extend tamper scripts to support decoders for processing responses

This commit is contained in:
Lutz Wolf 2013-08-24 00:13:00 +02:00
parent 7cb3ea20dd
commit 5126010ff8
4 changed files with 63 additions and 11 deletions

View File

@ -842,7 +842,8 @@ def _setTamperingFunctions():
last_priority = PRIORITY.HIGHEST
check_priority = True
resolve_priorities = False
priorities = []
tamper_priorities = []
decode_priorities = []
for tfile in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper):
found = False
@ -885,9 +886,17 @@ def _setTamperingFunctions():
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
for name, function in inspect.getmembers(module, inspect.isfunction):
if name == "tamper":
if name == "tamper" or name == "decode":
found = True
kb.tamperFunctions.append(function)
if name == "tamper":
function_list = kb.tamperFunctions
priorities = tamper_priorities
elif name == "decode":
function_list = kb.decodeFunctions
priorities = decode_priorities
function_list.append(function)
function.func_name = module.__name__
if check_priority and priority > last_priority:
@ -913,17 +922,24 @@ def _setTamperingFunctions():
function()
if not found:
errMsg = "missing function 'tamper(payload, headers)' "
errMsg = "missing function 'tamper(payload, headers)' or 'decode(page, headers, code)'"
errMsg += "in tamper script '%s'" % tfile
raise SqlmapGenericException(errMsg)
if resolve_priorities and priorities:
priorities.sort(reverse=True)
if resolve_priorities:
tamper_priorities.sort(reverse=True)
kb.tamperFunctions = []
for _, function in priorities:
for _, function in tamper_priorities:
kb.tamperFunctions.append(function)
decode_priorities.sort(reverse=True)
kb.decodeFunctions = []
for _, function in decode_priorities:
kb.decodeFunctions.append(function)
def _setWafFunctions():
"""
Loads WAF/IDS/IPS detecting functions from script(s)
@ -1698,6 +1714,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))
kb.passwordMgr = None
kb.tamperFunctions = []
kb.decodeFunctions = []
kb.targets = oset()
kb.testedParams = set()
kb.userAgents = None

View File

@ -249,7 +249,7 @@ def cmdLineParser():
help="Injection payload suffix string")
injection.add_option("--tamper", dest="tamper",
help="Use given script(s) for tampering injection data")
help="Use given script(s) for tampering injection data and/or responses")
# Detection options
detection = OptionGroup(parser, "Detection", "These options can be "

View File

@ -182,6 +182,13 @@ class Connect(object):
return retVal
@staticmethod
def _decode(page, headers = None, code = None):
if kb.decodeFunctions:
for function in kb.decodeFunctions:
page, headers, code= function(page, headers, code)
return page, headers, code
@staticmethod
def getPage(**kwargs):
"""
@ -282,7 +289,7 @@ class Connect(object):
responseHeaders[URI_HTTP_HEADER] = conn.geturl()
page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
return page
return Connect._decode(page) # FIXME other return statements return triplet, this did not?!
elif any((refreshing, crawling)):
pass
@ -390,7 +397,7 @@ class Connect(object):
# Return response object
if response:
return conn, None, None
return conn, None, None # FIXME dead code?
# Get HTTP response
if hasattr(conn, 'redurl'):
@ -590,7 +597,7 @@ class Connect(object):
logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
return page, responseHeaders, code
return Connect._decode(page, responseHeaders, code)
@staticmethod
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):

28
tamper/base64decode.py Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import base64
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOWEST
def dependencies():
pass
def decode(page, headers, code, **kwargs):
"""
Base64 decode a response
"""
print page
try:
retval = base64.b64decode(page)
except TypeError: # Decode error
retval = page
return retval, headers, code