Patch for an Issue #237

2025-01-24 00:04:23 +03:00 · 2012-11-08 19:16:37 +01:00 · 2012-11-08 19:16:37 +01:00 · 181c3534f0
commit 181c3534f0
parent e7e83defaa
6 changed files with 20 additions and 7 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1408,6 +1408,9 @@ def __cleanupOptions():
        for _ in DUMP_REPLACEMENTS.keys():
            del DUMP_REPLACEMENTS[_]

+    if conf.sessionFile:
+        conf.hashDBFile = conf.sessionFile
+
    threadData = getCurrentThreadData()
    threadData.reset()

@ -1450,7 +1453,6 @@ def __setConfAttributes():
    conf.resultsFilename = None
    conf.resultsFP = None
    conf.scheme = None
-    conf.sessionFP = None
    conf.start = True
    conf.tests = []
    conf.trafficFP = None
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -16,6 +16,7 @@ optDict = {
                               "logFile":           "string",
                               "bulkFile":          "string",
                               "requestFile":       "string",
+                               "sessionFile":       "string",
                               "googleDork":        "string",
                               "configFile":        "string"
                             },
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -483,9 +483,6 @@ def initTargetEnv():
    """

    if conf.multipleTargets:
-        if conf.sessionFP:
-            conf.sessionFP.close()
-
        if conf.hashDB:
            conf.hashDB.close()

--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -58,6 +58,9 @@ def cmdLineParser():
        target.add_option("-r", dest="requestFile",
                          help="Load HTTP request from a file")

+        target.add_option("-s", dest="sessionFile",
+                          help="Load session from a stored (.sqlite) file")
+
        target.add_option("-g", dest="googleDork",
                          help="Process Google dork results as target urls")

--- a/lib/utils/hashdb.py
+++ b/lib/utils/hashdb.py
@ -15,6 +15,7 @@ from lib.core.common import getUnicode
 from lib.core.common import serializeObject
 from lib.core.common import unserializeObject
 from lib.core.data import logger
+from lib.core.exception import sqlmapDataException
 from lib.core.settings import HASHDB_FLUSH_RETRIES
 from lib.core.settings import HASHDB_FLUSH_THRESHOLD
 from lib.core.settings import UNICODE_ENCODING
@ -31,9 +32,14 @@ class HashDB(object):
        threadData = getCurrentThreadData()

        if threadData.hashDBCursor is None:
-            connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None)
-            threadData.hashDBCursor = connection.cursor()
-            threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)")
+            try:
+                connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None)
+                threadData.hashDBCursor = connection.cursor()
+                threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)")
+            except Exception, ex:
+                errMsg = "error occurred while opening a session "
+                errMsg += "file '%s' ('%s')" % (self.filepath, ex)
+                raise sqlmapDataException, errMsg

        return threadData.hashDBCursor

--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -22,6 +22,10 @@ logFile =
 # Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
 requestFile = 

+# Load session from a stored (.sqlite) file
+# Example: output/www.target.com/session.sqlite
+sessionFile = 
+
 # Rather than providing a target url, let Google return target
 # hosts as result of your Google dork expression. For a list of Google
 # dorks see Johnny Long Google Hacking Database at