Added one new verbose level, -v 3 now shows the full injected payload.

Fixed also -d verbose output.

lib/core/option.py

@@ -1186,8 +1186,10 @@ def __setVerbosity():
         logger.setLevel(logging.DEBUG)
     elif conf.verbose == 3:
         logger.setLevel(9)
-    elif conf.verbose >= 4:
+    elif conf.verbose == 4:
         logger.setLevel(8)
+    elif conf.verbose >= 5:
+        logger.setLevel(7)
 
 def __mergeOptions(inputOptions):
     """

lib/core/settings.py

@@ -22,8 +22,9 @@ DESCRIPTION        = "automatic SQL injection and database takeover tool"
 SITE               = "http://sqlmap.sourceforge.net"
 
 # sqlmap logger
-logging.addLevelName(9, "TRAFFIC OUT")
-logging.addLevelName(8, "TRAFFIC IN")
+logging.addLevelName(9, "PAYLOAD")
+logging.addLevelName(8, "TRAFFIC OUT")
+logging.addLevelName(7, "TRAFFIC IN")
 
 LOGGER             = logging.getLogger("sqlmapLog")
 LOGGER_HANDLER     = logging.StreamHandler(sys.stdout)

lib/parse/cmdline.py

@@ -28,7 +28,7 @@ def cmdLineParser():
 
     try:
         parser.add_option("-v", dest="verbose", type="int", default=1,
-                          help="Verbosity level: 0-5 (default 1)")
+                          help="Verbosity level: 0-6 (default 1)")
 
         # Target options
         target = OptionGroup(parser, "Target", "At least one of these "

lib/request/connect.py

@@ -170,7 +170,7 @@ class Connect:
 
             requestMsg += "\n"
 
-            logger.log(9, requestMsg)
+            logger.log(8, requestMsg)
 
             if not kb.authHeader and req.has_header("Authorization"):
                 kb.authHeader = req.get_header("Authorization")
@@ -276,12 +276,12 @@ class Connect:
 
         responseMsg += "(%s - %d):\n" % (status, code)
 
-        if conf.verbose <= 4:
+        if conf.verbose <= 5:
             responseMsg += getUnicode(responseHeaders.__str__())
-        elif conf.verbose > 4:
+        elif conf.verbose > 5:
             responseMsg += "%s\n%s\n" % (responseHeaders, page)
 
-        logger.log(8, responseMsg)
+        logger.log(7, responseMsg)
 
         return page, responseHeaders
 
@@ -318,8 +318,7 @@ class Connect:
 
                 value = agent.replacePayload(value, payload)
 
-            debugMsg = "payload: %s" % payload
-            logger.debug(debugMsg)
+            logger.log(9, payload)
 
         if place == "Cookie" and conf.cookieUrlencode:
             value = agent.removePayloadDelimiters(value, False)

lib/request/inject.py

@@ -399,6 +399,9 @@ def goStacked(expression, silent=False):
     query   = agent.prefixQuery("; %s" % expression)
     query   = agent.postfixQuery("%s;%s" % (query, comment))
 
+    debugMsg = "query: %s" % query
+    logger.debug(debugMsg)
+
     payload = agent.payload(newValue=query)
     page, _ = Request.queryPage(payload, content=True, silent=silent)
 

lib/techniques/blind/inference.py

@@ -75,6 +75,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
     else:
         expressionUnescaped              = unescaper.unescape(expression)
 
+    debugMsg = "query: %s" % expressionUnescaped
+    logger.debug(debugMsg)
+
     if length and not isinstance(length, int) and length.isdigit():
         length = int(length)
 

lib/techniques/error/use.py

@@ -64,6 +64,9 @@ def errorUse(expression, returnPayload=False):
 
     forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
 
+    debugMsg = "query: %s" % forgedQuery
+    logger.debug(debugMsg)
+
     payload = agent.payload(newValue=forgedQuery)
     result = Request.queryPage(payload, content=True)
     match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)

lib/techniques/inband/union/use.py

@@ -197,6 +197,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
         query = agent.forgeInbandQuery(expression, nullChar=nullChar)
         payload = agent.payload(newValue=query)
 
+        debugMsg = "query: %s" % query
+        logger.debug(debugMsg)
+
         # Perform the request
         resultPage, _ = Request.queryPage(payload, content=True)
         reqCount += 1

lib/utils/google.py

@@ -99,7 +99,7 @@ class Google:
 
             requestMsg = "HTTP request:\nGET %s" % url
             requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
-            logger.log(9, requestMsg)
+            logger.log(8, requestMsg)
 
             page = conn.read()
             code = conn.code
@@ -114,7 +114,7 @@ class Google:
             elif conf.verbose > 4:
                 responseMsg += "%s\n%s\n" % (responseHeaders, page)
 
-            logger.log(8, responseMsg)
+            logger.log(7, responseMsg)
         except urllib2.HTTPError, e:
             try:
                 page = e.read()

lib/utils/timeout.py

@@ -21,7 +21,7 @@ def timeout(func, args=(), kwargs={}, duration=1, default=None):
             try:
                 self.result = func(*args, **kwargs)
             except Exception, msg:
-                logger.log(8, msg)
+                logger.log(7, msg)
                 self.result = default
 
     thread = InterruptableThread()

sqlmap.conf

@@ -530,12 +530,13 @@ cleanup = False
 replicate = False
 
 # Verbosity level.
-# Valid: integer between 0 and 5
-# 0: Show only warning and error messages
-# 1: Show also info messages
-# 2: Show also debug messages
-# 3: Show also HTTP requests
-# 4: Show also HTTP responses headers
-# 5: Show also HTTP responses page content
+# Valid: integer between 0 and 6
+# 0: Show only critical messages
+# 1: Show also warning and info messages
+# 2: Show also debug messages and query
+# 3: Show also each payload injected
+# 4: Show also HTTP requests
+# 5: Show also HTTP responses headers
+# 6: Show also HTTP responses page content
 # Default: 1
 verbose = 1