Minor preparation for an Issue #48

lib/controller/checks.py

@@ -460,7 +460,7 @@ def checkSqlInjection(place, parameter, value):
                         # Feed with the boundaries details only the first time a
                         # test has been successful
                         if injection.place is None or injection.parameter is None:
-                            if place in (PLACE.UA, PLACE.REFERER, PLACE.HOST):
+                            if place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
                                 injection.parameter = place
                             else:
                                 injection.parameter = parameter

lib/controller/controller.py

@@ -378,7 +378,7 @@ def start():
                 for place in parameters:
                     # Test User-Agent and Referer headers only if
                     # --level >= 3
-                    skip = (place == PLACE.UA and conf.level < 3)
+                    skip = (place == PLACE.USER_AGENT and conf.level < 3)
                     skip |= (place == PLACE.REFERER and conf.level < 3)
 
                     # Test Host header only if
@@ -388,11 +388,11 @@ def start():
                     # Test Cookie header only if --level >= 2
                     skip |= (place == PLACE.COOKIE and conf.level < 2)
 
-                    skip |= (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))
+                    skip |= (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))
                     skip |= (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.skip, True) not in ([], None))
                     skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))
 
-                    skip &= not (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
+                    skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
                     skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))
                     skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))
 

lib/core/agent.py

@@ -118,7 +118,7 @@ class Agent:
             retVal = ET.tostring(root)
         elif place in (PLACE.URI, PLACE.CUSTOM_POST):
             retVal = paramString.replace("%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
-        elif place in (PLACE.UA, PLACE.REFERER, PLACE.HOST):
+        elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
             retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:
             retVal = paramString.replace("%s=%s" % (parameter, origValue),

lib/core/enums.py

@@ -61,7 +61,7 @@ class PLACE:
     SOAP = "SOAP"
     URI = "URI"
     COOKIE = "Cookie"
-    UA = "User-Agent"
+    USER_AGENT = "User-Agent"
     REFERER = "Referer"
     HOST = "Host"
     CUSTOM_POST = "(custom) POST"

lib/core/target.py

@@ -26,6 +26,7 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.dump import dumper
 from lib.core.enums import HASHDB_KEYS
+from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import PLACE
 from lib.core.exception import sqlmapFilePathException
@@ -158,16 +159,18 @@ def __setRequestParams():
             # Url encoding of the header values should be avoided
             # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
 
-            if httpHeader == PLACE.UA:
-                conf.parameters[PLACE.UA] = urldecode(headerValue)
+            httpHeader = "-".join(_.capitalize() for _ in (httpHeader or "").split("-"))
+
+            if httpHeader == HTTPHEADER.USER_AGENT:
+                conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
 
                 condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
 
                 if condition:
-                    conf.paramDict[PLACE.UA] = {PLACE.UA: headerValue}
+                    conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
                     testableParameters = True
 
-            elif httpHeader == PLACE.REFERER:
+            elif httpHeader == HTTPHEADER.REFERER:
                 conf.parameters[PLACE.REFERER] = urldecode(headerValue)
 
                 condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
@@ -176,7 +179,7 @@ def __setRequestParams():
                     conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
                     testableParameters = True
 
-            elif httpHeader == PLACE.HOST:
+            elif httpHeader == HTTPHEADER.HOST:
                 conf.parameters[PLACE.HOST] = urldecode(headerValue)
 
                 condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))

lib/request/connect.py

@@ -595,8 +595,8 @@ class Connect:
         if PLACE.COOKIE in conf.parameters:
             cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value
 
-        if PLACE.UA in conf.parameters:
-            ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value
+        if PLACE.USER_AGENT in conf.parameters:
+            ua = conf.parameters[PLACE.USER_AGENT] if place != PLACE.USER_AGENT or not value else value
 
         if PLACE.REFERER in conf.parameters:
             referer = conf.parameters[PLACE.REFERER] if place != PLACE.REFERER or not value else value