new option -t

lib/core/common.py

@@ -425,6 +425,13 @@ def dataToSessionFile(data):
     conf.sessionFP.write(data)
     conf.sessionFP.flush()
 
+def dataToTrafficFile(data):
+    if not conf.trafficFile:
+        return
+
+    conf.trafficFP.write(data)
+    conf.trafficFP.flush()
+
 def dataToDumpFile(dumpFile, data):
     dumpFile.write(data)
     dumpFile.flush()
@@ -1560,3 +1567,10 @@ def runningAsAdmin():
         isAdmin = True
 
     return isAdmin
+
+def logHTTPTraffic(requestLogMsg, responseLogMsg):
+    kb.locks.reqLock.acquire()
+    dataToTrafficFile("%s\n" % requestLogMsg)
+    dataToTrafficFile("%s\n" % responseLogMsg)
+    dataToTrafficFile("%s\n" % (160*'#'))
+    kb.locks.reqLock.release()

lib/core/option.py

@@ -1031,6 +1031,7 @@ def __setConfAttributes():
     conf.start            = True
     conf.threadContinue   = True
     conf.threadException  = False
+    conf.trafficFP        = None
     conf.wFileType        = None
 
 def __setKnowledgeBaseAttributes():
@@ -1080,6 +1081,7 @@ def __setKnowledgeBaseAttributes():
 
     kb.locks           = advancedDict()
     kb.locks.cacheLock = threading.Lock()
+    kb.locks.reqLock   = threading.Lock()
     kb.locks.seqLock   = None
 
     kb.nullConnection  = None
@@ -1212,6 +1214,10 @@ def __mergeOptions(inputOptions):
         if not conf.has_key(key) or conf[key] is None or value is not None:
             conf[key] = value
 
+def __setTrafficOutputFP():
+    if conf.trafficFile:
+        conf.trafficFP = codecs.open(conf.trafficFile, "w+", conf.dataEncoding)
+
 def __basicOptionValidation():
     if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0):
         errMsg = "value for --start (limitStart) option must be an integer value greater than zero (>0)"
@@ -1271,6 +1277,7 @@ def init(inputOptions=advancedDict()):
     __setRequestFromFile()
     __setMultipleTargets()
     __setTamperingFunctions()
+    __setTrafficOutputFP()
 
     parseTargetUrl()
     parseTargetDirect()

lib/parse/cmdline.py

@@ -456,6 +456,10 @@ def cmdLineParser():
                                  help="Save and resume all data retrieved "
                                       "on a session file")
 
+        miscellaneous.add_option("-t", dest="trafficFile",
+                                 help="Save all HTTP traffic data "
+                                      "into a textual file")
+
         miscellaneous.add_option("--flush-session", dest="flushSession",
                                  action="store_true", default=False,
                                  help="Flush session file for current target")

lib/request/connect.py

@@ -20,6 +20,7 @@ from lib.core.agent import agent
 from lib.core.common import readInput
 from lib.core.common import getFilteredPageContent
 from lib.core.common import getUnicode
+from lib.core.common import logHTTPTraffic
 from lib.core.convert import urlencode
 from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
@@ -61,6 +62,13 @@ class Connect:
             delay = 0.00001 * (conf.cpuThrottle ** 2)
             time.sleep(delay)
 
+        kb.locks.reqLock.acquire()
+
+        kb.lastRequestUID += 1
+        requestID = kb.lastRequestUID
+
+        kb.locks.reqLock.release()
+
         url             = kwargs.get('url',        conf.url).replace(" ", "%20")
         get             = kwargs.get('get',        None)
         post            = kwargs.get('post',       None)
@@ -76,14 +84,12 @@ class Connect:
 
         page            = ""
         cookieStr       = ""
-        requestMsg      = "HTTP request:\n%s " % conf.method
+        requestMsg      = "HTTP request [#%d]:\n%s " % (requestID, conf.method)
         requestMsg     += "%s" % urlparse.urlsplit(url)[2] or "/"
         responseMsg     = "HTTP response "
         requestHeaders  = ""
         responseHeaders = ""
 
-        kb.lastRequestUID  += 1
-
         try:
             if silent:
                 socket.setdefaulttimeout(3)
@@ -277,12 +283,14 @@ class Connect:
         page = sanitizeAsciiString(page)
         parseResponse(page, responseHeaders)
 
-        responseMsg += "(%s - %d):\n" % (status, code)
+        responseMsg += "[#%d] (%s - %d):\n" % (requestID, status, code)
+
+        logHTTPTraffic(requestMsg, "%s%s\n%s" % (responseMsg, headers, page))
 
         if conf.verbose <= 5:
-            responseMsg += getUnicode(responseHeaders.__str__())
+            responseMsg += getUnicode(headers.__str__())
         elif conf.verbose > 5:
-            responseMsg += "%s\n%s\n" % (responseHeaders, page)
+            responseMsg += "%s\n%s\n" % (headers, page)
 
         logger.log(7, responseMsg)