mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
More replacements for refactoring.
Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters.
This commit is contained in:
parent
eb999de0f1
commit
78d7b17483
|
@ -377,7 +377,7 @@ def checkNullConnection():
|
|||
infoMsg = "NULL connection is supported with HEAD header"
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
page, headers = Request.getPage(auxHeaders={"Range":"bytes=-1"})
|
||||
page, headers = Request.getPage(auxHeaders={NULLCONNECTION.RANGE: "bytes=-1"})
|
||||
if page and len(page) == 1 and 'Content-Range' in headers:
|
||||
kb.nullConnection = NULLCONNECTION.RANGE
|
||||
|
||||
|
|
|
@ -21,8 +21,6 @@ from lib.controller.checks import checkNullConnection
|
|||
from lib.core.common import getUnicode
|
||||
from lib.core.common import paramToDict
|
||||
from lib.core.common import parseTargetUrl
|
||||
from lib.core.common import popValue
|
||||
from lib.core.common import pushValue
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
|
@ -197,7 +195,7 @@ def start():
|
|||
setCookieAsInjectable = False
|
||||
|
||||
if setCookieAsInjectable:
|
||||
conf.httpHeaders.append(("Cookie", cookieStr))
|
||||
conf.httpHeaders.append((PLACE.COOKIE, cookieStr))
|
||||
conf.parameters[PLACE.COOKIE] = cookieStr
|
||||
__paramDict = paramToDict(PLACE.COOKIE, cookieStr)
|
||||
|
||||
|
@ -214,6 +212,7 @@ def start():
|
|||
|
||||
# Do a little prioritization reorder of a testable parameter list
|
||||
parameters = conf.parameters.keys()
|
||||
|
||||
for place in (PLACE.URI, PLACE.POST, PLACE.GET):
|
||||
if place in parameters:
|
||||
parameters.remove(place)
|
||||
|
|
|
@ -1570,7 +1570,9 @@ def runningAsAdmin():
|
|||
|
||||
def logHTTPTraffic(requestLogMsg, responseLogMsg):
|
||||
kb.locks.reqLock.acquire()
|
||||
|
||||
dataToTrafficFile("%s\n" % requestLogMsg)
|
||||
dataToTrafficFile("%s\n" % responseLogMsg)
|
||||
dataToTrafficFile("%s\n" % (160*'#'))
|
||||
dataToTrafficFile("\n%s\n\n" % (76 * '#'))
|
||||
|
||||
kb.locks.reqLock.release()
|
||||
|
|
|
@ -43,6 +43,7 @@ from lib.core.data import paths
|
|||
from lib.core.data import queries
|
||||
from lib.core.datatype import advancedDict
|
||||
from lib.core.enums import HTTPMETHOD
|
||||
from lib.core.enums import PLACE
|
||||
from lib.core.enums import PRIORITY
|
||||
from lib.core.exception import sqlmapFilePathException
|
||||
from lib.core.exception import sqlmapGenericException
|
||||
|
@ -765,7 +766,7 @@ def __setHTTPAuthentication():
|
|||
errMsg += "must be in format key_file,cert_file"
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
|
||||
#os.path.expanduser for support of paths with ~
|
||||
# os.path.expanduser for support of paths with ~
|
||||
key_file = os.path.expanduser(aCertRegExp.group(1))
|
||||
cert_file = os.path.expanduser(aCertRegExp.group(2))
|
||||
|
||||
|
@ -847,19 +848,19 @@ def __setHTTPUserAgent():
|
|||
debugMsg = "setting the HTTP User-Agent header"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
conf.httpHeaders.append(("User-Agent", conf.agent))
|
||||
