new feature --forms (still unfinished)

2024-11-22 09:36:35 +03:00 · 2010-10-10 18:56:43 +00:00 · 2010-10-10 18:56:43 +00:00 · 8fcad29bbf
commit 8fcad29bbf
parent de0f6b6f72
6 changed files with 3462 additions and 10 deletions
--- a/extra/clientform/init.py
+++ b/extra/clientform/init.py
@ -0,0 +1,19 @@
+#!/usr/bin/env python
+#
+# Copyright 2007-2008 David McNab
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+pass
--- a/extra/clientform/clientform.py
+++ b/extra/clientform/clientform.py
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -43,6 +43,7 @@ from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setInjection
 from lib.core.target import initTargetEnv
 from lib.core.target import setupTargetEnv
+from lib.core.target import __setPageForms
 from lib.utils.parenthesis import checkForParenthesis

 def __selectInjection(injData):
@ -105,7 +106,10 @@ def start():
        return True

    if conf.url:
-        kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie ))
+        if conf.forms:
+            __setPageForms()
+        else:
+            kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie ))

    if conf.configFile and not kb.targetUrls:
        errMsg  = "you did not edit the configuration file properly, set "
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -27,8 +27,10 @@ import os
 import re
 import time

+from extra.clientform.clientform import ParseResponse
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
+from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -39,6 +41,7 @@ from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.session import resumeConfKb
 from lib.core.xmldump import dumper as xmldumper
+from lib.request.connect import Connect as Request

 def __setRequestParams():
    """
@ -133,6 +136,20 @@ def __setRequestParams():
        errMsg += "within the GET, POST and Cookie parameters"
        raise sqlmapGenericException, errMsg

+def __setPageForms():
+    response, _ = Request.queryPage(response=True)
+    forms = ParseResponse(response, backwards_compat=False)
+    count = 1
+    for form in forms:
+        request = form.click()
+        url = request.get_full_url()
+        method = request.get_method()
+        data = request.get_data() if request.has_data() else None
+        message = "Form #%d (%s) [default: '%s'] " % (count, form.name, data)
+        test = readInput(message, default=data)
+        count +=1
+        kb.targetUrls.add((url, method, data, conf.cookie))
+
 def __setOutputResume():
    """
    Check and set the output text file and the resume functionality.
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -455,6 +455,10 @@ def cmdLineParser():
                                 action="store_true", default=False,
                                 help="Flush session file for current target")

+        miscellaneous.add_option("--forms", dest="forms",
+                                 action="store_true", default=False,
+                                 help="Parse and test forms on target url")
+
        miscellaneous.add_option("--eta", dest="eta",
                                 action="store_true", default=False,
                                 help="Display for each output the "
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -80,6 +80,7 @@ class Connect:
        silent          = kwargs.get('silent',     False)
        raise404        = kwargs.get('raise404',   True)
        auxHeaders      = kwargs.get('auxHeaders', None)
+        response        = kwargs.get('response',   False)

        page            = ""
        cookieStr       = ""
@ -197,6 +198,10 @@ class Connect:

            # Reset the number of connection retries
            conf.retriesCount = 0
+            
+            # Return response object
+            if response:
+                return conn, None

            # Get HTTP response
            page = conn.read()
@ -279,7 +284,7 @@ class Connect:
        return page, responseHeaders

    @staticmethod
-    def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None):
+    def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None, response=False):
        """
        This method calls a function to get the target url page content
        and returns its page MD5 hash or a boolean value in case of
@ -323,23 +328,25 @@ class Connect:
            if kb.queryCounter % conf.saFreq == 0:
                Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua)

-        if not content and kb.nullConnection:
+        if not content and not response and kb.nullConnection:
            if kb.nullConnection == "HEAD":
-                _, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method="HEAD", auxHeaders=auxHeaders, raise404=raise404)
-                pageLength = int(headers['Content-Length'])
+                method = "HEAD"
            elif kb.nullConnection == "Range":
                if not auxHeaders:
                    auxHeaders = {}
                auxHeaders["Range"] = "bytes=-1"
-                _, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
+
+            _, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
+
+            if kb.nullConnection == "HEAD":
+                pageLength = int(headers['Content-Length'])
+            elif kb.nullConnection == "Range":
                pageLength = int(headers['Content-Range'][headers['Content-Range'].find('/') + 1:])
-            else:
-                kb.nullConnection = None

        if not pageLength:
-            page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
+            page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404)

-        if content:
+        if content or response:
            return page, headers
        elif pageLength or page:
            return comparison(page, headers, getSeqMatcher, pageLength)