Ugly code to set the cookies when got them from a 302 redirect too

lib/core/option.py

@@ -1184,6 +1184,7 @@ def __setKnowledgeBaseAttributes():
     kb.unionFalseCond  = False
     kb.userAgents      = None
     kb.valueStack      = []
+    kb.redirectSetCookie = None
 
 def __saveCmdline():
     """

lib/request/basic.py

@@ -40,6 +40,12 @@ def forgeHeaders(cookie, ua):
         else:
             headers[header] = value
 
+    if kb.redirectSetCookie:
+        if "Cookie" in headers:
+            headers["Cookie"] = "%s; %s" % (headers["Cookie"], kb.redirectSetCookie)
+        else:
+            headers["Cookie"] = kb.redirectSetCookie
+
     return headers
 
 def parseResponse(page, headers):

lib/request/connect.py

@@ -187,6 +187,9 @@ class Connect:
             if not kb.proxyAuthHeader and req.has_header("Proxy-authorization"):
                 kb.proxyAuthHeader = req.get_header("Proxy-authorization")
 
+            if hasattr(conn, "setcookie"):
+                kb.redirectSetCookie = conn.setcookie
+
             if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled:
                 msg  = "sqlmap got a %d redirect to " % conn.redcode
                 msg += "%s - What target address do you " % conn.redurl

lib/request/redirecthandler.py

@@ -26,6 +26,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
         elif "uri" in headers:
             result.redurl = headers.getheaders("uri")[0].split("?")[0]
 
+        if "set-cookie" in headers:
+            result.setcookie = headers["set-cookie"].split("; path")[0]
+
         result.redcode = code
 
         return result