WhiteHat Arsenal Beta CHANGE LOG
==============================================================================

1.07 Beta July 16, 2002
==============================================================================
Interface:
	- Near total interface redesign using DHTML.
	- Combined encoding and encryption select menus.
	
Ripper:
	- WH-Proxy Fixed input WHProxy setting problem
	- Fixed SSL TCP Port setting issue
	- Added 30(1|2) re-direct prompting
	- Changed HTML Output to use a temp file
	- Fixed WH-HTML Proxy bug with re-writing URLS. Causing problems staying within Arsenal
	- Ripper HTTP Respnse Code Re-direct linked in
	
Spider:
	- Added cookie support
	- HTML Output has links that update connection menu as well as open up new window with URL.

Misc:
	- Updated HTML Titles
	- Update User-Agents
	- Fixed Negative Response Time
	- Added Links Mode. Show an HTML HREF Links listing of the resulting HTML page.
	- Added Byte->KiloByte output conversion to Session Manger, Ripper and Spider.
	- Fixed, long output line non-breaking output bug. Long string and URLs now wrap.
	
	
Forced Browser:
	- Added new entries into forced browsing. Thanks to Zeno (www.cgisecurity.net)


Utilities:
	- Encode/Encrypt pallette size has been increased



1.06 Beta May 20, 2002
==============================================================================

Forced Browse:
	- Fixed SSL port default bug. Arsenal was not allowing the SSL port to be changed.
	- Fixed URL input white space filtering bug. Caused some erroneous output and HTTP connect errors.
	- Added "iis" and "exchange" to the directory list.
	- Red highlights in non-404 response codes. Helps to identify interesting results.
	- Color coding output.
	- Fixes several error response typos. 
 
 
Encoding/Encryption:
	- Added blank HTML for encrypting data string available in the toolbar. 
	Ripper is no longer essential to manipulate strings.
 
Session Manager:
	- Updated JavaScript Code to take advantage of the new pull-down session section feature.

Ripper:
	- Fixed several single quote HTML parsing bugs.
	- Loosened Request Method Sanity Checking.
	- Mimick Inputs have been corrected.
	- Added HTTP Fixup Option instead of set by default. More control over request headers.
	- Fixed problem with HTML Single quote parsing.
	- Added Mimick, Proxy, and HTTP Fix to internal ripper utility.
	- Added Dymanic Host header input to ripped forms HTML.

Spider: 
	- Mimick Inputs have been corrected
	- Added HTTP Fixup Option instead of set by default. More control over request headers.
	- Sleep has been removed from spider, each request should be 2 seconds faster.
	- Fixes several error response typos. 
 	- Fixed small bug in the max results field. Was not allowing the "ALL" results option to work.
	
	
Top Toolbar:
	- Advanced Method Input Field now gives more manipulation control.
	- Coverted to CGI and support for setting saving between simple and advanced usage.

	
- HTML File architecture and location updated. Improved organization.
- Added integrated bug submission form.
- Added integrated feedback submission form.
- Fixed relative path problem with "Subs.pm".
- Documentation has be packed up with this release.


1.05 Beta April DAY, 2002
==============================================================================
Spider:
	- Interface redesign
	- Increased input/output sanity checking. Length, Escaping (HTML), and validation.
	- Sanity Check directory info on all scripts.
	
	- Tweak Spider XML format.
		* Use CDATA commenting in nessasary locations

	- Tweak Web Appliaction XML format.
		* Use CDATA commenting in nessasary locations

	- Changed error message. More informative and will help resolve issues.
	
	- Support for continuous spidering. When the spider is stopped or the
	the threshold is reached, all the results are logged in XML. The next
	time the spider is run, the log files are loaded in so duplicate
	pages are not logged or spidered.


Session Manager:
	- Interface redesign and fixed some IE HTML formatting bugs.
	- Increased input/output sanity checking. Length, Escaping (HTML), and validation.
	- Sanity Check directory info on all scripts.
	- Setting session alert slightly altered.
	
Ripper:
	- Interface redesign
	- Increased input/output sanity checking. Length, Escaping (HTML), and validation.
	- Sanity Check directory info on all scripts.
	- Removed Attack Labeling. (Unused feature)
	- Tweak Attempts XML format.
		* Use CDATA commenting in nessasary locations
	- Fixed multiple mimic headers bug.
	- Fixed several CGI path building bugs.
	- Fixed a problem with dynamic cookies.
	- Fixed problem with HTML base tag conflicting with ripper forms. Server Address is
	referenced absolutely.
	
