Implementing --live-cookies (Issue #4401)

2025-02-16 19:40:37 +03:00 · 2020-10-29 13:51:11 +01:00 · 2020-10-29 13:51:11 +01:00 · 1d5bde9cdf
commit 1d5bde9cdf
parent 227a23f091
8 changed files with 39 additions and 10 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -2063,7 +2063,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.lastParserStatus = None
    kb.locks = AttribDict()
-    for _ in ("cache", "connError", "count", "handlers", "hint", "index", "io", "limit", "log", "socket", "redirect", "request", "value"):
+    for _ in ("cache", "connError", "count", "handlers", "hint", "index", "io", "limit", "liveCookies", "log", "socket", "redirect", "request", "value"):
        kb.locks[_] = threading.Lock()
    kb.matchRatio = None
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -27,6 +27,7 @@ optDict = {
        "paramDel": "string",
        "cookie": "string",
        "cookieDel": "string",
        "liveCookies": "string",
        "loadCookies": "string",
        "dropSetCookie": "boolean",
        "agent": "string",
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.4.10.27"
+VERSION = "1.4.10.28"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -52,6 +52,9 @@ IPS_WAF_CHECK_RATIO = 0.5
 # Timeout used in heuristic check for WAF/IPS protected targets
 IPS_WAF_CHECK_TIMEOUT = 10
 # Timeout used in checking for existence of live-cookies file
 LIVE_COOKIES_TIMEOUT = 120
 # Lower and upper values for match ratio in case of stable page
 LOWER_RATIO_BOUND = 0.02
 UPPER_RATIO_BOUND = 0.98
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -168,6 +168,9 @@ def cmdLineParser(argv=None):
        request.add_argument("--cookie-del", dest="cookieDel",
            help="Character used for splitting cookie values (e.g. ;)")
        request.add_argument("--live-cookies", dest="liveCookies",
            help="Live cookies file used for loading up-to-date values")
        request.add_argument("--load-cookies", dest="loadCookies",
            help="File containing cookies in Netscape/wget format")
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
 import binascii
 import logging
 import os
 import random
 import re
 import socket
@ -25,6 +26,7 @@ except ImportError:
 from lib.core.agent import agent
 from lib.core.common import asciifyUrl
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import checkFile
 from lib.core.common import checkSameHost
 from lib.core.common import chunkSplitPostData
 from lib.core.common import clearConsoleLine
@ -100,6 +102,7 @@ from lib.core.settings import IPS_WAF_CHECK_PAYLOAD
 from lib.core.settings import IS_WIN
 from lib.core.settings import JAVASCRIPT_HREF_REGEX
 from lib.core.settings import LARGE_READ_TRIM_MARKER
 from lib.core.settings import LIVE_COOKIES_TIMEOUT
 from lib.core.settings import MAX_CONNECTION_READ_SIZE
 from lib.core.settings import MAX_CONNECTIONS_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
@ -292,6 +295,30 @@ class Connect(object):
            return page, headers, code
        if conf.liveCookies:
            with kb.locks.liveCookies:
                if not checkFile(conf.liveCookies, raiseOnError=False) or os.path.getsize(conf.liveCookies) == 0:
                    warnMsg = "[%s] [WARNING] live cookies file '%s' is empty or non-existent. Waiting for timeout (%d seconds)" % (time.strftime("%X"), conf.liveCookies, LIVE_COOKIES_TIMEOUT)
                    dataToStdout(warnMsg)
                    valid = False
                    for _ in xrange(LIVE_COOKIES_TIMEOUT):
                        if checkFile(conf.liveCookies, raiseOnError=False) and os.path.getsize(conf.liveCookies) > 0:
                            valid = True
                            break
                        else:
                            dataToStdout('.')
                            time.sleep(1)
                    dataToStdout("\n")
                    if not valid:
                        errMsg = "problem occurred while loading cookies from file '%s'" % conf.liveCookies
                        raise SqlmapValueException(errMsg)
                cookie = openFile(conf.liveCookies).read().strip()
                cookie = re.sub(r"(?i)\ACookie:\s*", "", cookie)
        if multipart:
            post = multipart
        else:
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@ -5,11 +5,9 @@ Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 import binascii
 import json
 import re
 import time
 import xml.etree.ElementTree
 from lib.core.agent import agent
 from lib.core.bigarray import BigArray
@ -33,14 +31,11 @@ from lib.core.common import isNumPosStrValue
 from lib.core.common import listToStrValue
 from lib.core.common import parseUnionPage
 from lib.core.common import removeReflectiveValues
 from lib.core.common import safeStringFormat
 from lib.core.common import singleTimeDebugMessage
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import wasLastResponseDBMSError
 from lib.core.compat import xrange
 from lib.core.convert import decodeBase64
 from lib.core.convert import getBytes
 from lib.core.convert import getUnicode
 from lib.core.convert import htmlUnescape
 from lib.core.data import conf
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@ -10,7 +10,6 @@ import re
 from lib.core.agent import agent
 from lib.core.common import arrayizeValue
 from lib.core.common import Backend
 from lib.core.common import extractRegexResult
 from lib.core.common import filterNone
 from lib.core.common import filterPairValues
 from lib.core.common import flattenValue
@ -23,7 +22,6 @@ from lib.core.common import isTechniqueAvailable
 from lib.core.common import parseSqliteTableSchema
 from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import safeSQLIdentificatorNaming
 from lib.core.common import safeStringFormat
@ -54,7 +52,6 @@ from lib.core.settings import REFLECTED_VALUE_MARKER
 from lib.core.settings import UPPER_CASE_DBMSES
 from lib.core.settings import VERTICA_DEFAULT_SCHEMA
 from lib.request import inject
 from lib.techniques.union.use import unionUse
 from lib.utils.brute import columnExists
 from lib.utils.brute import tableExists
 from thirdparty import six
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -51,6 +51,9 @@ cookie =
 # Character used for splitting cookie values (e.g. ;).
 cookieDel = 
 # Live cookies file used for loading up-to-date values.
 liveCookies = 
 # File containing cookies in Netscape/wget format.
 loadCookies =