diff --git a/lib/core/option.py b/lib/core/option.py index a076e244f..1555d693c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -94,6 +94,7 @@ from lib.core.optiondict import optDict from lib.core.purge import purge from lib.core.settings import ACCESS_ALIASES from lib.core.settings import BURP_REQUEST_REGEX +from lib.core.settings import BURP_XML_HISTORY_REGEX from lib.core.settings import CODECS_LIST_PAGE from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR @@ -232,7 +233,10 @@ def _feedTargetsDict(reqFile, addedTargetUrls): """ if not re.search(BURP_REQUEST_REGEX, content, re.I | re.S): - reqResList = [content] + if re.search(BURP_XML_HISTORY_REGEX, content, re.I | re.S): + reqResList = [_.decode("base64") for _ in re.findall(BURP_XML_HISTORY_REGEX, content, re.I | re.S)] + else: + reqResList = [content] else: reqResList = re.finditer(BURP_REQUEST_REGEX, content, re.I | re.S) @@ -437,7 +441,8 @@ def _setMultipleTargets(): if updatedTargetsCount > initialTargetsCount: infoMsg = "sqlmap parsed %d " % (updatedTargetsCount - initialTargetsCount) - infoMsg += "testable requests from the targets list" + infoMsg += "(parameter unique) requests from the " + infoMsg += "targets list ready to be tested" logger.info(infoMsg) def _adjustLoggingFormatter(): diff --git a/lib/core/settings.py b/lib/core/settings.py index e72a2ab7c..667703db8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -259,6 +259,9 @@ WEBSCARAB_SPLITTER = "### Conversation" # Splitter used between requests in BURP log files BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s(.+?)\s={10,}" +# Regex used for parsing XML Burp saved history items +BURP_XML_HISTORY_REGEX = r'