diff --git a/lib/core/option.py b/lib/core/option.py index bad824008..78b2f62b2 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2733,6 +2733,10 @@ def _basicOptionValidation(): errMsg = "option '--csrf-method' requires usage of option '--csrf-token'" raise SqlmapSyntaxException(errMsg) + if conf.csrfData and not conf.csrfToken: + errMsg = "option '--csrf-data' requires usage of option '--csrf-token'" + raise SqlmapSyntaxException(errMsg) + if conf.csrfToken and conf.threads > 1: errMsg = "option '--csrf-url' is incompatible with option '--threads'" raise SqlmapSyntaxException(errMsg) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index ef5d413f6..8dc37e262 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -64,6 +64,7 @@ optDict = { "csrfToken": "string", "csrfUrl": "string", "csrfMethod": "string", + "csrfData": "string", "csrfRetries": "integer", "forceSSL": "boolean", "chunked": "boolean", diff --git a/lib/core/settings.py b/lib/core/settings.py index f53bafe24..d0221891f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.6.10.5" +VERSION = "1.6.10.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 9bda7b8d5..11e4cff94 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -276,6 +276,9 @@ def cmdLineParser(argv=None): request.add_argument("--csrf-method", dest="csrfMethod", help="HTTP method to use during anti-CSRF token page visit") + request.add_argument("--csrf-data", dest="csrfData", + help="POST data to send during anti-CSRF token page visit") + request.add_argument("--csrf-retries", dest="csrfRetries", type=int, help="Retries for anti-CSRF token retrieval (default %d)" % defaults.csrfRetries) diff --git a/lib/request/connect.py b/lib/request/connect.py index 0b5206b63..8508dee51 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1186,7 +1186,7 @@ class Connect(object): warnMsg += ". sqlmap is going to retry the request" logger.warning(warnMsg) - page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) + page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.csrfData or (conf.data if conf.csrfUrl == conf.url else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) page = urldecode(page) # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...') match = re.search(r"(?i)]+\bname=[\"']?(?P%s)\b[^>]*\bvalue=[\"']?(?P[^>'\"]*)" % conf.csrfToken, page or "", re.I) diff --git a/sqlmap.conf b/sqlmap.conf index 9504b7b46..8af1dd903 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -195,6 +195,9 @@ csrfUrl = # HTTP method to use during anti-CSRF token page visit. csrfMethod = +# POST data to send during anti-CSRF token page visit. +csrfData = + # Retries for anti-CSRF token retrieval. csrfRetries =