mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
This commit is contained in:
parent
e11d511cad
commit
1aeaa5db47
|
@ -549,6 +549,23 @@ def __setHTTPProxy():
|
||||||
else:
|
else:
|
||||||
proxyHandler = urllib2.ProxyHandler({"http": __proxyString})
|
proxyHandler = urllib2.ProxyHandler({"http": __proxyString})
|
||||||
|
|
||||||
|
def __setSafeUrl():
|
||||||
|
"""
|
||||||
|
Check and set the safe URL options.
|
||||||
|
"""
|
||||||
|
if not conf.safUrl:
|
||||||
|
return
|
||||||
|
|
||||||
|
if not re.search("^http[s]*://", conf.safUrl):
|
||||||
|
if ":443/" in conf.safUrl:
|
||||||
|
conf.safUrl = "https://" + conf.safUrl
|
||||||
|
else:
|
||||||
|
conf.safUrl = "http://" + conf.safUrl
|
||||||
|
|
||||||
|
if conf.saFreq <= 0:
|
||||||
|
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
|
||||||
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
def __setHTTPAuthentication():
|
def __setHTTPAuthentication():
|
||||||
"""
|
"""
|
||||||
Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
|
Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
|
||||||
|
@ -929,6 +946,7 @@ def __setKnowledgeBaseAttributes():
|
||||||
kb.osSP = None
|
kb.osSP = None
|
||||||
|
|
||||||
kb.parenthesis = None
|
kb.parenthesis = None
|
||||||
|
kb.queryCounter = 0
|
||||||
kb.resumedQueries = {}
|
kb.resumedQueries = {}
|
||||||
kb.stackedTest = None
|
kb.stackedTest = None
|
||||||
kb.targetUrls = set()
|
kb.targetUrls = set()
|
||||||
|
@ -1061,6 +1079,7 @@ def init(inputOptions=advancedDict()):
|
||||||
__setHTTPMethod()
|
__setHTTPMethod()
|
||||||
__setHTTPAuthentication()
|
__setHTTPAuthentication()
|
||||||
__setHTTPProxy()
|
__setHTTPProxy()
|
||||||
|
__setSafeUrl()
|
||||||
__setUnionTech()
|
__setUnionTech()
|
||||||
__setGoogleDorking()
|
__setGoogleDorking()
|
||||||
__setMultipleTargets()
|
__setMultipleTargets()
|
||||||
|
|
|
@ -52,7 +52,9 @@ optDict = {
|
||||||
"delay": "float",
|
"delay": "float",
|
||||||
"timeout": "float",
|
"timeout": "float",
|
||||||
"retries": "integer",
|
"retries": "integer",
|
||||||
"scope": "string"
|
"scope": "string",
|
||||||
|
"safUrl": "string",
|
||||||
|
"saFreq": "integer"
|
||||||
},
|
},
|
||||||
|
|
||||||
"Injection": {
|
"Injection": {
|
||||||
|
|
|
@ -136,6 +136,12 @@ def cmdLineParser():
|
||||||
request.add_option("--scope", dest="scope",
|
request.add_option("--scope", dest="scope",
|
||||||
help="Regexp to filter targets from provided proxy log")
|
help="Regexp to filter targets from provided proxy log")
|
||||||
|
|
||||||
|
request.add_option("--safe-url", dest="safUrl",
|
||||||
|
help="Url address to visit frequently during testing")
|
||||||
|
|
||||||
|
request.add_option("--safe-freq", dest="saFreq", type="int", default=0,
|
||||||
|
help="Test requests between two visits to a given safe url")
|
||||||
|
|
||||||
# Injection options
|
# Injection options
|
||||||
injection = OptionGroup(parser, "Injection", "These options can be "
|
injection = OptionGroup(parser, "Injection", "These options can be "
|
||||||
"used to specify which parameters to test "
|
"used to specify which parameters to test "
|
||||||
|
|
|
@ -300,6 +300,11 @@ class Connect:
|
||||||
else:
|
else:
|
||||||
ua = conf.parameters["User-Agent"]
|
ua = conf.parameters["User-Agent"]
|
||||||
|
|
||||||
|
if conf.safUrl and conf.saFreq > 0:
|
||||||
|
kb.queryCounter += 1
|
||||||
|
if kb.queryCounter % conf.saFreq == 0:
|
||||||
|
Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua)
|
||||||
|
|
||||||
page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent)
|
page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent)
|
||||||
|
|
||||||
if content:
|
if content:
|
||||||
|
|
|
@ -119,6 +119,15 @@ retries = 3
|
||||||
# Example: (google|yahoo)
|
# Example: (google|yahoo)
|
||||||
scope =
|
scope =
|
||||||
|
|
||||||
|
# Url address to visit frequently during testing
|
||||||
|
# Example: http://192.168.1.121/index.html
|
||||||
|
safUrl =
|
||||||
|
|
||||||
|
# Test requests between two visits to a given safe url (default 0)
|
||||||
|
# Valid: integer
|
||||||
|
# Default: 0
|
||||||
|
saFreq = 0
|
||||||
|
|
||||||
|
|
||||||
# These options can be used to specify which parameters to test for,
|
# These options can be used to specify which parameters to test for,
|
||||||
# provide custom injection payloads and how to parse and compare HTTP
|
# provide custom injection payloads and how to parse and compare HTTP
|
||||||
|
|
Loading…
Reference in New Issue
Block a user