diff --git a/doc/README.sgml b/doc/README.sgml
index 9293b4292..f6ead4b14 100644
--- a/doc/README.sgml
+++ b/doc/README.sgml
@@ -429,7 +429,7 @@ Options:
--method=METHOD HTTP method, GET or POST (default GET)
--data=DATA Data string to be sent through POST
--cookie=COOKIE HTTP Cookie header
- --cookie-urlencode URL-encode generated cookie injections
+ --cookie-urlencode URL Encode generated cookie injections
--drop-set-cookie Ignore Set-Cookie header from response
--user-agent=AGENT HTTP User-Agent header
-a USERAGENTSFILE Load a random HTTP User-Agent header from file
@@ -868,7 +868,52 @@ back-end DBMS: MySQL >= 5.0.0
Option: -r
-#TODO
+
+
+One of the possibilities of sqlmap is loading of complete HTTP
+request packet stored in textual file. That way you can skip usage of
+bunch of other options.
+
+
+Sample content of a HTTP request file:
+
+
+POST /sqlmap/mysql/post_int.php HTTP/1.1
+Host: 157.247.180.194
+User-Agent: Mozilla/4.0
+
+id=1
+
+
+
+Example usage:
+
+
+
+$ python sqlmap.py -r request.txt
+
+[...]
+[11:54:27] [INFO] parsing HTTP request from 'request.txt'
+[...]
+[11:52:21] [INFO] testing if POST parameter 'id' is dynamic
+[11:52:22] [INFO] confirming that POST parameter 'id' is dynamic
+[11:52:22] [INFO] POST parameter 'id' is dynamic
+[11:52:22] [INFO] testing sql injection on POST parameter 'id' with 0 parenthesis
+[11:52:22] [INFO] testing unescaped numeric injection on POST parameter 'id'
+[11:52:22] [INFO] confirming unescaped numeric injection on POST parameter 'id'
+[11:52:22] [INFO] POST parameter 'id' is unescaped numeric injectable with 0 parenthesis
+[11:52:22] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
+[11:52:22] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
+[11:52:22] [INFO] testing for parenthesis on injectable parameter
+[11:52:22] [INFO] the injectable parameter requires 0 parenthesis
+[11:52:22] [INFO] testing MySQL
+[11:52:22] [INFO] confirming MySQL
+[11:52:22] [INFO] retrieved: 3
+[11:52:22] [INFO] the back-end DBMS is MySQL
+web server operating system: Linux Ubuntu 8.04 (Hardy Heron)
+web application technology: PHP 5.2.4, Apache 2.2.8
+back-end DBMS: MySQL >= 5.0.0
+
Process Google dork results as target urls
@@ -1108,18 +1153,24 @@ values that you provided? [Y/n]
-URL-encode generated cookie injections
+URL Encode generated cookie injections
Option: --cookie-urlencode
-#TODO
+
+sqlmap by default doesn't URL Encode generated cookie injections, but you can force it by
+using this flag. Cookie content encoding is not declared by standard in any way, so it's
+solely the matter of web application's behaviour.
Ignore Set-Cookie header from response
Option: --drop-set-cookie
-#TODO
+
+Sometimes there is a need for ignoring any session cookie(s) returned by web server and/or
+usage of only the custom supplied value (see option --cookie). In such cases
+option --drop-set-cookie should be used.
HTTP User-Agent header
@@ -1317,7 +1368,21 @@ Connection: close
Option: --auth-cert
-#TODO
+
+This option should be used in cases when the web server requires proper user's
+certificate for authentication. Supplied values should be in the form: key_file,
+cert_file, where key_file should be the name of a PEM formatted file that
+contains your private key, while cert_file should be the name for a PEM formatted
+certificate chain file.
+
+
+Example:
+
+
+$ python sqlmap.py -u "http://www.example.com/process.php?id=1" \
+ --auth-cert key.pem,cert.pem
+[...]
+
HTTP proxy
@@ -1451,7 +1516,10 @@ Option: --scope
Option: --ignore-proxy
-#TODO
+
+This option should be used in cases like when you want to run sqlmap
+against the machine inside a local area network skipping default
+usage of a system wide set HTTP proxy server.
Injection
@@ -5186,84 +5254,28 @@ Option: --gpage
#TODO
-Update Microsoft SQL Server XML signature file
+Update sqlmap
Option: --update
-#TODO
-
-It is possible to update sqlmap to the latest stable version available on
-project's by running it with the
---update option.