	

ripper.xsl
	- Remove script_kiddie link references in ripper.xsl. (Thank to The Paw)
	- Updated style sheet to reflect the changes in attempts.xml.
	- Remove Base64 Data from Logs until something useful can be done with the HTML data. Improves
	loading speed.
	
spider.xsl and webapplications.xsl
	- Updated style sheets to reflect the changes in XML formats of spider.xml and
	webapplications.xml.
	

- Updated useragent in all applications.
- Updated HTML titles in all applications and HTML pages.
- Interface redesign on all XSL style sheets.
- Fixes several IE XSL bugs in all style sheets.

Toolbars:
	- Interface Redesign for topbar and toolbar.
	- Added simple & advanced interface separation in top toolbar.
	- Toolbar links for encoding and encryption have been converted to pull-down menus. Takes up less space
	and increased functionality.
	
Force Browsing
	- Interface redesign
	- The host connection information now references the top toolbar.
	instead of using its own which proved to be confusing. (Thank to The Paw)
	- Fixed a mis-set host variable.  (Thank to The Paw)
	- Increased libwhisker timeout to 15 seconds.


1.04 Beta March 24, 2002
==============================================================================
WHArsenal has gone through a major source code audit and revision,
resulting in a more stable, secure, and bug free product.
Among the many improvements, WHArsenal has been revamped using
libwhisker (by Rain Forest Puppy) as its primary HTTP engine.
Libwhisker allows WHArsenal to be be faster, more flexible,
and support more features.

Thanks to the feedback of Arsenal's many users, version 1.04
proves to be the best release yet. New features included such as
"HTTP Version Manipulation", "Browser Mimicking", "WH Proxy",
Enhanced Spidering and Logging facilities, improved interface
design are part of many new enhancements.

Overall, WHArsenal is smaller, lighter, faster, more powerful,
stable and easier to use than ever!

WhiteHat Security would like to thank everyone for their continued
feedback and support. WhiteHat would especially like to give
special thanks to Rain Forest Puppy for libwhisker, as well as Dennis
Groves and Bill Pennington.


- Tools frame revised for ease of use and increased functionality.
- Session Manager has the ability to delete individual log files.
- Session Manages asked the user to double check before deleting any files
- All HTTP connections are handled via libwhisker 1.3pre. (Huge thanks to RFP). www.wiretrip.net
- Added HTTP version manipulation
- Web Authentication Support
- Browser Mimicking
- WHProxy. HTML proxy browsing.
- Increased HTTP flexibility and functionality within Forced Browsing.
- XSL stylesheets have been revised.
- Ripper interface has been revised for ease of use and functionality.
- Ripper option to turn on/off viewing of HTTP Headers.
- Decreased the amount of Perl Modules (6).
- Removed glutton images
- Added Entries to dirs.txt (forced browsing)
- HTML Filtering HTTP Response Headers (sorry Tim) ;)
- and a ton of other stuff...


1.03 Beta March 06, 2002
===============================================================================

- Added new "ignore images" spider mode option. (Thank to Bill Pennington)
- Added a combo HTML/rip-rewrite mode to rip-rewrite the forms and see the HTML. (Thank to Bill Pennington)

- Fixed: tools.html and toolbar.html. Define script type. (Thanks to FTR and FX)
        from: <SCRIPT>
        to: <SCRIPT type="text/javascript">

- Fixed: tools.html (Thanks to FTR and FX)
        from: var lapel                      
        to: var label

- Fixed ripewrite.pl "formTag" function was not properly closing HTML table tags. (Thanks to FTR and FX)


- Fixed session.pl Wrong link path in for session HREF. (Thanks to FTR and FX)
	from : session.exe
	to session.pl

- Fixed index.html FRAMESET HTML formatting size upgrade. (Thanks to FTR and FX)
                                 
		
===============================================================================

1.02 Beta Feb. DATE, 2002
===============================================================================
- Fixed bugs in rip-rewrite relating to select menu's.
- Added "Spider Max Results" Menu in tools. (Thanks to dzzie)
- Added "BASE" Tag to HTML Mode output. Help with images being rendered.
(Thanks to a question @ BlackHat New Orleans 2002').
- Fixed bugs with CWD. Better cross-platform compatibility. (Thanks to FX)
- Fixed XML errors regarding high order ascii character.
HTML entities are used to validity. (Thanks to FX)
- Linux Release
- Add more entries to "dirs.txt"
- Fix XML spider logging to webapplications.xml
==============================================================================

1.01 Beta (initial Apache Win32 release) Feb. 08, 2002

