sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

More replacements for refactoring.

Browse Source 
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
This commit is contained in:
Bernardo Damele 2010-11-08 12:36:48 +00:00
parent eb999de0f1
commit 78d7b17483
10 changed files with 41 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -377,7 +377,7 @@ def checkNullConnection():
infoMsg = "NULL connection is supported with HEAD header"
logger.info(infoMsg)
else:
page, headers = Request.getPage(auxHeaders={"Range":"bytes=-1"})
page, headers = Request.getPage(auxHeaders={NULLCONNECTION.RANGE: "bytes=-1"})
if page and len(page) == 1 and 'Content-Range' in headers:
kb.nullConnection = NULLCONNECTION.RANGE

5
lib/controller/controller.py
View File

@ -21,8 +21,6 @@ from lib.controller.checks import checkNullConnection
from lib.core.common import getUnicode
from lib.core.common import paramToDict
from lib.core.common import parseTargetUrl
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
@ -197,7 +195,7 @@ def start():
setCookieAsInjectable = False
if setCookieAsInjectable:
conf.httpHeaders.append(("Cookie", cookieStr))
conf.httpHeaders.append((PLACE.COOKIE, cookieStr))
conf.parameters[PLACE.COOKIE] = cookieStr
__paramDict = paramToDict(PLACE.COOKIE, cookieStr)
@ -214,6 +212,7 @@ def start():
# Do a little prioritization reorder of a testable parameter list
parameters = conf.parameters.keys()
for place in (PLACE.URI, PLACE.POST, PLACE.GET):
if place in parameters:
parameters.remove(place)

4
lib/core/common.py
View File

@ -1570,7 +1570,9 @@ def runningAsAdmin():
def logHTTPTraffic(requestLogMsg, responseLogMsg):
kb.locks.reqLock.acquire()
dataToTrafficFile("%s\n" % requestLogMsg)
dataToTrafficFile("%s\n" % responseLogMsg)
dataToTrafficFile("%s\n" % (160*'#'))
dataToTrafficFile("\n%s\n\n" % (76 * '#'))
kb.locks.reqLock.release()

13
lib/core/option.py
View File

@ -43,6 +43,7 @@ from lib.core.data import paths
from lib.core.data import queries
from lib.core.datatype import advancedDict
from lib.core.enums import HTTPMETHOD
from lib.core.enums import PLACE
from lib.core.enums import PRIORITY
from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapGenericException
@ -847,19 +848,19 @@ def __setHTTPUserAgent():
debugMsg = "setting the HTTP User-Agent header"
logger.debug(debugMsg)
conf.httpHeaders.append(("User-Agent", conf.agent))
conf.httpHeaders.append((PLACE.UA, conf.agent))
return
if not conf.userAgentsFile:
addDefaultUserAgent = True
for header, _ in conf.httpHeaders:
if header == "User-Agent":
if header == PLACE.UA:
addDefaultUserAgent = False
break
if addDefaultUserAgent:
conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent()))
conf.httpHeaders.append((PLACE.UA, __defaultHTTPUserAgent()))
return
@ -875,7 +876,7 @@ def __setHTTPUserAgent():
warnMsg += "file '%s'" % conf.userAgentsFile
logger.warn(warnMsg)
conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent()))
conf.httpHeaders.append((PLACE.UA, __defaultHTTPUserAgent()))
return
@ -887,7 +888,7 @@ def __setHTTPUserAgent():
__userAgent = kb.userAgents[randomRange(stop=__count)]
__userAgent = sanitizeStr(__userAgent)
conf.httpHeaders.append(("User-Agent", __userAgent))
conf.httpHeaders.append((PLACE.UA, __userAgent))
logMsg = "fetched random HTTP User-Agent header from "
logMsg += "file '%s': %s" % (conf.userAgentsFile, __userAgent)
@ -914,7 +915,7 @@ def __setHTTPCookies():
logger.debug(debugMsg)
conf.httpHeaders.append(("Connection", "Keep-Alive"))
conf.httpHeaders.append(("Cookie", conf.cookie))
conf.httpHeaders.append((PLACE.COOKIE, conf.cookie))
def __setHTTPTimeout():
"""