-
-
-$ python sqlmap.py --update -v 4
-
-[hh:mm:53] [DEBUG] initializing the configuration
-[hh:mm:53] [DEBUG] initializing the knowledge base
-[hh:mm:53] [DEBUG] cleaning up configuration parameters
-[hh:mm:53] [DEBUG] setting the HTTP method to perform HTTP requests through
-[hh:mm:53] [DEBUG] creating HTTP requests opener object
-[hh:mm:53] [INFO] updating sqlmap
-[hh:mm:53] [DEBUG] checking if a new version is available
-[hh:mm:55] [TRAFFIC OUT] HTTP request:
-GET /doc/VERSION HTTP/1.1
-Host: sqlmap.sourceforge.net
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-
-[hh:mm:55] [TRAFFIC IN] HTTP response (OK - 200):
-Date: Fri, 01 Aug 2008 14:50:55 GMT
-Server: Apache/1.3.33 (Unix) PHP/4.3.10
-Last-Modified: Thu, 31 Jul 2008 11:10:19 GMT
-ETag: "9fcc53e-4-48919d9b"
-Accept-Ranges: bytes
-Content-Length: 4
-Connection: close
-Content-Type: text/plain
-X-Pad: avoid browser bug
-
-[hh:mm:55] [INFO] you are already running sqlmap latest stable version
-[hh:mm:55] [INFO] updating Microsoft SQL Server XML versions file
-[hh:mm:56] [TRAFFIC OUT] HTTP request:
-GET /FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx HTTP/1.1
-Host: www.sqlsecurity.com
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Cookie: .ASPXANONYMOUS=dvus03cqyQEkAAAANDI0M2QzZmUtOGRkOS00ZDQxLThhMTUtN2ExMWJiNWVjN2My0;
-language=en-US
-Connection: close
-
-[hh:mm:02] [TRAFFIC IN] HTTP response (OK - 200):
-Cache-Control: private
-Connection: close
-Date: Fri, 01 Aug 2008 14:50:50 GMT
-Content-Length: 167918
-Content-Type: text/html; charset=utf-8
-Server: Microsoft-IIS/6.0
-X-Powered-By: ASP.NET
-X-AspNet-Version: 2.0.50727
-Set-Cookie: .ASPXANONYMOUS=dvus03cqyQEkAAAANDI0M2QzZmUtOGRkOS00ZDQxLThhMTUtN2ExMWJiNWVjN2My0;
-expires=Fri, 10-Oct-2008 01:30:49 GMT; path=/; HttpOnly
-Set-Cookie: language=en-US; path=/; HttpOnly
-
-[hh:mm:02] [INFO] no new Microsoft SQL Server versions since the last update
-[hh:mm:02] [DEBUG] parsing XML queries file
-
-
-
-As you can see, sqlmap first checks if a new stable version is available,
-and then in case it is, downloads it, unzips it and updates the Microsoft SQL
-Server XML versions file from Chip Andrews'
+Using this option you can update the program to the latest version
+directly from source repository together with the latest
+Microsoft SQL Server XML versions file from Chip Andrews'
.
-
-Note that the default configuration file sqlmap.conf is backupped
-to sqlmap.conf.bak each time a new stable version is available and
-your copy is outdated.
+
+$ python sqlmap.py --update
+
+[...]
+[hh:mm:27] [INFO] updating sqlmap to latest development version from the subversion repository
+[hh:mm:28] [INFO] updated to the latest revision 1356
+[hh:mm:29] [INFO] updating Microsoft SQL Server XML versions file
+[hh:mm:33] [INFO] no new Microsoft SQL Server versions since the last update
+[...]
+
Save options on a configuration INI file
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index d84162bd0..ac3ea840b 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -407,7 +407,7 @@ def cmdLineParser():
help="Use google dork results from specified page number")
miscellaneous.add_option("--update", dest="updateAll", action="store_true",
- help="Update Microsoft SQL Server XML signature file")
+ help="Update sqlmap")
miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
help="Save options on a configuration INI file")
diff --git a/sqlmap.conf b/sqlmap.conf
index a43c901cb..8732d1c2c 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -408,7 +408,7 @@ eta = False
# Default: 1
googlePage = 1
-# Update Microsoft SQL Server XML signature file.
+# Update sqlmap.
# Valid: True or False
updateAll = False