sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

added support for WebScarab logs

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-20 15:55:50 +00:00
parent 345e2288e1
commit 2fa066f892
1 changed files with 131 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
lib/core/option.py
View File

@ -25,6 +25,7 @@ from extra.keepalive import keepalive
from extra.xmlobject import xmlobject from extra.xmlobject import xmlobject
from lib.controller.checks import checkConnection from lib.controller.checks import checkConnection
from lib.core.common import backend from lib.core.common import backend
from lib.core.common import extractRegexResult
from lib.core.common import getConsoleWidth from lib.core.common import getConsoleWidth
from lib.core.common import getFileItems from lib.core.common import getFileItems
from lib.core.common import getFileType from lib.core.common import getFileType
@ -136,18 +137,43 @@ def __urllib2Opener():
urllib2.install_opener(opener) urllib2.install_opener(opener)
def __feedTargetsDict(reqFile, addedTargetUrls): def __feedTargetsDict(reqFile, addedTargetUrls):
fp = openFile(reqFile, "rb") """
Parses web scarab and burp logs and adds results to the target url list
"""
fread = fp.read() def __parseWebScarabLog(content):
fread = fread.replace("\r", "") """
Parses web scarab logs (POST method not supported)
"""
reqResList = content.split("### Conversation")
reqResList = fread.split("======================================================") for request in reqResList:
url = extractRegexResult(r"URL: (?P<result>.+?)\n", request, re.I)
method = extractRegexResult(r"METHOD: (?P<result>.+?)\n", request, re.I)
cookie = extractRegexResult(r"COOKIE: (?P<result>.+?)\n", request, re.I)
if not method or not url:
logger.debug("Invalid log data")
continue
if method.upper() == "POST":
warnMsg = "POST requests from WebScarab logs are not supported "
warnMsg += "as data content is stored in separate files"
logger.warning(warnMsg)
continue
if not kb.targetUrls or url not in addedTargetUrls:
kb.targetUrls.add((url, method, None, cookie))
addedTargetUrls.add(url)
def __parseBurpLog(content):
"""
Parses burp logs
"""
port = None port = None
scheme = None scheme = None
if conf.scope: reqResList = content.split("======================================================")
logger.info("using regular expression '%s' for filtering targets" % conf.scope)
for request in reqResList: for request in reqResList:
if scheme is None: if scheme is None:
@ -239,6 +265,17 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
kb.targetUrls.add((url, method, data, cookie)) kb.targetUrls.add((url, method, data, cookie))
addedTargetUrls.add(url) addedTargetUrls.add(url)
fp = openFile(reqFile, "rb")
fread = fp.read()
fread = fread.replace("\r", "")
if conf.scope:
logger.info("using regular expression '%s' for filtering targets" % conf.scope)
__parseBurpLog(fread)
__parseWebScarabLog(fread)
def __loadQueries(): def __loadQueries():
""" """
Loads queries from 'xml/queries.xml' file. Loads queries from 'xml/queries.xml' file.