Skip to content

Releases: OWASP/pysap

pysap v0.1.10

25 Mar 18:56
@martingalloar martingalloar
v0.1.10
122d64c
Compare
Choose a tag to compare
pysap v0.1.10
  • Added support for handling SAP SAR file formats.
  • pysap/SAPCAR.py: New module for handling SAP SAR file formats.
  • extra/dlmanager_decrypt.py: Example PoC for decrypting
    SAP Download Manager stored passwords.
  • examples/dlmanager_infector.py: Example script to open a SAP SAR archive file and infect it by adding files with
    arbitrary filenames (e.g. including absolute or relative paths). It can be also used as a
    mitmproxy script for on-the-fly infecting SAR files being downloaded.
Assets 2
Loading

pysap v0.1.9

08 Feb 16:52
@martingalloar martingalloar
v0.1.9
8a8f97e
Compare
Choose a tag to compare
pysap v0.1.9
  • Using Scapy version 2.3.2.
  • Replaced epydoc with Sphinx for documentation.
  • Minor enhancement and code arrangements.
  • pysap/SAPDiagItems.py: Added new support bits from SAP GUI 7.30p9 and 7.40 versions.
  • pysap/utils.py: Removed custom fields now available on Scapy.
  • examples/router_fingerprints.json: Added some fingerprints from SAP Router releases 720.32 and 742.
Assets 2
Loading

pysap v0.1.8

29 Oct 21:59
@martingalloar martingalloar
v0.1.8
b99c1fb
Compare
Choose a tag to compare
pysap v0.1.8
  • Enabled travis containers for more quick builds.
  • Minor documentation and README improvements.
  • pysap/SAPRouter.py: Documented some version numbers from old releases (#3). Thanks invisiblethreat!
  • pysapcompress/vpa108csulzh.cpp: Improved the fix for CVE-2015-2278 by properly initializing arrays (#4). Thanks ret5ret!
  • examples/diag_render_login_screen.py: Fail gracefully if wx is not found.
  • examples/router_password_check.py: Updating the fau_timer library in use and failing gracefully if it's not found.
  • examples/router_fingerprint.py: New example script for performing fingerprint over SAP Router versions.
    This is experimental and the database included only contains a few SAP Router versions, but it might work.
Assets 2
Loading

pysap v0.1.7

13 May 17:38
@martingalloar martingalloar
v0.1.7
4b1579c
Compare
Choose a tag to compare
pysap v0.1.7
  • Fixed vulnerabilities in LZC and LZH compression libraries (CVE-2015-2282 and CVE-2015-2278).
    Added test cases for checking proper fixes.
  • pysap/SAPRouter.py: Moved SAP Router native proxy implementation to the SAP Router module so it can be reused.
  • examples/router_portfw.py: Using the native proxy implementation in SAP Router module.
Assets 2
Loading

pysap v0.1.6

25 Mar 15:36
@martingalloar martingalloar
v0.1.6
9a38cf6
Compare
Choose a tag to compare
pysap v0.1.6
  • Requirements now handled by setuptools.
  • Test building with clang on travis.
  • Cleared installation docs.
  • pysap/SAPNI.py: Made clients an instance variable in SAPNIServer.
  • pysap/SAPRouter.py: Added unknown field.
  • examples/diag_dos_exploit.py: Small fix.
  • examples/router_admin.py: Small fix on response handling.
  • examples/router_portfw.py: Added support for specify talk mode when requesting routes.
  • examples/router_scanner.py: Added support for specify talk mode when requesting routes.
Assets 2
Loading

