From 1aeaa5db47acd158a9c46dd7f761448202f110e3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Apr 2010 12:44:47 +0000 Subject: [PATCH] implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests) --- lib/core/option.py | 19 +++++++++++++++++++ lib/core/optiondict.py | 4 +++- lib/parse/cmdline.py | 6 ++++++ lib/request/connect.py | 7 ++++++- sqlmap.conf | 9 +++++++++ 5 files changed, 43 insertions(+), 2 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 702d1f342..1f4d81d5e 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -549,6 +549,23 @@ def __setHTTPProxy(): else: proxyHandler = urllib2.ProxyHandler({"http": __proxyString}) +def __setSafeUrl(): + """ + Check and set the safe URL options. + """ + if not conf.safUrl: + return + + if not re.search("^http[s]*://", conf.safUrl): + if ":443/" in conf.safUrl: + conf.safUrl = "https://" + conf.safUrl + else: + conf.safUrl = "http://" + conf.safUrl + + if conf.saFreq <= 0: + errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature" + raise sqlmapSyntaxException, errMsg + def __setHTTPAuthentication(): """ Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate), @@ -929,6 +946,7 @@ def __setKnowledgeBaseAttributes(): kb.osSP = None kb.parenthesis = None + kb.queryCounter = 0 kb.resumedQueries = {} kb.stackedTest = None kb.targetUrls = set() @@ -1061,6 +1079,7 @@ def init(inputOptions=advancedDict()): __setHTTPMethod() __setHTTPAuthentication() __setHTTPProxy() + __setSafeUrl() __setUnionTech() __setGoogleDorking() __setMultipleTargets() diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 1a8ea462b..1adc221a0 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -52,7 +52,9 @@ optDict = { "delay": "float", "timeout": "float", "retries": "integer", - "scope": "string" + "scope": "string", + "safUrl": "string", + "saFreq": "integer" }, "Injection": { diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index f26fddf8b..7c3eb15b0 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -136,6 +136,12 @@ def cmdLineParser(): request.add_option("--scope", dest="scope", help="Regexp to filter targets from provided proxy log") + request.add_option("--safe-url", dest="safUrl", + help="Url address to visit frequently during testing") + + request.add_option("--safe-freq", dest="saFreq", type="int", default=0, + help="Test requests between two visits to a given safe url") + # Injection options injection = OptionGroup(parser, "Injection", "These options can be " "used to specify which parameters to test " diff --git a/lib/request/connect.py b/lib/request/connect.py index 5ea98e452..edcebad93 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -299,7 +299,12 @@ class Connect: ua = value else: ua = conf.parameters["User-Agent"] - + + if conf.safUrl and conf.saFreq > 0: + kb.queryCounter += 1 + if kb.queryCounter % conf.saFreq == 0: + Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua) + page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent) if content: diff --git a/sqlmap.conf b/sqlmap.conf index 0ccc6aa19..7ee15e2ba 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -119,6 +119,15 @@ retries = 3 # Example: (google|yahoo) scope = +# Url address to visit frequently during testing +# Example: http://192.168.1.121/index.html +safUrl = + +# Test requests between two visits to a given safe url (default 0) +# Valid: integer +# Default: 0 +saFreq = 0 + # These options can be used to specify which parameters to test for, # provide custom injection payloads and how to parse and compare HTTP