mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-24 00:04:23 +03:00
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
This commit is contained in:
parent
e11d511cad
commit
1aeaa5db47
|
@ -549,6 +549,23 @@ def __setHTTPProxy():
|
|||
else:
|
||||
proxyHandler = urllib2.ProxyHandler({"http": __proxyString})
|
||||
|
||||
def __setSafeUrl():
|
||||
"""
|
||||
Check and set the safe URL options.
|
||||
"""
|
||||
if not conf.safUrl:
|
||||
return
|
||||
|
||||
if not re.search("^http[s]*://", conf.safUrl):
|
||||
if ":443/" in conf.safUrl:
|
||||
conf.safUrl = "https://" + conf.safUrl
|
||||
else:
|
||||
conf.safUrl = "http://" + conf.safUrl
|
||||
|
||||
if conf.saFreq <= 0:
|
||||
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
|
||||
def __setHTTPAuthentication():
|
||||
"""
|
||||
Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
|
||||
|
@ -929,6 +946,7 @@ def __setKnowledgeBaseAttributes():
|
|||
kb.osSP = None
|
||||
|
||||
kb.parenthesis = None
|
||||
kb.queryCounter = 0
|
||||
kb.resumedQueries = {}
|
||||
kb.stackedTest = None
|
||||
kb.targetUrls = set()
|
||||
|
@ -1061,6 +1079,7 @@ def init(inputOptions=advancedDict()):
|
|||
__setHTTPMethod()
|
||||
__setHTTPAuthentication()
|
||||
__setHTTPProxy()
|
||||
__setSafeUrl()
|
||||
__setUnionTech()
|
||||
__setGoogleDorking()
|
||||
__setMultipleTargets()
|
||||
|
|
|
@ -52,7 +52,9 @@ optDict = {
|
|||
"delay": "float",
|
||||
"timeout": "float",
|
||||
"retries": "integer",
|
||||
"scope": "string"
|
||||
"scope": "string",
|
||||
"safUrl": "string",
|
||||
"saFreq": "integer"
|
||||
},
|
||||
|
||||
"Injection": {
|
||||
|
|
|
@ -136,6 +136,12 @@ def cmdLineParser():
|
|||
request.add_option("--scope", dest="scope",
|
||||
help="Regexp to filter targets from provided proxy log")
|
||||
|
||||
request.add_option("--safe-url", dest="safUrl",
|
||||
help="Url address to visit frequently during testing")
|
||||
|
||||
request.add_option("--safe-freq", dest="saFreq", type="int", default=0,
|
||||
help="Test requests between two visits to a given safe url")
|
||||
|
||||
# Injection options
|
||||
injection = OptionGroup(parser, "Injection", "These options can be "
|
||||
"used to specify which parameters to test "
|
||||
|
|
|
@ -299,7 +299,12 @@ class Connect:
|
|||
ua = value
|
||||
else:
|
||||
ua = conf.parameters["User-Agent"]
|
||||
|
||||
|
||||
if conf.safUrl and conf.saFreq > 0:
|
||||
kb.queryCounter += 1
|
||||
if kb.queryCounter % conf.saFreq == 0:
|
||||
Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua)
|
||||
|
||||
page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent)
|
||||
|
||||
if content:
|
||||
|
|
|
@ -119,6 +119,15 @@ retries = 3
|
|||
# Example: (google|yahoo)
|
||||
scope =
|
||||
|
||||
# Url address to visit frequently during testing
|
||||
# Example: http://192.168.1.121/index.html
|
||||
safUrl =
|
||||
|
||||
# Test requests between two visits to a given safe url (default 0)
|
||||
# Valid: integer
|
||||
# Default: 0
|
||||
saFreq = 0
|
||||
|
||||
|
||||
# These options can be used to specify which parameters to test for,
|
||||
# provide custom injection payloads and how to parse and compare HTTP
|
||||
|
|
Loading…
Reference in New Issue
Block a user