameters.
2) Improved the default parsing engine, that now is fully three fields compatible. So now you can tell the default parser how many bruteforcer fields you expect from the form. For this you must use the indexes near each field. See context help for more detail.
3) Added Debugger available from the POST Wizard. In this way you can check for example all the forms and fields captured and debug any config error quickly. A debugger is available from OCR Wizard too.
4) Now you can parse form data from the Intermediate action ("From IA" option). Useful for sites for which the login page is actually called in the second stage.
5) You can enable/disable follow redirect for Intermediate action and redirect URL. Take note that a redirect to another domain will not be followed and will trigger instead an IP ban.
6) Now you can set mutiple redirect keys (and you can tell MBA if a key has to be a source key or a header key) and you can build them with the keyword wizard.
- Improved the parsing code engine. Her the main changes/additions:
1) Now the function premium date is only one, but it is in fact a universal date converter. It will recognize automatically unixtime, days remaining format and (year, month, week, minute, hour, second) format. Only action user has to take it is when the premium date is given in
seconds remaining. In this case just add "second" as prefix or suffix.
2) Added user and pass functions. If a data extracted is marked as user or pass it will be added in the columns user and pass of the history.
3) Now you can set recursive option and capture target option for each field.
4) You can add mutiple fields even if parsing code is not used for capture or post fields extraction. This means that you can add multiple fields extraction when parsing code is used as a variable input.
In this case all fields captured will be just joined. But you will get a nice feature if you enable recursive parsing code from variable wizard. In this case each field captured mutiple times will
generate a vector of size equal to the number of times the parsing code has matched the field parsing strings.
For example let's suppose you have a parsing code which captures fields field1 and field2.
field1 is captured 4 fimes with values field1_1, field1_2, field1_3, field1_4.
field2 is captured 1 time with value field2_1.
You will get a vector Key[] of size 4 with these values:
Key[1] = field1_1field2_1
Key[2] = field1_2field2_1
Key[3] = field1_3field2_1
Key[4] = field1_4field2_1
What to do with this vector? Well when you have computed a variable in such way, you can do only one thing with the var...Assign it to an additional redirect paameter (be it POST or URL)...the additional redirect URL will be called in this case four times, each time with
the assigned value corresponding to the index assigned, i.e. first time MBA will use Key[1], second time Key[2] and so on.
5) Added Pefix and Suffix inputs. They will be added right before and after the data extracted. In chain mode with these ones filled, you can get almost all work done with just one variable
- Improved the variables engine:
1) Added new crypto functions (RSA and HMAC) and all SHA hash methods, plus other convert and string functions.
2) Now variables supports mutiinput functions. In order to configure such functions, new functions have been added, SetParameterIndex and SetParameterValue, see context help for more details.
3) Now you can re-assign an already computed variable with the new function SetField. With this one you can also set the user, pass and email of the combo being tested. The captcha too can be reasiigned.
This feature together with the new variable flow control options will give the user the chance to excecute different variables codes as a function of the server response.
4) Now you can assign the header too to any stage. Mutiple headers can be assigned if you use \n as fields separator. Fields already present will be replaced.
5) Added OCR stage. In this way you can manipulate captcha code right after the image is recognized.
6) Added loop variables. Thiese variables will set the enry point of a loop cycle that can be triggered by the new Jump function.
7) You can add additional redirect URLs by variables. This will let you to add such URLs recursively based on the response got from the last additional redirect URL.
- Totally rewritten the HTTP debugger.Go to check, too lazy to explain the details here.
- In Keywords Wizard you can set keys for Intermediate action only. Moreover fake image ban key has been added.
- Other major and minor improvements/additions here and there.
- Solved critical, major and minor bugs.
Finally new languages from cp20 to cp26 (excluded cp21...) have been added. Thanx go to Jenva/Atterdale and machak