Implementation for #3859

2025-03-14 15:14:31 +03:00 · 2019-08-02 20:29:52 +02:00 · 2019-08-02 20:29:52 +02:00 · b5063fc25a
commit b5063fc25a
parent 093b36f12d
3 changed files with 15 additions and 1 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1302,6 +1302,9 @@ def _setHTTPExtraHeaders():

                if header and value:
                    conf.httpHeaders.append((header, value))
+            elif headerValue.startswith('@'):
+                checkFile(headerValue[1:])
+                kb.headersFile = headerValue[1:]
            else:
                errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u')
                raise SqlmapSyntaxException(errMsg)
@ -1905,6 +1908,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.forceWhere = None
    kb.futileUnion = None
    kb.heavilyDynamic = False
+    kb.headersFile = None
    kb.headersFp = {}
    kb.heuristicDbms = None
    kb.heuristicExtendedDbms = None
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.8.0"
+VERSION = "1.3.8.1"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -42,6 +42,7 @@ from lib.core.common import getRequestHeader
 from lib.core.common import getSafeExString
 from lib.core.common import isMultiThreadMode
 from lib.core.common import logHTTPTraffic
+from lib.core.common import openFile
 from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomizeParameterValue
@ -60,6 +61,7 @@ from lib.core.common import wasLastResponseDelayed
 from lib.core.compat import patchHeaders
 from lib.core.compat import xrange
 from lib.core.convert import getBytes
+from lib.core.convert import getText
 from lib.core.convert import getUnicode
 from lib.core.data import conf
 from lib.core.data import kb
@ -426,6 +428,14 @@ class Connect(object):
            if auxHeaders:
                headers = forgeHeaders(auxHeaders, headers)

+            if kb.headersFile:
+                content = openFile(kb.headersFile, "rb").read()
+                for line in content.split("\n"):
+                    line = getText(line.strip())
+                    if ':' in line:
+                        header, value = line.split(':', 1)
+                        headers[header] = value
+
            for key, value in list(headers.items()):
                del headers[key]
                if isinstance(value, six.string_types):