Releases: Brum3ns/firefly
Releases · Brum3ns/firefly
v1.4.3
What's changed
Bug fixes
- Old option
-fHand-mHwas not used but showed as an option
New features
- New options added:
-fdHFilter dynamic header in response-fHFilter header in response-mHMatch header in response
- Firefly now use filters in difference scans such as dynamic header detection. This is to remove false positive in the result.
- A new more advanced HTTP filter package has been developed that replace the old one.
- Randomness and dynamic detection has been heavily improved and have an accuracy of: ~90% in detection rate when a random/dynamic string appear in the HTTP response that is a least 16 chars long (common for CSRF, Sessions etc). The accuracy is near ~99% when a string has a length of 23 chars or more (This can be tested in the
/testsfolder).
Full Changelog: v1.4.2...v1.4.3
v1.4.2
v1.4.1
What's changed
Bugs fixed
- Removed print of URL before banner
- Setup process is now fixed and use the CLI tool
gitinstead ofsvn
New features
- The
dbfolder is now removed in the Firefly's repository (this repo). The db resources have been moved to the repository - https://github.com/Brum3ns/firefly-db
v1.4.0
What's changed
Bugs fixed
- Invalid regex verification check for URL scheme
- A fix to an issue that caused Firefly to not detect new HTML tags in the response that were in the payload.
New features
- New option
-detailmake it able to view all difference details in the fuzzing process - Headers are now analyzed more advanced to detect differences
- Header difference are now being displayed in the running process
Other
- Option: "-D" (Delay) renamed to "-timeout"
v1.3.1
What's changed
Bugs fixed
- The scheme option included http even if only https had been specified by the user.
- Crash due to non-validated value (out of range)
New features
- Automatic detection and insertion of payloads in the requests. Support for URL, body and cookies parameters.
Other
- Option: "-te" (scanner engine threads) renamed to "-tS"