sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-02 02:43:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

implemented --randomize switch by request

Browse Source
This commit is contained in:
Miroslav Stampar 2011-08-29 12:50:52 +00:00
parent d283e3eb3c
commit ac00014c4a
7 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -1,5 +1,8 @@
== Individuals == == Individuals ==
Andres Tarasco Acuna <atarasco@gmail.com>
for suggesting a feature
Santiago Accurso <saccurso@skygear.com.ar> Santiago Accurso <saccurso@skygear.com.ar>
for reporting a bug for reporting a bug

6
lib/controller/controller.py
View File

@ -419,6 +419,12 @@ def start():
infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter) infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
logger.info(infoMsg) logger.info(infoMsg)
elif parameter == conf.rParam:
testSqlInj = False
infoMsg = "skipping randomizing %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
elif parameter in conf.testParameter: elif parameter in conf.testParameter:
pass pass

14
lib/core/common.py
View File

@ -2924,3 +2924,17 @@ def filterPairValues(values):
retVal = filter(lambda x: isinstance(x, (tuple, list, set)) and len(x) == 2, values) retVal = filter(lambda x: isinstance(x, (tuple, list, set)) and len(x) == 2, values)
return retVal return retVal
def randomizeParameterValue(value):
retVal = value
for match in re.finditer('[A-Z]+', value):
retVal = retVal.replace(match.group(), randomStr(len(match.group())).upper())
for match in re.finditer('[a-z]+', value):
retVal = retVal.replace(match.group(), randomStr(len(match.group())).lower())
for match in re.finditer('[0-9]+', value):
retVal = retVal.replace(match.group(), str(randomInt(len(match.group()))))
return retVal

1
lib/core/optiondict.py
View File

@ -30,6 +30,7 @@ optDict = {
"dropSetCookie": "boolean", "dropSetCookie": "boolean",
"agent": "string", "agent": "string",
"randomAgent": "boolean", "randomAgent": "boolean",
"rParam": "string",
"referer": "string", "referer": "string",
"headers": "string", "headers": "string",
"aType": "string", "aType": "string",

3
lib/parse/cmdline.py
View File

@ -89,6 +89,9 @@ def cmdLineParser():
action="store_true", action="store_true",
help="Use randomly selected HTTP User-Agent header") help="Use randomly selected HTTP User-Agent header")
request.add_option("--randomize", dest="rParam",
help="Randomly change value for the given parameter")
request.add_option("--referer", dest="referer", request.add_option("--referer", dest="referer",
help="HTTP Referer header") help="HTTP Referer header")

27
lib/request/connect.py
View File

@ -27,6 +27,7 @@ from lib.core.common import getFilteredPageContent
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic from lib.core.common import logHTTPTraffic
from lib.core.common import parseTargetUrl from lib.core.common import parseTargetUrl
from lib.core.common import randomizeParameterValue
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import removeReflectiveValues from lib.core.common import removeReflectiveValues
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
@ -548,10 +549,10 @@ class Connect:
checkPayload(value) checkPayload(value)
if PLACE.GET in conf.parameters: if PLACE.GET in conf.parameters:
get = urlencode(conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value, limit=True) get = conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value
if PLACE.POST in conf.parameters: if PLACE.POST in conf.parameters:
post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value) post = conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value
if PLACE.SOAP in conf.parameters: if PLACE.SOAP in conf.parameters:
post = conf.parameters[PLACE.SOAP] if place != PLACE.SOAP or not value else value post = conf.parameters[PLACE.SOAP] if place != PLACE.SOAP or not value else value
@ -570,6 +571,28 @@ class Connect:
else: else:
uri = conf.url uri = conf.url
if conf.rParam:
def _randomizeParameter(paramString, randomParameter):
retVal = paramString
match = re.search("%s=(?P<value>[^&;]+)" % randomParameter, paramString)
if match:
origValue = match.group("value")
retVal = re.sub("%s=[^&;]+" % randomParameter, "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
return retVal
for item in [PLACE.GET, PLACE.POST, PLACE.COOKIE]:
if item in conf.parameters:
origValue = conf.parameters[item]
if item == PLACE.GET and get:
get = _randomizeParameter(get, conf.rParam)
elif item == PLACE.POST and post:
post = _randomizeParameter(post, conf.rParam)
elif item == PLACE.COOKIE and cookie:
cookie = _randomizeParameter(cookie, conf.rParam)
get = urlencode(get, limit=True)
post = urlencode(post)
if timeBasedCompare: if timeBasedCompare:
if len(kb.responseTimes) < MIN_TIME_RESPONSES: if len(kb.responseTimes) < MIN_TIME_RESPONSES:
clearConsoleLine() clearConsoleLine()

3
sqlmap.conf
View File

@ -59,6 +59,9 @@ agent =
# Valid: True or False # Valid: True or False
randomAgent = False randomAgent = False
# Randomly change value for the given parameter
rParam =
# HTTP Referer header. Useful to fake the HTTP Referer header value at # HTTP Referer header. Useful to fake the HTTP Referer header value at
# each HTTP request. # each HTTP request.