Couple of fixes and some testing stuff

This commit is contained in:
Miroslav Stampar 2016-09-27 14:03:59 +02:00
parent 381deb68ff
commit 212c1ec1f2
7 changed files with 21 additions and 10 deletions

View File

@ -235,6 +235,7 @@ optDict = {
"profile": "boolean", "profile": "boolean",
"forceDns": "boolean", "forceDns": "boolean",
"ignore401": "boolean", "ignore401": "boolean",
"murphyRate": "integer",
"smokeTest": "boolean", "smokeTest": "boolean",
"liveTest": "boolean", "liveTest": "boolean",
"stopFail": "boolean", "stopFail": "boolean",

View File

@ -19,7 +19,7 @@ from lib.core.enums import OS
from lib.core.revision import getRevisionNumber from lib.core.revision import getRevisionNumber
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.9.40" VERSION = "1.0.9.41"
REVISION = getRevisionNumber() REVISION = getRevisionNumber()
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
@ -86,6 +86,9 @@ MAX_CONNECTIONS_REGEX = r"max.+connections"
# Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it) # Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)
PRECONNECT_CANDIDATE_TIMEOUT = 10 PRECONNECT_CANDIDATE_TIMEOUT = 10
# Maximum sleep time in "Murphy" (testing) mode
MAX_MURPHY_SLEEP_TIME = 3
# Regular expression used for extracting results from Google search # Regular expression used for extracting results from Google search
GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&amp;cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)" GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&amp;cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)"

View File

@ -59,6 +59,7 @@ class _ThreadData(threading.local):
self.retriesCount = 0 self.retriesCount = 0
self.seqMatcher = difflib.SequenceMatcher(None) self.seqMatcher = difflib.SequenceMatcher(None)
self.shared = shared self.shared = shared
self.validationRun = 0
self.valueStack = [] self.valueStack = []
ThreadData = _ThreadData() ThreadData = _ThreadData()

View File

@ -759,6 +759,9 @@ def cmdLineParser(argv=None):
parser.add_option("--dummy", dest="dummy", action="store_true", parser.add_option("--dummy", dest="dummy", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
parser.add_option("--murphy-rate", dest="murphyRate", type="int",
help=SUPPRESS_HELP)
parser.add_option("--pickled-options", dest="pickledOptions", parser.add_option("--pickled-options", dest="pickledOptions",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)

View File

@ -90,6 +90,7 @@ from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE
from lib.core.settings import MAX_CONNECTIONS_REGEX from lib.core.settings import MAX_CONNECTIONS_REGEX
from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
from lib.core.settings import MAX_MURPHY_SLEEP_TIME
from lib.core.settings import META_REFRESH_REGEX from lib.core.settings import META_REFRESH_REGEX
from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
@ -224,8 +225,10 @@ class Connect(object):
if conf.offline: if conf.offline:
return None, None, None return None, None, None
elif conf.dummy: elif conf.dummy or conf.murphyRate and randomInt() % conf.murphyRate == 0:
return getUnicode(randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())), None, None if conf.murphyRate:
time.sleep(randomInt() % (MAX_MURPHY_SLEEP_TIME + 1))
return getUnicode(randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())), None, None if not conf.murphyRate else randomInt(3)
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
with kb.locks.request: with kb.locks.request:

View File

@ -324,7 +324,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if not timeBasedCompare: if not timeBasedCompare:
unexpectedCode |= threadData.lastCode not in (kb.injection.data[kb.technique].falseCode, kb.injection.data[kb.technique].trueCode) unexpectedCode |= threadData.lastCode not in (kb.injection.data[kb.technique].falseCode, kb.injection.data[kb.technique].trueCode)
if unexpectedCode: if unexpectedCode:
warnMsg = "unexpected HTTP code '%d' detected. Will use (extra) validation step in similar cases" % threadData.lastCode warnMsg = "unexpected HTTP code '%s' detected. Will use (extra) validation step in similar cases" % threadData.lastCode
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
if result: if result:

