What's changed
Bug fixes
- Old option
-fH
and-mH
was not used but showed as an option
New features
- New options added:
-fdH
Filter dynamic header in response-fH
Filter header in response-mH
Match header in response
- Firefly now use filters in difference scans such as dynamic header detection. This is to remove false positive in the result.
- A new more advanced HTTP filter package has been developed that replace the old one.
- Randomness and dynamic detection has been heavily improved and have an accuracy of: ~90% in detection rate when a random/dynamic string appear in the HTTP response that is a least 16 chars long (common for CSRF, Sessions etc). The accuracy is near ~99% when a string has a length of 23 chars or more (This can be tested in the
/tests
folder).
Full Changelog: v1.4.2...v1.4.3