Implementation on request (--csrf-retries)

2024-11-22 09:36:35 +03:00 · 2020-06-10 12:49:35 +02:00 · 2020-06-10 12:49:35 +02:00 · 16c8673e98
commit 16c8673e98
parent 1dedc36d85
6 changed files with 55 additions and 37 deletions
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@ -15,6 +15,7 @@ _defaults = {
    "delay": 0,
    "timeout": 30,
    "retries": 3,
+    "csrfRetries": 0,
    "saFreq": 0,
    "threads": 1,
    "level": 1,
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -61,6 +61,7 @@ optDict = {
        "csrfToken": "string",
        "csrfUrl": "string",
        "csrfMethod": "string",
+        "csrfRetries": "integer",
        "forceSSL": "boolean",
        "chunked": "boolean",
        "hpp": "boolean",
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.4.6.4"
+VERSION = "1.4.6.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -267,6 +267,9 @@ def cmdLineParser(argv=None):
        request.add_argument("--csrf-method", dest="csrfMethod",
            help="HTTP method to use during anti-CSRF token page visit")

+        request.add_argument("--csrf-retries", dest="csrfRetries", type=int,
+            help="Retries for anti-CSRF token retrieval (default %d)" % defaults.csrfRetries)
+
        request.add_argument("--force-ssl", dest="forceSSL", action="store_true",
            help="Force usage of SSL/HTTPS")

--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -1045,6 +1045,8 @@ class Connect(object):
                auxHeaders[value.split(',')[0]] = value.split(',', 1)[-1]

        if conf.csrfToken:
+            token = AttribDict()
+
            def _adjustParameter(paramString, parameter, newValue):
                retVal = paramString

@ -1061,7 +1063,15 @@ class Connect(object):

                return retVal

-            token = AttribDict()
+            for attempt in xrange(conf.csrfRetries + 1):
+                if token:
+                    break
+
+                if attempt > 0:
+                    warnMsg = "unable to find anti-CSRF token '%s' at '%s'" % (conf.csrfToken._original, conf.csrfUrl or conf.url)
+                    warnMsg += ". sqlmap is going to retry the request"
+                    logger.warn(warnMsg)
+
                page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
                page = urldecode(page)  # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')

--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -189,6 +189,9 @@ csrfUrl =
 # HTTP method to use during anti-CSRF token page visit.
 csrfMethod =

+# Retries for anti-CSRF token retrieval.
+csrfRetries =
+
 # Force usage of SSL/HTTPS
 # Valid: True or False
 forceSSL = False