Fixes #178 and #179 - proper handling of custom redirects

lib/controller/controller.py

@@ -237,7 +237,6 @@ def start():
 
                 else:
                     raise sqlmapNotVulnerableException, "all parameters are not injectable"
-                    return
 
                 if injDataSelected == "Quit":
                     return
@@ -246,7 +245,7 @@ def start():
                     kb.injPlace, kb.injParameter, kb.injType = injDataSelected
                     setInjection()
 
-            elif kb.injPlace and kb.injParameter and kb.injType:
+            if kb.injPlace and kb.injParameter and kb.injType:
                 if conf.multipleTargets:
                     message = "do you want to exploit this SQL injection? [Y/n] "
                     exploit = readInput(message, default="Y")

lib/core/option.py

@@ -957,6 +957,7 @@ def __setConfAttributes():
     conf.path            = None
     conf.port            = None
     conf.progressWidth   = 54
+    conf.redirectHandled = False
     conf.retriesCount    = 0
     conf.scheme          = None
     #conf.seqMatcher      = difflib.SequenceMatcher(lambda x: x in " \t")

lib/request/connect.py

@@ -31,6 +31,7 @@ import urlparse
 import traceback
 
 from lib.contrib import multipartpost
+from lib.core.common import readInput
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
@@ -125,12 +126,24 @@ class Connect:
             req            = urllib2.Request(url, post, headers)
             conn           = urllib2.urlopen(req)
 
-            if hasattr(conn, "redurl"):
+            if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled:
-                infoMsg  = "connection redirected, going to use "
+                msg  = "sqlmap got a %d redirect to " % conn.redcode
-                infoMsg += "%s as target address" % conn.redurl
+                msg += "%s - What target address do you " % conn.redurl
-                logger.info(infoMsg)
+                msg += "want to use from now on? %s " % conf.url
+                msg += "(default) or provide another target address based "
+                msg += "also on the redirection got from the application\n"
 
-                conf.url = conn.redurl
+                while True:
+                    choice = readInput(msg, default="1")
+
+                    if not choice or choice == "1":
+                        pass
+                    else:
+                        conf.url = choice
+
+                    break
+
+                conf.redirectHandled = True
 
                 return Connect.__getPageProxy(**kwargs)
 

lib/request/redirecthandler.py

@@ -25,22 +25,20 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 import urllib2
 
 class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
-    def http_error_301(self, req, fp, code, msg, headers):
+    def common_http_redirect(self, result, headers, code):
-        result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers)
-
         if "location" in headers:
             result.redurl = headers.getheaders("location")[0].split("?")[0]
         elif "uri" in headers:
             result.redurl = headers.getheaders("uri")[0].split("?")[0]
 
+        result.redcode = code
+
         return result
 
+    def http_error_301(self, req, fp, code, msg, headers):
+        result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers)
+        return self.common_http_redirect(result, headers, code)
+
     def http_error_302(self, req, fp, code, msg, headers):
         result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
-
+        return self.common_http_redirect(result, headers, code)
-        if "location" in headers:
-            result.redurl = headers.getheaders("location")[0].split("?")[0]
-        elif "uri" in headers:
-            result.redurl = headers.getheaders("uri")[0].split("?")[0]
-
-        return result