Couple of fixes and some testing stuff

2025-10-31 16:07:55 +03:00 · 2016-09-27 14:03:59 +02:00 · 2016-09-27 14:03:59 +02:00 · 212c1ec1f2
commit 212c1ec1f2
parent 381deb68ff
7 changed files with 21 additions and 10 deletions
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -235,6 +235,7 @@ optDict = {
                               "profile":           "boolean",
                               "forceDns":          "boolean",
                               "ignore401":         "boolean",
+                               "murphyRate":        "integer",
                               "smokeTest":         "boolean",
                               "liveTest":          "boolean",
                               "stopFail":          "boolean",
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.9.40"
+VERSION = "1.0.9.41"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
@ -86,6 +86,9 @@ MAX_CONNECTIONS_REGEX = r"max.+connections"
 # Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)
 PRECONNECT_CANDIDATE_TIMEOUT = 10

+# Maximum sleep time in "Murphy" (testing) mode
+MAX_MURPHY_SLEEP_TIME = 3
+
 # Regular expression used for extracting results from Google search
 GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&amp;cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)"

--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@ -59,6 +59,7 @@ class _ThreadData(threading.local):
        self.retriesCount = 0
        self.seqMatcher = difflib.SequenceMatcher(None)
        self.shared = shared
+        self.validationRun = 0
        self.valueStack = []

 ThreadData = _ThreadData()
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -759,6 +759,9 @@ def cmdLineParser(argv=None):
        parser.add_option("--dummy", dest="dummy", action="store_true",
                          help=SUPPRESS_HELP)

+        parser.add_option("--murphy-rate", dest="murphyRate", type="int",
+                          help=SUPPRESS_HELP)
+
        parser.add_option("--pickled-options", dest="pickledOptions",
                          help=SUPPRESS_HELP)

--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -90,6 +90,7 @@ from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
 from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE
 from lib.core.settings import MAX_CONNECTIONS_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
+from lib.core.settings import MAX_MURPHY_SLEEP_TIME
 from lib.core.settings import META_REFRESH_REGEX
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import IS_WIN
@ -224,8 +225,10 @@ class Connect(object):

        if conf.offline:
            return None, None, None
-        elif conf.dummy:
-            return getUnicode(randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())), None, None
+        elif conf.dummy or conf.murphyRate and randomInt() % conf.murphyRate == 0:
+            if conf.murphyRate:
+                time.sleep(randomInt() % (MAX_MURPHY_SLEEP_TIME + 1))
+            return getUnicode(randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())), None, None if not conf.murphyRate else randomInt(3)

        threadData = getCurrentThreadData()
        with kb.locks.request:
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -324,7 +324,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                if not timeBasedCompare:
                    unexpectedCode |= threadData.lastCode not in (kb.injection.data[kb.technique].falseCode, kb.injection.data[kb.technique].trueCode)
                    if unexpectedCode:
-                        warnMsg = "unexpected HTTP code '%d' detected. Will use (extra) validation step in similar cases" % threadData.lastCode
+                        warnMsg = "unexpected HTTP code '%s' detected. Will use (extra) validation step in similar cases" % threadData.lastCode
                        singleTimeWarnMessage(warnMsg)

                if result:
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -38,26 +38,26 @@ e4ca0fd47f20cf7ba6a5f5cbf980073c  lib/core/decorators.py
 e4aec2b11c1ad6039d0c3dbbfbc5eb1a  lib/core/exception.py
 cc9c82cfffd8ee9b25ba3af6284f057e  lib/core/__init__.py
 91c514013daa796e2cdd940389354eac  lib/core/log.py
-b9779615206791e6ebbaa84947842b49  lib/core/optiondict.py
+5b079749c50240602ea92637e268ed31  lib/core/optiondict.py
 74d826338a2cd66a4724d8486a648d93  lib/core/option.py
 1e8948dddbd12def5c2af52530738059  lib/core/profiling.py
 e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-beddfa335e49041ded23235064af09de  lib/core/settings.py
+f736ee4e7e504498859dce2171991550  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 0bc2fae1dec18cdd11954b22358293f2  lib/core/target.py
 d43f059747ffd48952922c94152e2a07  lib/core/testing.py
-7ec80da7d7fa8ceaf2ff606cfa578c15  lib/core/threads.py
+2cafee22d9f8018e7efff0a5e3178596  lib/core/threads.py
 53c15b78e0288274f52410db25406432  lib/core/unescaper.py
 6bdc53e2ca152ff8cd35ad671e48a96b  lib/core/update.py
 8485a3cd94c0a5af2718bad60c5f1ae5  lib/core/wordlist.py
 354ecc0c6d3e0ac9c06ed897c4d52edf  lib/core/xmldump.py
 cc9c82cfffd8ee9b25ba3af6284f057e  lib/__init__.py
 c1288bc4ce5651dbdd82d4a9435fdc03  lib/parse/banner.py
-daea32290b63c43f7d1c0e14c66d4826  lib/parse/cmdline.py
+498be08b12a01bd79d82fc993bd07965  lib/parse/cmdline.py
 8ec4d4f02634834701f8258726f2e511  lib/parse/configfile.py
 fe4e2152292587928edb94c9a4d311ff  lib/parse/handler.py
 8e6bfb13e5a34b2610f3ff23467a34cf  lib/parse/headers.py
@ -68,7 +68,7 @@ b40a4c5d91770d347df36d3065b63798  lib/parse/sitemap.py
 9299f21804033f099681525bb9bf51c0  lib/request/basicauthhandler.py
 ca9879ea9277810c5fce0f0d8d2f8e03  lib/request/basic.py
 c48285682a61d49982cb508351013cb4  lib/request/comparison.py
-29148e4412209526b18acbd8a942fe03  lib/request/connect.py
+c8aeed55d933b4944da038fdee4cdbc6  lib/request/connect.py
 49b4c583af68689de5f9acb162de2939  lib/request/direct.py
 1a46f7bb26b23ec0c0d9d9c95828241b  lib/request/dns.py
 70ceefe39980611494d4f99afb96f652  lib/request/httpshandler.py
@ -87,7 +87,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e  lib/takeover/__init__.py
 7d6cd7bdfc8f4bc4e8aed60c84cdf87f  lib/takeover/udf.py
 f6e3084abd506925a8be3d1c0a6d058c  lib/takeover/web.py
 9af83a62de360184f1c14e69b8a95cfe  lib/takeover/xp_cmdshell.py
-9e4ae2df75cab68ea297f0db50b574c7  lib/techniques/blind/inference.py
+0b44d8de954e74ac9bac13594b9d81e8  lib/techniques/blind/inference.py
 cc9c82cfffd8ee9b25ba3af6284f057e  lib/techniques/blind/__init__.py
 cc9c82cfffd8ee9b25ba3af6284f057e  lib/techniques/brute/__init__.py
 d36effffe64e63ef9b3be490f850e2cc  lib/techniques/brute/use.py