From 823dde73ab9f9216632b8b412c48f35e228f1dae Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 20 Aug 2012 11:40:49 +0200 Subject: [PATCH] Minor cleanup --- lib/controller/checks.py | 47 +++--------------------------------- lib/controller/controller.py | 20 ++++----------- lib/core/option.py | 1 + lib/parse/cmdline.py | 5 +--- lib/request/connect.py | 7 ++---- 5 files changed, 12 insertions(+), 68 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 54188a6eb..c74a0b8b8 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -190,7 +190,7 @@ def checkSqlInjection(place, parameter, value): msg += "back-end DBMS could be %s. " % Format.getErrorParsedDBMSes() msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]" - if conf.realTest or readInput(msg, default="Y") in ("y", "Y"): + if readInput(msg, default="Y") in ("y", "Y"): kb.skipOthersDbms = Backend.getErrorParsedDBMSes() else: kb.skipOthersDbms = [] @@ -503,7 +503,7 @@ def checkSqlInjection(place, parameter, value): injection.conf.regexp = conf.regexp injection.conf.optimize = conf.optimize - if conf.beep or conf.realTest: + if conf.beep: beep() # There is no need to perform this test for other @@ -644,44 +644,6 @@ def heuristicCheckSqlInjection(place, parameter): return result -def simpletonCheckSqlInjection(place, parameter, value): - """ - This is a function for the quickest and simplest - SQL injection check (e.g. AND 1=1) - only works - with integer parameters - """ - - result = False - randInt = randomInt() - - if value.isdigit(): - payload = "%s AND %d=%d" % (value, randInt, randInt) - else: - return False - - payload = agent.payload(place, parameter, value, payload) - firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False) - - if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()): - if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO: - payload = "%s AND %d=%d" % (value, randInt, randInt + 1) - - payload = agent.payload(place, parameter, value, payload) - secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False) - result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO - - infoMsg = "simpleton test shows that %s " % place - infoMsg += "parameter '%s' might " % parameter - - if result: - infoMsg += "be injectable" - logger.info(infoMsg) - else: - infoMsg += "not be injectable" - logger.warn(infoMsg) - - return result - def checkDynParam(place, parameter, value): """ This function checks if the url parameter is dynamic. If it is @@ -806,10 +768,7 @@ def checkStability(): logger.warn(warnMsg) message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] " - if not conf.realTest: - test = readInput(message, default="C") - else: - test = None + test = readInput(message, default="C") if test and test[0] in ("q", "Q"): raise sqlmapUserQuitException diff --git a/lib/controller/controller.py b/lib/controller/controller.py index e0cdcfd2f..c62f3111b 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -18,7 +18,6 @@ from lib.controller.checks import checkConnection from lib.controller.checks import checkNullConnection from lib.controller.checks import checkWaf from lib.controller.checks import heuristicCheckSqlInjection -from lib.controller.checks import simpletonCheckSqlInjection from lib.core.agent import agent from lib.core.common import extractRegexResult from lib.core.common import getFilteredPageContent @@ -327,8 +326,6 @@ def start(): elif test[0] in ("q", "Q"): break - elif conf.realTest: - logger.info(message) else: message += "\ndo you want to test this url? [Y/n/q]" test = readInput(message, default="Y") @@ -440,11 +437,9 @@ def start(): infoMsg = "ignoring %s parameter '%s'" % (place, parameter) logger.info(infoMsg) - elif conf.realTest: - pass - elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech: - if not checkDynParam(place, parameter, value): + kb.dynamicParameter = checkDynParam(place, parameter, value) + if not kb.dynamicParameter: warnMsg = "%s parameter '%s' appears to be not dynamic" % (place, parameter) logger.warn(warnMsg) @@ -458,7 +453,7 @@ def start(): check = heuristicCheckSqlInjection(place, parameter) if not check: - if conf.smart or conf.realTest and not simpletonCheckSqlInjection(place, parameter, value): + if conf.smart: infoMsg = "skipping %s parameter '%s'" % (place, parameter) logger.info(infoMsg) continue @@ -495,7 +490,7 @@ def start(): errMsg = "no parameter(s) found for testing in the provided data " errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')" raise sqlmapNoneDataException, errMsg - elif not conf.realTest: + else: errMsg = "all parameters appear to be not injectable." if conf.level < 5 or conf.risk < 3: @@ -542,9 +537,6 @@ def start(): errMsg += "expression that you have choosen " errMsg += "does not match exclusively True responses" - raise sqlmapNotVulnerableException, errMsg - else: - errMsg = "it seems that all parameters are not injectable" raise sqlmapNotVulnerableException, errMsg else: # Flush the flag @@ -556,9 +548,7 @@ def start(): __selectInjection() if kb.injection.place is not None and kb.injection.parameter is not None: - if kb.testQueryCount == 0 and conf.realTest: - condition = False - elif conf.multipleTargets: + if conf.multipleTargets: message = "do you want to exploit this SQL injection? [Y/n] " exploit = readInput(message, default="Y") diff --git a/lib/core/option.py b/lib/core/option.py index abb1f5a8b..046230ffb 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1484,6 +1484,7 @@ def __setKnowledgeBaseAttributes(flushAll=True): kb.docRoot = None kb.dumpTable = None kb.dynamicMarkings = [] + kb.dynamicParameter = False kb.endDetection = False kb.explicitSettings = set() kb.errorIsNone = True diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 7e15c3c04..13907f505 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -668,9 +668,6 @@ def cmdLineParser(): parser.add_option("--live-test", dest="liveTest", action="store_true", help=SUPPRESS_HELP) - parser.add_option("--real-test", dest="realTest", action="store_true", - help=SUPPRESS_HELP) - parser.add_option("--run-case", dest="runCase", type="int", help=SUPPRESS_HELP) @@ -744,7 +741,7 @@ def cmdLineParser(): expandMnemonics(sys.argv[i+1], parser, args) if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \ - args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard, args.dependencies, args.purgeOutput)): + args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purgeOutput)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), " errMsg += "use -h for basic or -hh for advanced help" parser.error(errMsg) diff --git a/lib/request/connect.py b/lib/request/connect.py index 607e650cf..1f88335c4 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -268,9 +268,6 @@ class Connect: # Prepare HTTP headers headers = forgeHeaders({HTTPHEADER.COOKIE: cookie, HTTPHEADER.USER_AGENT: ua, HTTPHEADER.REFERER: referer}) - if conf.realTest: - headers[HTTPHEADER.REFERER] = "%s://%s" % (conf.scheme, conf.hostname) - if kb.authHeader: headers[HTTPHEADER.AUTHORIZATION] = kb.authHeader @@ -447,7 +444,7 @@ class Connect: return None, None, None else: warnMsg = "unable to connect to the target url (%d - %s)" % (e.code, httplib.responses[e.code]) - if threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest: + if threadData.retriesCount < conf.retries and not kb.threadException: warnMsg += ", sqlmap is going to retry the request" logger.critical(warnMsg) return Connect.__retryProxy(**kwargs) @@ -490,7 +487,7 @@ class Connect: return None, None, None elif silent or (ignoreTimeout and any(_ in tbMsg for _ in ("timed out", "IncompleteRead"))): return None, None, None - elif threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest: + elif threadData.retriesCount < conf.retries and not kb.threadException: warnMsg += ", sqlmap is going to retry the request" logger.critical(warnMsg) return Connect.__retryProxy(**kwargs)