More replacements for refactoring.

Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.

lib/controller/checks.py

@@ -377,7 +377,7 @@ def checkNullConnection():
             infoMsg = "NULL connection is supported with HEAD header"
             logger.info(infoMsg)
         else:
-            page, headers = Request.getPage(auxHeaders={"Range":"bytes=-1"})
+            page, headers = Request.getPage(auxHeaders={NULLCONNECTION.RANGE: "bytes=-1"})
             if page and len(page) == 1 and 'Content-Range' in headers:
                 kb.nullConnection = NULLCONNECTION.RANGE
 

lib/controller/controller.py

@@ -21,8 +21,6 @@ from lib.controller.checks import checkNullConnection
 from lib.core.common import getUnicode
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
-from lib.core.common import popValue
-from lib.core.common import pushValue
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
@@ -197,7 +195,7 @@ def start():
                             setCookieAsInjectable = False
 
                     if setCookieAsInjectable:
-                        conf.httpHeaders.append(("Cookie", cookieStr))
+                        conf.httpHeaders.append((PLACE.COOKIE, cookieStr))
                         conf.parameters[PLACE.COOKIE] = cookieStr
                         __paramDict = paramToDict(PLACE.COOKIE, cookieStr)
 
@@ -214,6 +212,7 @@ def start():
 
                 # Do a little prioritization reorder of a testable parameter list 
                 parameters = conf.parameters.keys()
+
                 for place in (PLACE.URI, PLACE.POST, PLACE.GET):
                     if place in parameters:
                         parameters.remove(place)

lib/core/common.py

@@ -1570,7 +1570,9 @@ def runningAsAdmin():
 
 def logHTTPTraffic(requestLogMsg, responseLogMsg):
     kb.locks.reqLock.acquire()
+
     dataToTrafficFile("%s\n" % requestLogMsg)
     dataToTrafficFile("%s\n" % responseLogMsg)
-    dataToTrafficFile("%s\n" % (160*'#'))
+    dataToTrafficFile("\n%s\n\n" % (76 * '#'))
+
     kb.locks.reqLock.release()

lib/core/option.py

@@ -43,6 +43,7 @@ from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.datatype import advancedDict
 from lib.core.enums import HTTPMETHOD
+from lib.core.enums import PLACE
 from lib.core.enums import PRIORITY
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
@@ -847,19 +848,19 @@ def __setHTTPUserAgent():
         debugMsg = "setting the HTTP User-Agent header"
         logger.debug(debugMsg)
 
-        conf.httpHeaders.append(("User-Agent", conf.agent))
+        conf.httpHeaders.append((PLACE.UA, conf.agent))
         return
 
     if not conf.userAgentsFile:
         addDefaultUserAgent = True
 
         for header, _ in conf.httpHeaders:
-            if header == "User-Agent":
+            if header == PLACE.UA:
                 addDefaultUserAgent = False
                 break
 
         if addDefaultUserAgent:
-            conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent()))
+            conf.httpHeaders.append((PLACE.UA, __defaultHTTPUserAgent()))
 
         return
 
@@ -875,7 +876,7 @@ def __setHTTPUserAgent():
             warnMsg += "file '%s'" % conf.userAgentsFile
             logger.warn(warnMsg)
 
-            conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent()))
+            conf.httpHeaders.append((PLACE.UA, __defaultHTTPUserAgent()))
 
             return
 
@@ -887,7 +888,7 @@ def __setHTTPUserAgent():
         __userAgent = kb.userAgents[randomRange(stop=__count)]
 
     __userAgent = sanitizeStr(__userAgent)
-    conf.httpHeaders.append(("User-Agent", __userAgent))
+    conf.httpHeaders.append((PLACE.UA, __userAgent))
 
     logMsg  = "fetched random HTTP User-Agent header from "
     logMsg += "file '%s': %s" % (conf.userAgentsFile, __userAgent)
@@ -914,7 +915,7 @@ def __setHTTPCookies():
         logger.debug(debugMsg)
 
         conf.httpHeaders.append(("Connection", "Keep-Alive"))
-        conf.httpHeaders.append(("Cookie", conf.cookie))
+        conf.httpHeaders.append((PLACE.COOKIE, conf.cookie))
 
 def __setHTTPTimeout():
     """

lib/core/optiondict.py

@@ -59,14 +59,17 @@ optDict = {
                                "os":                "string",
                                "prefix":            "string",
                                "postfix":           "string",
+                               "tamper":            "string"
+                             },
+
+            "Detection":     {
                                "string":            "string",
                                "regexp":            "string",
                                "eString":           "string",
                                "eRegexp":           "string",
                                "thold":             "float",
                                "textOnly":          "boolean",
-                               "longestCommon":     "boolean",
+                               "longestCommon":     "boolean"
-                               "tamper":            "string"
                              },
 
