In this new version, we dedicated ourselves to fixing bugs we saw from feedback from our clients and users when they were trying the beta version and bugs that our team found as well.
We also are releasing a new Firefox add-on and two new plugins.
Updated plugins for Faraday
In this release, we are launching a new version of the Burp plugin and also a new update for
the Zap plugin.
Firefox add-on for Faraday
After our release of v3.0, we launched a new rest API on the server which allows you to modify
all objects in Faraday. Having this new API allows us to create a Firefox extension to interact with
it and to help pentesters to report web vulnerabilities.
Faraday add-on is an add-on for automating reporting vulnerabilities through the browser within
your own Faraday instance. Faraday add-on intercepts every single request from the browser,
adding a functionality for accessing each one of them and then treating them as a vulnerability.
This way, a pentester only has to use the add-on to send potential vulnerables requests to Faraday, instead of copy-paste-ing them into the server.
You can get the add-on over here: https://addons.mozilla.org/es/firefox/addon/faraday-addon/
Here is the full change log for v3.0.1:
• Bug fix on the workspace and user menu on webui
• Updated code to use Flask 1.0
• Add threadfix integration (corp only)
• Fix create_service fplugin
• Executive report bug fix on tags
• Persistence server bug fix on impact and ease of resolution
• Fix unicode error bug on executive reports
• Updated code to support latest Twisted version
• Updated all requirements to use >=
• Fix dry run on create_host fplugin
• Fixed del_all_vulns_with and del_all_hosts
• Improved executive reports status update refresh
• Websocket port is configurable now
• Change minimum font size in tag cloud
• Fixed a problem with shodan icon on dashboard
• Updated license check on deleted users
• Users with role client was not able to change password, bug fixed
• Updated code to support pip 10
• Added ldap to status check
• Credentials icon aligned
• Daemon now allows to execute faraday server in more than one port and more than one process for multiplexing
• All views now check for permissions on workspace
• Pull requests #229, #231, #239 and #240 are merged
• Avoid polling deleted executive reports
• Added documentation to project
• Fix self xss on webshell
• Add postgres locks check on status_check
• Vuln counter fix when confirmed is on