10
lib/core/optiondict.py
View File

@ -59,14 +59,17 @@ optDict = {
"os": "string",
"prefix": "string",
"postfix": "string",
"tamper": "string"
},
"Detection": {
"string": "string",
"regexp": "string",
"eString": "string",
"eRegexp": "string",
"thold": "float",
"textOnly": "boolean",
"longestCommon": "boolean",
"tamper": "string"
"longestCommon": "boolean"
},
"Techniques": {
@ -147,6 +150,7 @@ optDict = {
"Miscellaneous": {
"xmlFile": "string",
"sessionFile": "string",
"trafficFile": "string",
"flushSession": "boolean",
"forms": "boolean",
"eta": "boolean",
@ -155,6 +159,8 @@ optDict = {
"batch": "boolean",
"cleanup": "boolean",
"replicate": "boolean",
"checkPayload": "boolean",
"beep": "boolean",
"verbose": "integer"
},
}

4
lib/core/target.py
View File

@ -99,12 +99,12 @@ def __setRequestParams():
# Perform checks on User-Agent header value
if conf.httpHeaders:
for httpHeader, headerValue in conf.httpHeaders:
if httpHeader == "User-Agent":
if httpHeader == PLACE.UA:
# No need for url encoding/decoding the user agent
conf.parameters[PLACE.UA] = headerValue
condition = not conf.testParameter
condition |= "User-Agent" in conf.testParameter
condition |= PLACE.UA in conf.testParameter
condition |= "user-agent" in conf.testParameter
condition |= "useragent" in conf.testParameter
condition |= "ua" in conf.testParameter

4
lib/parse/cmdline.py
View File

@ -457,8 +457,8 @@ def cmdLineParser():
"on a session file")
miscellaneous.add_option("-t", dest="trafficFile",
help="Save all HTTP traffic data "
"into a textual file")
help="Log all HTTP traffic into a "
"textual file")
miscellaneous.add_option("--flush-session", dest="flushSession",
action="store_true", default=False,

5
lib/request/basic.py
View File

@ -21,6 +21,7 @@ from lib.core.common import posixToNtSlashes
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import PLACE
from lib.parse.headers import headersParser
from lib.parse.html import htmlParser
@ -33,9 +34,9 @@ def forgeHeaders(cookie, ua):
headers = {}
for header, value in conf.httpHeaders:
if cookie and header == "Cookie":
if cookie and header == PLACE.COOKIE:
headers[header] = cookie
elif ua and header == "User-Agent":
elif ua and header == PLACE.UA:
headers[header] = ua
else:
headers[header] = value

6
lib/request/connect.py
View File

@ -166,7 +166,7 @@ class Connect:
requestHeaders += "\n".join(["%s: %s" % (header, value) for header, value in req.header_items()])
if not req.has_header("Cookie") and cookieStr:
if not req.has_header(PLACE.COOKIE) and cookieStr:
requestHeaders += "\n%s" % cookieStr[:-2]
if not req.has_header("Connection"):
@ -283,7 +283,7 @@ class Connect:
page = sanitizeAsciiString(page)
parseResponse(page, responseHeaders)
responseMsg += "[#%d] (%s - %d):\n" % (requestID, status, code)
responseMsg += "[#%d] (%d %s):\n" % (requestID, code, status)
logHeaders = "\n".join(["%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, value) for (key, value) in responseHeaders.items()])
logHTTPTraffic(requestMsg, "%s%s\n\n%s" % (responseMsg, logHeaders, page))
@ -370,7 +370,7 @@ class Connect:
if not auxHeaders:
auxHeaders = {}
auxHeaders["Range"] = "bytes=-1"
auxHeaders[NULLCONNECTION.RANGE] = "bytes=-1"
_, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)

9
sqlmap.conf
View File

@ -499,6 +499,9 @@ xmlFile =
# Save and resume all data retrieved on a session file.
sessionFile =
# Log all HTTP traffic into a textual file.
trafficFile =
# Flush session file for current target.
# Valid: True or False
flushSession = False
@ -533,6 +536,12 @@ cleanup = False
# Valid: True or False
replicate = False
# IDS detection testing of injection payload.
checkPayload = False
# Alert with audio beep when sql injection found.
beep = False
# Verbosity level.
# Valid: integer between 0 and 6
# 0: Show only critical messages