conf.httpHeaders.append((PLACE.UA, conf.agent))
|
||||
return
|
||||
|
||||
if not conf.userAgentsFile:
|
||||
addDefaultUserAgent = True
|
||||
|
||||
for header, _ in conf.httpHeaders:
|
||||
if header == "User-Agent":
|
||||
if header == PLACE.UA:
|
||||
addDefaultUserAgent = False
|
||||
break
|
||||
|
||||
if addDefaultUserAgent:
|
||||
conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent()))
|
||||
conf.httpHeaders.append((PLACE.UA, __defaultHTTPUserAgent()))
|
||||
|
||||
return
|
||||
|
||||
|
@ -875,7 +876,7 @@ def __setHTTPUserAgent():
|
|||
warnMsg += "file '%s'" % conf.userAgentsFile
|
||||
logger.warn(warnMsg)
|
||||
|
||||
conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent()))
|
||||
conf.httpHeaders.append((PLACE.UA, __defaultHTTPUserAgent()))
|
||||
|
||||
return
|
||||
|
||||
|
@ -887,7 +888,7 @@ def __setHTTPUserAgent():
|
|||
__userAgent = kb.userAgents[randomRange(stop=__count)]
|
||||
|
||||
__userAgent = sanitizeStr(__userAgent)
|
||||
conf.httpHeaders.append(("User-Agent", __userAgent))
|
||||
conf.httpHeaders.append((PLACE.UA, __userAgent))
|
||||
|
||||
logMsg = "fetched random HTTP User-Agent header from "
|
||||
logMsg += "file '%s': %s" % (conf.userAgentsFile, __userAgent)
|
||||
|
@ -914,7 +915,7 @@ def __setHTTPCookies():
|
|||
logger.debug(debugMsg)
|
||||
|
||||
conf.httpHeaders.append(("Connection", "Keep-Alive"))
|
||||
conf.httpHeaders.append(("Cookie", conf.cookie))
|
||||
conf.httpHeaders.append((PLACE.COOKIE, conf.cookie))
|
||||
|
||||
def __setHTTPTimeout():
|
||||
"""
|
||||
|
|
|
@ -59,14 +59,17 @@ optDict = {
|
|||
"os": "string",
|
||||
"prefix": "string",
|
||||
"postfix": "string",
|
||||
"tamper": "string"
|
||||
},
|
||||
|
||||
"Detection": {
|
||||
"string": "string",
|
||||
"regexp": "string",
|
||||
"eString": "string",
|
||||
"eRegexp": "string",
|
||||
"thold": "float",
|
||||
"textOnly": "boolean",
|
||||
"longestCommon": "boolean",
|
||||
"tamper": "string"
|
||||
"longestCommon": "boolean"
|
||||
},
|
||||
|
||||
"Techniques": {
|
||||
|
@ -147,6 +150,7 @@ optDict = {
|
|||
"Miscellaneous": {
|
||||
"xmlFile": "string",
|
||||
"sessionFile": "string",
|
||||
"trafficFile": "string",
|
||||
"flushSession": "boolean",
|
||||
"forms": "boolean",
|
||||
"eta": "boolean",
|
||||
|
@ -155,6 +159,8 @@ optDict = {
|
|||
"batch": "boolean",
|
||||
"cleanup": "boolean",
|
||||
"replicate": "boolean",
|
||||
"checkPayload": "boolean",
|
||||
"beep": "boolean",
|
||||
"verbose": "integer"
|
||||
},
|
||||
}
|
||||
|
|
|
@ -99,12 +99,12 @@ def __setRequestParams():
|
|||
# Perform checks on User-Agent header value
|
||||
if conf.httpHeaders:
|
||||
for httpHeader, headerValue in conf.httpHeaders:
|
||||
if httpHeader == "User-Agent":
|
||||
if httpHeader == PLACE.UA:
|
||||
# No need for url encoding/decoding the user agent
|
||||
conf.parameters[PLACE.UA] = headerValue
|
||||
|
||||
condition = not conf.testParameter
|
||||
condition |= "User-Agent" in conf.testParameter
|
||||
condition |= PLACE.UA in conf.testParameter
|
||||
condition |= "user-agent" in conf.testParameter
