From 181c3534f02e16f62dfae94abb2e56a27f1878c1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Nov 2012 19:16:37 +0100 Subject: [PATCH] Patch for an Issue #237 --- lib/core/option.py | 4 +++- lib/core/optiondict.py | 1 + lib/core/target.py | 3 --- lib/parse/cmdline.py | 3 +++ lib/utils/hashdb.py | 12 +++++++++--- sqlmap.conf | 4 ++++ 6 files changed, 20 insertions(+), 7 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index e4c48a576..6d6e5ec5f 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1408,6 +1408,9 @@ def __cleanupOptions(): for _ in DUMP_REPLACEMENTS.keys(): del DUMP_REPLACEMENTS[_] + if conf.sessionFile: + conf.hashDBFile = conf.sessionFile + threadData = getCurrentThreadData() threadData.reset() @@ -1450,7 +1453,6 @@ def __setConfAttributes(): conf.resultsFilename = None conf.resultsFP = None conf.scheme = None - conf.sessionFP = None conf.start = True conf.tests = [] conf.trafficFP = None diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 7112b9382..45f1cdd51 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -16,6 +16,7 @@ optDict = { "logFile": "string", "bulkFile": "string", "requestFile": "string", + "sessionFile": "string", "googleDork": "string", "configFile": "string" }, diff --git a/lib/core/target.py b/lib/core/target.py index 979f16bd2..ec0bd8e9c 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -483,9 +483,6 @@ def initTargetEnv(): """ if conf.multipleTargets: - if conf.sessionFP: - conf.sessionFP.close() - if conf.hashDB: conf.hashDB.close() diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 5b6b17ea2..93eb0ed5f 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -58,6 +58,9 @@ def cmdLineParser(): target.add_option("-r", dest="requestFile", help="Load HTTP request from a file") + target.add_option("-s", dest="sessionFile", + help="Load session from a stored (.sqlite) file") + target.add_option("-g", dest="googleDork", help="Process Google dork results as target urls") diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 638fbf53e..544eefe2a 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -15,6 +15,7 @@ from lib.core.common import getUnicode from lib.core.common import serializeObject from lib.core.common import unserializeObject from lib.core.data import logger +from lib.core.exception import sqlmapDataException from lib.core.settings import HASHDB_FLUSH_RETRIES from lib.core.settings import HASHDB_FLUSH_THRESHOLD from lib.core.settings import UNICODE_ENCODING @@ -31,9 +32,14 @@ class HashDB(object): threadData = getCurrentThreadData() if threadData.hashDBCursor is None: - connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None) - threadData.hashDBCursor = connection.cursor() - threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)") + try: + connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None) + threadData.hashDBCursor = connection.cursor() + threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)") + except Exception, ex: + errMsg = "error occurred while opening a session " + errMsg += "file '%s' ('%s')" % (self.filepath, ex) + raise sqlmapDataException, errMsg return threadData.hashDBCursor diff --git a/sqlmap.conf b/sqlmap.conf index 485e129b7..ebb86f578 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -22,6 +22,10 @@ logFile = # Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme requestFile = +# Load session from a stored (.sqlite) file +# Example: output/www.target.com/session.sqlite +sessionFile = + # Rather than providing a target url, let Google return target # hosts as result of your Google dork expression. For a list of Google # dorks see Johnny Long Google Hacking Database at