             "Techniques":    {
@@ -147,6 +150,7 @@ optDict = {
             "Miscellaneous": {
                                "xmlFile":           "string",
                                "sessionFile":       "string",
+                               "trafficFile":       "string",
                                "flushSession":      "boolean",
                                "forms":             "boolean",
                                "eta":               "boolean",
@@ -155,6 +159,8 @@ optDict = {
                                "batch":             "boolean",
                                "cleanup":           "boolean",
                                "replicate":         "boolean",
+                               "checkPayload":      "boolean",
+                               "beep":              "boolean",
                                "verbose":           "integer"
                              },
           }

lib/core/target.py

@@ -99,12 +99,12 @@ def __setRequestParams():
     # Perform checks on User-Agent header value
     if conf.httpHeaders:
         for httpHeader, headerValue in conf.httpHeaders:
-            if httpHeader == "User-Agent":
+            if httpHeader == PLACE.UA:
                 # No need for url encoding/decoding the user agent
                 conf.parameters[PLACE.UA] = headerValue
 
                 condition  = not conf.testParameter
-                condition |= "User-Agent" in conf.testParameter
+                condition |= PLACE.UA in conf.testParameter
                 condition |= "user-agent" in conf.testParameter
                 condition |= "useragent" in conf.testParameter
                 condition |= "ua" in conf.testParameter

lib/parse/cmdline.py

@@ -457,8 +457,8 @@ def cmdLineParser():
                                       "on a session file")
 
         miscellaneous.add_option("-t", dest="trafficFile",
-                                 help="Save all HTTP traffic data "
+                                 help="Log all HTTP traffic into a "
-                                      "into a textual file")
+                                      "textual file")
 
         miscellaneous.add_option("--flush-session", dest="flushSession",
                                  action="store_true", default=False,

lib/request/basic.py

@@ -21,6 +21,7 @@ from lib.core.common import posixToNtSlashes
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.enums import PLACE
 from lib.parse.headers import headersParser
 from lib.parse.html import htmlParser
 
@@ -33,9 +34,9 @@ def forgeHeaders(cookie, ua):
     headers = {}
 
     for header, value in conf.httpHeaders:
-        if cookie and header == "Cookie":
+        if cookie and header == PLACE.COOKIE:
             headers[header] = cookie
-        elif ua and header == "User-Agent":
+        elif ua and header == PLACE.UA:
             headers[header] = ua
         else:
             headers[header] = value

lib/request/connect.py

@@ -166,7 +166,7 @@ class Connect:
 
             requestHeaders += "\n".join(["%s: %s" % (header, value) for header, value in req.header_items()])
 
-            if not req.has_header("Cookie") and cookieStr:
+            if not req.has_header(PLACE.COOKIE) and cookieStr:
                 requestHeaders += "\n%s" % cookieStr[:-2]
 
             if not req.has_header("Connection"):
@@ -283,7 +283,7 @@ class Connect:
         page = sanitizeAsciiString(page)
         parseResponse(page, responseHeaders)
 
-        responseMsg += "[#%d] (%s - %d):\n" % (requestID, status, code)
+        responseMsg += "[#%d] (%d %s):\n" % (requestID, code, status)
         logHeaders = "\n".join(["%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, value) for (key, value) in responseHeaders.items()])
 
         logHTTPTraffic(requestMsg, "%s%s\n\n%s" % (responseMsg, logHeaders, page))
@@ -370,7 +370,7 @@ class Connect:
                 if not auxHeaders:
                     auxHeaders = {}
 
-                auxHeaders["Range"] = "bytes=-1"
+                auxHeaders[NULLCONNECTION.RANGE] = "bytes=-1"
 
             _, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
 

sqlmap.conf

@@ -499,6 +499,9 @@ xmlFile =
 # Save and resume all data retrieved on a session file.
 sessionFile = 
 
+# Log all HTTP traffic into a textual file.
+trafficFile = 
+
 # Flush session file for current target.
 # Valid: True or False
 flushSession = False
@@ -533,6 +536,12 @@ cleanup = False
 # Valid: True or False
 replicate = False
 
+# IDS detection testing of injection payload.
+checkPayload = False
+
+# Alert with audio beep when sql injection found.
+beep = False
+
 # Verbosity level.
 # Valid: integer between 0 and 6
 # 0: Show only critical messages