diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 90043a5b0..52f2c8c28 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -430,6 +430,9 @@ def start():
if skip:
continue
+ if kb.testOnlyCustom and place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
+ continue
+
if place not in conf.paramDict:
continue
diff --git a/lib/core/option.py b/lib/core/option.py
index 33345c57b..75885f878 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1864,6 +1864,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.technique = None
kb.tempDir = None
kb.testMode = False
+ kb.testOnlyCustom = False
kb.testQueryCount = 0
kb.testType = None
kb.threadContinue = True
diff --git a/lib/core/target.py b/lib/core/target.py
index 0fb70769c..442a8cd7a 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -80,7 +80,6 @@ def _setRequestParams():
return
testableParameters = False
- skipHeaders = False
# Perform checks on GET parameters
if conf.parameters.get(PLACE.GET):
@@ -125,16 +124,7 @@ def _setRequestParams():
kb.processUserMarks = not test or test[0] not in ("n", "N")
if kb.processUserMarks:
- skipHeaders = True
-
- conf.parameters.clear()
- conf.paramDict.clear()
-
- if "=%s" % CUSTOM_INJECTION_MARK_CHAR in conf.data:
- warnMsg = "it seems that you've provided empty parameter value(s) "
- warnMsg += "for testing. Please, always use only valid parameter values "
- warnMsg += "so sqlmap could be able to run properly"
- logger.warn(warnMsg)
+ kb.testOnlyCustom = True
if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
if re.search(JSON_RECOGNITION_REGEX, conf.data):
@@ -249,10 +239,7 @@ def _setRequestParams():
kb.processUserMarks = not test or test[0] not in ("n", "N")
if kb.processUserMarks:
- skipHeaders = True
-
- conf.parameters.clear()
- conf.paramDict.clear()
+ kb.testOnlyCustom = True
if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
warnMsg = "it seems that you've provided empty parameter value(s) "
@@ -317,50 +304,49 @@ def _setRequestParams():
if conf.get(item):
conf[item] = conf[item].replace(CUSTOM_INJECTION_MARK_CHAR, "")
- if not skipHeaders:
- # Perform checks on Cookie parameters
- if conf.cookie:
- conf.parameters[PLACE.COOKIE] = conf.cookie
- paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
+ # Perform checks on Cookie parameters
+ if conf.cookie:
+ conf.parameters[PLACE.COOKIE] = conf.cookie
+ paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
- if paramDict:
- conf.paramDict[PLACE.COOKIE] = paramDict
- testableParameters = True
+ if paramDict:
+ conf.paramDict[PLACE.COOKIE] = paramDict
+ testableParameters = True
- # Perform checks on header values
- if conf.httpHeaders:
- for httpHeader, headerValue in conf.httpHeaders:
- # Url encoding of the header values should be avoided
- # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
+ # Perform checks on header values
+ if conf.httpHeaders:
+ for httpHeader, headerValue in conf.httpHeaders:
+ # Url encoding of the header values should be avoided
+ # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
- httpHeader = httpHeader.title()
+ httpHeader = httpHeader.title()
- if httpHeader == HTTP_HEADER.USER_AGENT:
- conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
+ if httpHeader == HTTP_HEADER.USER_AGENT:
+ conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
- condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
+ condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
- if condition:
- conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
- testableParameters = True
+ if condition:
+ conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
+ testableParameters = True
- elif httpHeader == HTTP_HEADER.REFERER:
- conf.parameters[PLACE.REFERER] = urldecode(headerValue)
+ elif httpHeader == HTTP_HEADER.REFERER:
+ conf.parameters[PLACE.REFERER] = urldecode(headerValue)
- condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
+ condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
- if condition:
- conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
- testableParameters = True
+ if condition:
+ conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
+ testableParameters = True
- elif httpHeader == HTTP_HEADER.HOST:
- conf.parameters[PLACE.HOST] = urldecode(headerValue)
+ elif httpHeader == HTTP_HEADER.HOST:
+ conf.parameters[PLACE.HOST] = urldecode(headerValue)
- condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
+ condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
- if condition:
- conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
- testableParameters = True
+ if condition:
+ conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
+ testableParameters = True
if not conf.parameters:
errMsg = "you did not provide any GET, POST and Cookie "