pysap v0.1.5

16 Jan 18:51
@martingalloar martingalloar
v0.1.5
d29ee9e
Compare
Choose a tag to compare
pysap v0.1.5
  • Updated to use scapy v2.3.1.
  • Code is more Python3-friendly.
  • Added travis script for running tests.
  • General minor fixes and code improvements.
  • Added test suites for SAPNI, SAPDiag and SAPRouter modules.
  • Added support for routing via SAP Router in almost all example scripts.
  • pysap/SAPDiag.py: Added support for message info and Diag error packets.
  • pysap/SAPDiag.py: Diag item lookup now support looking up multiple items, and string lookups.
  • pysap/SAPDiagClient.py: Added support for specifying support bits when connecting, support for routing via SAP Router.
  • pysap/SAPDiagClient.py: If no terminal is supplied, use a random looking IP by default to avoid identification
    (SAP Note 1497445).
  • pysap/SAPDiagItems.py: Fixes on some atom items for old versions.
  • pysap/SAPEnqueue.py: Added trace max file size field.
  • pysap/SAPNI.py: Added helpers for creating new connections.
  • pysap/SAPNI.py: SAPNIProxy implemented using a Worker thread.
  • pysap/SAPNI.py: SAPNIServer implemented using SAPNIStreamSocket.
  • pysap/SAPRouter.py: Added route hop conversion helpers.
  • pysap/SAPRouter.py: Added info client and info server packets.
  • pysap/SAPRouter.py: Added SAPRoutedStreamSocket.
  • pysap/utils.py: Reimplemented MutablePacketField with evaluators.
  • pysapcompress/pysapcompress.cpp: Improved routines and added handling of some error conditions.
  • examples/diag_capturer.py: New example script for dumping Diag login credentials by sniffing or reading a pcap file.
  • examples/enqueue_monitor.py: Added command for get replication info and command for checking trace pattern endless
    loop vulnerability (CVE-2014-0995).
  • examples/router_admin.py: Parsing of info request responses.
  • examples/router_password_check: New example script for testing if a SAP Router is vulnerable to a timing attack on
    the password check (CVE-2014-0984).
  • requirements-optional.txt: Added optional requirements.
Assets 2
Loading

pysap v0.1.4

28 Mar 12:52
@martingalloar martingalloar
v0.1.4
71faf47
Compare
Choose a tag to compare
pysap v0.1.4
  • Version released at Troopers'14.
  • Changelog now in GNU format.
  • Changed setup from distutils to setuptools.
  • Added some unit tests.
  • Arranged most of the code according to PEP8.
  • pysap/SAPDiagItems.py: Fixed some support bits and added new ones found in SAP GUI version 7.30.
  • pysap/SAPDiagItems.py: Added new Diag Items: WindowsSize.
  • pysap/SAPEnqueue.py: New packet classes. Crafting of Enqueue Server packets: Connection Admin and Server Admin.
  • pysap/SAPNI.py: Fixed handling of NI_PING keep-alive requests.
  • pysap/SAPNI.py: Added logging namespace sapni for all NI layer activity.
  • pysap/SAPMS.py: New packet classes. Crafting of Message Server packets.
  • pysap/SAPRouter.py: New packet classes. Crafting of SAP Router packets: Route, Admin, Control and Error Information.
  • pysap/SAPSNC.py: New packet class. Container for SNC Frame packets.
  • pysapcompress/pysapcompress.cpp: Splitted exception class in two: CompressError and DecompressError.
  • examples/ms_change_param.py: Added example for retrieving or changing a parameter value using MS Admin set_param
    commands.
  • examples/ms_dump_info.py: New example script for retrieving information using MS Admin dump commands.
  • examples/ms_impersonator.py: New example script for impersonating an application server connected to a Message
    Server service instance.
  • examples/ms_listener.py: New example script for connecting to a Message Server and listening for messages coming
    from the server.
  • examples/ms_messager.py: New example script for sending a message to a connected client through the Message Server.
  • examples/ms_monitor.py: New example script for monitoring the Message Server service (msmon tool on steroids).
  • examples/ms_observer.py: New example script for connecting to a Message Server service and observe clients
    connecting to it (msprot tool).
  • examples/router_admin.py: New example script for performing administrative tasks on a SAP Route. Includes
    undocumented commands.
  • examples/router_portfw.py: New example script for routing native connections through SAP Router.
  • examples/router_scanner.py: New example script for scanning internal hosts using SAP Router.
Assets 2
Loading