sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

fixing support for parsing BURP logs

Browse Source
This commit is contained in:
Miroslav Stampar 2011-10-27 17:31:34 +00:00
parent 6b7920d89a
commit 7ce3af68fc
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -417,6 +417,9 @@ Andrea Rossi <andyroyalbattle@yahoo.it>
for reporting a minor bug
for suggesting a feature
Mathew Rowley <mathew.rowley@intrepidusgroup.com>
for reporting a bug
Frederic Roy <frederic.roy@telindus.fr>
for reporting a couple of bugs

13
lib/core/option.py
View File

@ -99,7 +99,7 @@ from lib.core.settings import FIREBIRD_ALIASES
from lib.core.settings import MAXDB_ALIASES
from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import DB2_ALIASES
from lib.core.settings import BURP_SPLITTER
from lib.core.settings import BURP_REQUEST_REGEX
from lib.core.settings import LOCALHOST
from lib.core.settings import MAX_NUMBER_OF_THREADS
from lib.core.settings import PARAMETER_SPLITTING_REGEX
@ -211,20 +211,23 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
port = None
scheme = None
reqResList = content.split(BURP_SPLITTER)
reqResList = re.findall(BURP_REQUEST_REGEX, content, re.I | re.S)
if not reqResList:
reqResList = [content]
for request in reqResList:
if scheme is None:
schemePort = re.search("\d\d[\:|\.]\d\d[\:|\.]\d\d\s+(http[\w]*)\:\/\/.*?\:([\d]+)", request, re.I)
schemePort = re.search("(http[\w]*)\:\/\/.*?\:([\d]+).+?={10,}", request, re.I | re.S)
if schemePort:
scheme = schemePort.group(1)
port = schemePort.group(2)
if not re.search ("^[\n]*(GET|POST).*?\sHTTP\/", request, re.I):
if not re.search ("^[\n]*(GET|POST).*?\sHTTP\/", request, re.I | re.M):
continue
if re.search("^[\n]*(GET|POST).*?\.(gif|jpg|png)\sHTTP\/", request, re.I):
if re.search("^[\n]*(GET|POST).*?\.(gif|jpg|png)\sHTTP\/", request, re.I | re.M):
continue
getPostReq = False

2
lib/core/settings.py
View File

@ -267,7 +267,7 @@ COMMON_PASSWORD_SUFFIXES += ["!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@
WEBSCARAB_SPLITTER = "### Conversation"
# Splitter used between requests in BURP log files
BURP_SPLITTER = "======================================================"
BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s+.+?={10,}"
# Encoding used for Unicode data
UNICODE_ENCODING = "utf8"