|
||||
condition |= "useragent" in conf.testParameter
|
||||
condition |= "ua" in conf.testParameter
|
||||
|
|
|
@ -457,8 +457,8 @@ def cmdLineParser():
|
|||
"on a session file")
|
||||
|
||||
miscellaneous.add_option("-t", dest="trafficFile",
|
||||
help="Save all HTTP traffic data "
|
||||
"into a textual file")
|
||||
help="Log all HTTP traffic into a "
|
||||
"textual file")
|
||||
|
||||
miscellaneous.add_option("--flush-session", dest="flushSession",
|
||||
action="store_true", default=False,
|
||||
|
|
|
@ -21,6 +21,7 @@ from lib.core.common import posixToNtSlashes
|
|||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import PLACE
|
||||
from lib.parse.headers import headersParser
|
||||
from lib.parse.html import htmlParser
|
||||
|
||||
|
@ -33,9 +34,9 @@ def forgeHeaders(cookie, ua):
|
|||
headers = {}
|
||||
|
||||
for header, value in conf.httpHeaders:
|
||||
if cookie and header == "Cookie":
|
||||
if cookie and header == PLACE.COOKIE:
|
||||
headers[header] = cookie
|
||||
elif ua and header == "User-Agent":
|
||||
elif ua and header == PLACE.UA:
|
||||
headers[header] = ua
|
||||
else:
|
||||
headers[header] = value
|
||||
|
|
|
@ -166,7 +166,7 @@ class Connect:
|
|||
|
||||
requestHeaders += "\n".join(["%s: %s" % (header, value) for header, value in req.header_items()])
|
||||
|
||||
if not req.has_header("Cookie") and cookieStr:
|
||||
if not req.has_header(PLACE.COOKIE) and cookieStr:
|
||||
requestHeaders += "\n%s" % cookieStr[:-2]
|
||||
|
||||
if not req.has_header("Connection"):
|
||||
|
@ -283,7 +283,7 @@ class Connect:
|
|||
page = sanitizeAsciiString(page)
|
||||
parseResponse(page, responseHeaders)
|
||||
|
||||
responseMsg += "[#%d] (%s - %d):\n" % (requestID, status, code)
|
||||
responseMsg += "[#%d] (%d %s):\n" % (requestID, code, status)
|
||||
logHeaders = "\n".join(["%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, value) for (key, value) in responseHeaders.items()])
|
||||
|
||||
logHTTPTraffic(requestMsg, "%s%s\n\n%s" % (responseMsg, logHeaders, page))
|
||||
|
@ -370,7 +370,7 @@ class Connect:
|
|||
if not auxHeaders:
|
||||
auxHeaders = {}
|
||||
|
||||
auxHeaders["Range"] = "bytes=-1"
|
||||
auxHeaders[NULLCONNECTION.RANGE] = "bytes=-1"
|
||||
|
||||
_, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
|
||||
|
||||
|
|
|
@ -499,6 +499,9 @@ xmlFile =
|
|||
# Save and resume all data retrieved on a session file.
|
||||
sessionFile =
|
||||
|
||||
# Log all HTTP traffic into a textual file.
|
||||
trafficFile =
|
||||
|
||||
# Flush session file for current target.
|
||||
# Valid: True or False
|
||||
flushSession = False
|
||||
|
@ -533,6 +536,12 @@ cleanup = False
|
|||
# Valid: True or False
|
||||
replicate = False
|
||||
|
||||
# IDS detection testing of injection payload.
|
||||
checkPayload = False
|
||||
|
||||
# Alert with audio beep when sql injection found.
|
||||
beep = False
|
||||
|
||||
# Verbosity level.
|
||||
# Valid: integer between 0 and 6
|
||||
# 0: Show only critical messages
|
||||
|
|
Loading…
Reference in New Issue
Block a user