Patch for an Issue #237

lib/core/option.py

@@ -1408,6 +1408,9 @@ def __cleanupOptions():
         for _ in DUMP_REPLACEMENTS.keys():
             del DUMP_REPLACEMENTS[_]
 
+    if conf.sessionFile:
+        conf.hashDBFile = conf.sessionFile
+
     threadData = getCurrentThreadData()
     threadData.reset()
 
@@ -1450,7 +1453,6 @@ def __setConfAttributes():
     conf.resultsFilename = None
     conf.resultsFP = None
     conf.scheme = None
-    conf.sessionFP = None
     conf.start = True
     conf.tests = []
     conf.trafficFP = None

lib/core/optiondict.py

@@ -16,6 +16,7 @@ optDict = {
                                "logFile":           "string",
                                "bulkFile":          "string",
                                "requestFile":       "string",
+                               "sessionFile":       "string",
                                "googleDork":        "string",
                                "configFile":        "string"
                              },

lib/core/target.py

@@ -483,9 +483,6 @@ def initTargetEnv():
     """
 
     if conf.multipleTargets:
-        if conf.sessionFP:
-            conf.sessionFP.close()
-
         if conf.hashDB:
             conf.hashDB.close()
 

lib/parse/cmdline.py

@@ -58,6 +58,9 @@ def cmdLineParser():
         target.add_option("-r", dest="requestFile",
                           help="Load HTTP request from a file")
 
+        target.add_option("-s", dest="sessionFile",
+                          help="Load session from a stored (.sqlite) file")
+
         target.add_option("-g", dest="googleDork",
                           help="Process Google dork results as target urls")
 

lib/utils/hashdb.py

@@ -15,6 +15,7 @@ from lib.core.common import getUnicode
 from lib.core.common import serializeObject
 from lib.core.common import unserializeObject
 from lib.core.data import logger
+from lib.core.exception import sqlmapDataException
 from lib.core.settings import HASHDB_FLUSH_RETRIES
 from lib.core.settings import HASHDB_FLUSH_THRESHOLD
 from lib.core.settings import UNICODE_ENCODING
@@ -31,9 +32,14 @@ class HashDB(object):
         threadData = getCurrentThreadData()
 
         if threadData.hashDBCursor is None:
-            connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None)
+            try:
-            threadData.hashDBCursor = connection.cursor()
+                connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None)
-            threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)")
+                threadData.hashDBCursor = connection.cursor()
+                threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)")
+            except Exception, ex:
+                errMsg = "error occurred while opening a session "
+                errMsg += "file '%s' ('%s')" % (self.filepath, ex)
+                raise sqlmapDataException, errMsg
 
         return threadData.hashDBCursor
 

sqlmap.conf

@@ -22,6 +22,10 @@ logFile =
 # Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
 requestFile = 
 
+# Load session from a stored (.sqlite) file
+# Example: output/www.target.com/session.sqlite
+sessionFile = 
+
 # Rather than providing a target url, let Google return target
 # hosts as result of your Google dork expression. For a list of Google
 # dorks see Johnny Long Google Hacking Database at