Reintroducing option --cookie-del

lib/core/common.py

@@ -533,7 +533,10 @@ def paramToDict(place, parameters=None):
 
     parameters = parameters.replace(", ", ",")
     parameters = re.sub(r"&(\w{1,4});", r"%s\g<1>%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), parameters)
-    splitParams = parameters.split(conf.pDel or (DEFAULT_COOKIE_DELIMITER if place == PLACE.COOKIE else DEFAULT_GET_POST_DELIMITER))
+    if place == PLACE.COOKIE:
+        splitParams = parameters.split(conf.cDel or DEFAULT_COOKIE_DELIMITER)
+    else:
+        splitParams = parameters.split(conf.pDel or DEFAULT_GET_POST_DELIMITER)
 
     for element in splitParams:
         element = re.sub(r"%s(.+?)%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), r"&\g<1>;", element)

lib/core/optiondict.py

@@ -25,6 +25,7 @@ optDict = {
                                "data":              "string",
                                "pDel":              "string",
                                "cookie":            "string",
+                               "cDel":              "string",
                                "loadCookies":       "string",
                                "dropSetCookie":     "boolean",
                                "agent":             "string",

lib/parse/cmdline.py

@@ -82,6 +82,9 @@ def cmdLineParser():
         request.add_option("--cookie", dest="cookie",
                            help="HTTP Cookie header")
 
+        request.add_option("--cookie-del", dest="cDel",
+                           help="Character used for splitting cookie values")
+
         request.add_option("--load-cookies", dest="loadCookies",
                            help="File containing cookies in Netscape/wget format")
 

lib/request/basic.py

@@ -73,7 +73,7 @@ def forgeHeaders(items=None):
                         kb.mergeCookies = not _ or _[0] in ("y", "Y")
 
                     if kb.mergeCookies:
-                        _ = lambda x: re.sub("(?i)%s=[^%s]+" % (cookie.name, DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, cookie.value), x)
+                        _ = lambda x: re.sub("(?i)%s=[^%s]+" % (cookie.name, conf.cDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, cookie.value), x)
                         headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE])
 
                         if PLACE.COOKIE in conf.parameters:
@@ -82,7 +82,7 @@ def forgeHeaders(items=None):
                         conf.httpHeaders = [(item[0], item[1] if item[0] != HTTP_HEADER.COOKIE else _(item[1])) for item in conf.httpHeaders]
 
                 elif not kb.testMode:
-                    headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (DEFAULT_COOKIE_DELIMITER, cookie.name, cookie.value)
+                    headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cDel or DEFAULT_COOKIE_DELIMITER, cookie.name, cookie.value)
 
         if kb.testMode:
             resetCookieJar(conf.cj)

lib/request/connect.py

@@ -752,7 +752,7 @@ class Connect(object):
                         evaluateCode("%s=%s" % (name, repr(value)), variables)
 
             if cookie:
-                for part in cookie.split(conf.pDel or DEFAULT_COOKIE_DELIMITER):
+                for part in cookie.split(conf.cDel or DEFAULT_COOKIE_DELIMITER):
                     if '=' in part:
                         name, value = part.split('=', 1)
                         value = urldecode(value, convall=True)
@@ -770,7 +770,7 @@ class Connect(object):
                         elif re.search(r"\b%s=" % name, (post or "")):
                             post = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, post)
                         elif re.search(r"\b%s=" % name, (cookie or "")):
-                            cookie = re.sub("((\A|\W)%s=)([^%s]+)" % (name, conf.pDel or DEFAULT_COOKIE_DELIMITER), "\g<1>%s" % value, cookie)
+                            cookie = re.sub("((\A|\W)%s=)([^%s]+)" % (name, conf.cDel or DEFAULT_COOKIE_DELIMITER), "\g<1>%s" % value, cookie)
                         elif post is not None:
                             post += "%s%s=%s" % (delimiter, name, value)
                         else:

lib/request/redirecthandler.py

@@ -112,7 +112,7 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
         if redurl and kb.redirectChoice == REDIRECTION.YES:
             req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)
             if headers and HTTP_HEADER.SET_COOKIE in headers:
-                req.headers[HTTP_HEADER.COOKIE] = headers[HTTP_HEADER.SET_COOKIE].split(DEFAULT_COOKIE_DELIMITER)[0]
+                req.headers[HTTP_HEADER.COOKIE] = headers[HTTP_HEADER.SET_COOKIE].split(conf.cDel or DEFAULT_COOKIE_DELIMITER)[0]
             result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
         else:
             result = fp

sqlmap.conf

@@ -36,12 +36,15 @@ googleDork =
 # Data string to be sent through POST.
 data = 
 
-# Character used for splitting cookie values
+# Character used for splitting parameter values
 pDel = 
 
 # HTTP Cookie header.
 cookie = 
 
+# Character used for splitting cookie values
+cDel = 
+
 # File containing cookies in Netscape/wget format
 loadCookies =