sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-26 05:31:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

fixing support for parsing BURP logs

Browse Source
This commit is contained in:
Miroslav Stampar 2011-10-27 17:31:34 +00:00
parent 6b7920d89a
commit 7ce3af68fc
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -417,6 +417,9 @@ Andrea Rossi <andyroyalbattle@yahoo.it>
for reporting a minor bug for reporting a minor bug
for suggesting a feature for suggesting a feature
Mathew Rowley <mathew.rowley@intrepidusgroup.com>
for reporting a bug
Frederic Roy <frederic.roy@telindus.fr> Frederic Roy <frederic.roy@telindus.fr>
for reporting a couple of bugs for reporting a couple of bugs

13
lib/core/option.py
View File

@ -99,7 +99,7 @@ from lib.core.settings import FIREBIRD_ALIASES
from lib.core.settings import MAXDB_ALIASES from lib.core.settings import MAXDB_ALIASES
from lib.core.settings import SYBASE_ALIASES from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import DB2_ALIASES from lib.core.settings import DB2_ALIASES
from lib.core.settings import BURP_SPLITTER from lib.core.settings import BURP_REQUEST_REGEX
from lib.core.settings import LOCALHOST from lib.core.settings import LOCALHOST
from lib.core.settings import MAX_NUMBER_OF_THREADS from lib.core.settings import MAX_NUMBER_OF_THREADS
from lib.core.settings import PARAMETER_SPLITTING_REGEX from lib.core.settings import PARAMETER_SPLITTING_REGEX
@ -211,20 +211,23 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
port = None port = None
scheme = None scheme = None
reqResList = content.split(BURP_SPLITTER) reqResList = re.findall(BURP_REQUEST_REGEX, content, re.I | re.S)
if not reqResList:
reqResList = [content]
for request in reqResList: for request in reqResList:
if scheme is None: if scheme is None:
schemePort = re.search("\d\d[\:|\.]\d\d[\:|\.]\d\d\s+(http[\w]*)\:\/\/.*?\:([\d]+)", request, re.I) schemePort = re.search("(http[\w]*)\:\/\/.*?\:([\d]+).+?={10,}", request, re.I | re.S)
if schemePort: if schemePort:
scheme = schemePort.group(1) scheme = schemePort.group(1)
port = schemePort.group(2) port = schemePort.group(2)
if not re.search ("^[\n]*(GET|POST).*?\sHTTP\/", request, re.I): if not re.search ("^[\n]*(GET|POST).*?\sHTTP\/", request, re.I | re.M):
continue continue
if re.search("^[\n]*(GET|POST).*?\.(gif|jpg|png)\sHTTP\/", request, re.I): if re.search("^[\n]*(GET|POST).*?\.(gif|jpg|png)\sHTTP\/", request, re.I | re.M):
continue continue
getPostReq = False getPostReq = False

2
lib/core/settings.py
View File

@ -267,7 +267,7 @@ COMMON_PASSWORD_SUFFIXES += ["!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@
WEBSCARAB_SPLITTER = "### Conversation" WEBSCARAB_SPLITTER = "### Conversation"
# Splitter used between requests in BURP log files # Splitter used between requests in BURP log files
BURP_SPLITTER = "======================================================" BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s+.+?={10,}"
# Encoding used for Unicode data # Encoding used for Unicode data
UNICODE_ENCODING = "utf8" UNICODE_ENCODING = "utf8"