sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-08-04 04:10:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

extend tamper scripts to support decoders for processing responses

Browse Source
This commit is contained in:
Lutz Wolf 2013-08-24 00:13:00 +02:00
parent 7cb3ea20dd
commit 5126010ff8
4 changed files with 63 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
lib/core/option.py
View File

@ -842,7 +842,8 @@ def _setTamperingFunctions():
last_priority = PRIORITY.HIGHEST last_priority = PRIORITY.HIGHEST
check_priority = True check_priority = True
resolve_priorities = False resolve_priorities = False
priorities = [] tamper_priorities = []
decode_priorities = []
for tfile in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper): for tfile in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper):
found = False found = False
@ -885,9 +886,17 @@ def _setTamperingFunctions():
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__ priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
for name, function in inspect.getmembers(module, inspect.isfunction): for name, function in inspect.getmembers(module, inspect.isfunction):
if name == "tamper": if name == "tamper" or name == "decode":
found = True found = True
kb.tamperFunctions.append(function)
if name == "tamper":
function_list = kb.tamperFunctions
priorities = tamper_priorities
elif name == "decode":
function_list = kb.decodeFunctions
priorities = decode_priorities
function_list.append(function)
function.func_name = module.__name__ function.func_name = module.__name__
if check_priority and priority > last_priority: if check_priority and priority > last_priority:
@ -913,17 +922,24 @@ def _setTamperingFunctions():
function() function()
if not found: if not found:
errMsg = "missing function 'tamper(payload, headers)' " errMsg = "missing function 'tamper(payload, headers)' or 'decode(page, headers, code)'"
errMsg += "in tamper script '%s'" % tfile errMsg += "in tamper script '%s'" % tfile
raise SqlmapGenericException(errMsg) raise SqlmapGenericException(errMsg)
if resolve_priorities and priorities: if resolve_priorities:
priorities.sort(reverse=True) tamper_priorities.sort(reverse=True)
kb.tamperFunctions = [] kb.tamperFunctions = []
for _, function in priorities: for _, function in tamper_priorities:
kb.tamperFunctions.append(function) kb.tamperFunctions.append(function)
decode_priorities.sort(reverse=True)
kb.decodeFunctions = []
for _, function in decode_priorities:
kb.decodeFunctions.append(function)
def _setWafFunctions(): def _setWafFunctions():
""" """
Loads WAF/IDS/IPS detecting functions from script(s) Loads WAF/IDS/IPS detecting functions from script(s)
@ -1698,6 +1714,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.keywords = set(getFileItems(paths.SQL_KEYWORDS)) kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))
kb.passwordMgr = None kb.passwordMgr = None
kb.tamperFunctions = [] kb.tamperFunctions = []
kb.decodeFunctions = []
kb.targets = oset() kb.targets = oset()
kb.testedParams = set() kb.testedParams = set()
kb.userAgents = None kb.userAgents = None

2
lib/parse/cmdline.py
View File

@ -249,7 +249,7 @@ def cmdLineParser():
help="Injection payload suffix string") help="Injection payload suffix string")
injection.add_option("--tamper", dest="tamper", injection.add_option("--tamper", dest="tamper",
help="Use given script(s) for tampering injection data") help="Use given script(s) for tampering injection data and/or responses")
# Detection options # Detection options
detection = OptionGroup(parser, "Detection", "These options can be " detection = OptionGroup(parser, "Detection", "These options can be "

13
lib/request/connect.py
View File

@ -182,6 +182,13 @@ class Connect(object):
return retVal return retVal
@staticmethod
def _decode(page, headers = None, code = None):
if kb.decodeFunctions:
for function in kb.decodeFunctions:
page, headers, code= function(page, headers, code)
return page, headers, code
@staticmethod @staticmethod
def getPage(**kwargs): def getPage(**kwargs):
""" """
@ -282,7 +289,7 @@ class Connect(object):
responseHeaders[URI_HTTP_HEADER] = conn.geturl() responseHeaders[URI_HTTP_HEADER] = conn.geturl()
page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE)) page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
return page return Connect._decode(page) # FIXME other return statements return triplet, this did not?!
elif any((refreshing, crawling)): elif any((refreshing, crawling)):
pass pass
@ -390,7 +397,7 @@ class Connect(object):
# Return response object # Return response object
if response: if response:
return conn, None, None return conn, None, None # FIXME dead code?
# Get HTTP response # Get HTTP response
if hasattr(conn, 'redurl'): if hasattr(conn, 'redurl'):
@ -590,7 +597,7 @@ class Connect(object):
logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
return page, responseHeaders, code return Connect._decode(page, responseHeaders, code)
@staticmethod @staticmethod
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True): def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):

28
tamper/base64decode.py Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import base64
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOWEST
def dependencies():
pass
def decode(page, headers, code, **kwargs):
"""
Base64 decode a response
"""
print page
try:
retval = base64.b64decode(page)
except TypeError: # Decode error
retval = page
return retval, headers, code