View File

@ -38,26 +38,26 @@ e4ca0fd47f20cf7ba6a5f5cbf980073c lib/core/decorators.py
e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py
91c514013daa796e2cdd940389354eac lib/core/log.py 91c514013daa796e2cdd940389354eac lib/core/log.py
b9779615206791e6ebbaa84947842b49 lib/core/optiondict.py 5b079749c50240602ea92637e268ed31 lib/core/optiondict.py
74d826338a2cd66a4724d8486a648d93 lib/core/option.py 74d826338a2cd66a4724d8486a648d93 lib/core/option.py
1e8948dddbd12def5c2af52530738059 lib/core/profiling.py 1e8948dddbd12def5c2af52530738059 lib/core/profiling.py
e60456db5380840a586654344003d4e6 lib/core/readlineng.py e60456db5380840a586654344003d4e6 lib/core/readlineng.py
5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py
99a2b496b9d5b546b335653ca801153f lib/core/revision.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
beddfa335e49041ded23235064af09de lib/core/settings.py f736ee4e7e504498859dce2171991550 lib/core/settings.py
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py 0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py
d43f059747ffd48952922c94152e2a07 lib/core/testing.py d43f059747ffd48952922c94152e2a07 lib/core/testing.py
7ec80da7d7fa8ceaf2ff606cfa578c15 lib/core/threads.py 2cafee22d9f8018e7efff0a5e3178596 lib/core/threads.py
53c15b78e0288274f52410db25406432 lib/core/unescaper.py 53c15b78e0288274f52410db25406432 lib/core/unescaper.py
6bdc53e2ca152ff8cd35ad671e48a96b lib/core/update.py 6bdc53e2ca152ff8cd35ad671e48a96b lib/core/update.py
8485a3cd94c0a5af2718bad60c5f1ae5 lib/core/wordlist.py 8485a3cd94c0a5af2718bad60c5f1ae5 lib/core/wordlist.py
354ecc0c6d3e0ac9c06ed897c4d52edf lib/core/xmldump.py 354ecc0c6d3e0ac9c06ed897c4d52edf lib/core/xmldump.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/__init__.py
c1288bc4ce5651dbdd82d4a9435fdc03 lib/parse/banner.py c1288bc4ce5651dbdd82d4a9435fdc03 lib/parse/banner.py
daea32290b63c43f7d1c0e14c66d4826 lib/parse/cmdline.py 498be08b12a01bd79d82fc993bd07965 lib/parse/cmdline.py
8ec4d4f02634834701f8258726f2e511 lib/parse/configfile.py 8ec4d4f02634834701f8258726f2e511 lib/parse/configfile.py
fe4e2152292587928edb94c9a4d311ff lib/parse/handler.py fe4e2152292587928edb94c9a4d311ff lib/parse/handler.py
8e6bfb13e5a34b2610f3ff23467a34cf lib/parse/headers.py 8e6bfb13e5a34b2610f3ff23467a34cf lib/parse/headers.py
@ -68,7 +68,7 @@ b40a4c5d91770d347df36d3065b63798 lib/parse/sitemap.py
9299f21804033f099681525bb9bf51c0 lib/request/basicauthhandler.py 9299f21804033f099681525bb9bf51c0 lib/request/basicauthhandler.py
ca9879ea9277810c5fce0f0d8d2f8e03 lib/request/basic.py ca9879ea9277810c5fce0f0d8d2f8e03 lib/request/basic.py
c48285682a61d49982cb508351013cb4 lib/request/comparison.py c48285682a61d49982cb508351013cb4 lib/request/comparison.py
29148e4412209526b18acbd8a942fe03 lib/request/connect.py c8aeed55d933b4944da038fdee4cdbc6 lib/request/connect.py
49b4c583af68689de5f9acb162de2939 lib/request/direct.py 49b4c583af68689de5f9acb162de2939 lib/request/direct.py
1a46f7bb26b23ec0c0d9d9c95828241b lib/request/dns.py 1a46f7bb26b23ec0c0d9d9c95828241b lib/request/dns.py
70ceefe39980611494d4f99afb96f652 lib/request/httpshandler.py 70ceefe39980611494d4f99afb96f652 lib/request/httpshandler.py
@ -87,7 +87,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e lib/takeover/__init__.py
7d6cd7bdfc8f4bc4e8aed60c84cdf87f lib/takeover/udf.py 7d6cd7bdfc8f4bc4e8aed60c84cdf87f lib/takeover/udf.py
f6e3084abd506925a8be3d1c0a6d058c lib/takeover/web.py f6e3084abd506925a8be3d1c0a6d058c lib/takeover/web.py
9af83a62de360184f1c14e69b8a95cfe lib/takeover/xp_cmdshell.py 9af83a62de360184f1c14e69b8a95cfe lib/takeover/xp_cmdshell.py
9e4ae2df75cab68ea297f0db50b574c7 lib/techniques/blind/inference.py 0b44d8de954e74ac9bac13594b9d81e8 lib/techniques/blind/inference.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/blind/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/blind/__init__.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/brute/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/brute/__init__.py
d36effffe64e63ef9b3be490f850e2cc lib/techniques/brute/use.py d36effffe64e63ef9b3be490f850e2cc lib/techniques/brute/use.py