sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added one new verbose level, -v 3 now shows the full injected payload.

Browse Source 
Fixed also -d verbose output.
This commit is contained in:
Bernardo Damele 2010-11-07 22:34:29 +00:00
parent 27ce4b0cf0
commit b6da946883
11 changed files with 35 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/option.py
View File

@ -1186,8 +1186,10 @@ def __setVerbosity():
logger.setLevel(logging.DEBUG) logger.setLevel(logging.DEBUG)
elif conf.verbose == 3: elif conf.verbose == 3:
logger.setLevel(9) logger.setLevel(9)
elif conf.verbose >= 4: elif conf.verbose == 4:
logger.setLevel(8) logger.setLevel(8)
elif conf.verbose >= 5:
logger.setLevel(7)
def __mergeOptions(inputOptions): def __mergeOptions(inputOptions):
""" """

5
lib/core/settings.py
View File

@ -22,8 +22,9 @@ DESCRIPTION = "automatic SQL injection and database takeover tool"
SITE = "http://sqlmap.sourceforge.net" SITE = "http://sqlmap.sourceforge.net"
# sqlmap logger # sqlmap logger
logging.addLevelName(9, "TRAFFIC OUT") logging.addLevelName(9, "PAYLOAD")
logging.addLevelName(8, "TRAFFIC IN") logging.addLevelName(8, "TRAFFIC OUT")
logging.addLevelName(7, "TRAFFIC IN")
LOGGER = logging.getLogger("sqlmapLog") LOGGER = logging.getLogger("sqlmapLog")
LOGGER_HANDLER = logging.StreamHandler(sys.stdout) LOGGER_HANDLER = logging.StreamHandler(sys.stdout)

2
lib/parse/cmdline.py
View File

@ -28,7 +28,7 @@ def cmdLineParser():
try: try:
parser.add_option("-v", dest="verbose", type="int", default=1, parser.add_option("-v", dest="verbose", type="int", default=1,
help="Verbosity level: 0-5 (default 1)") help="Verbosity level: 0-6 (default 1)")
# Target options # Target options
target = OptionGroup(parser, "Target", "At least one of these " target = OptionGroup(parser, "Target", "At least one of these "

11
lib/request/connect.py
View File

@ -170,7 +170,7 @@ class Connect:
requestMsg += "\n" requestMsg += "\n"
logger.log(9, requestMsg) logger.log(8, requestMsg)
if not kb.authHeader and req.has_header("Authorization"): if not kb.authHeader and req.has_header("Authorization"):
kb.authHeader = req.get_header("Authorization") kb.authHeader = req.get_header("Authorization")
@ -276,12 +276,12 @@ class Connect:
responseMsg += "(%s - %d):\n" % (status, code) responseMsg += "(%s - %d):\n" % (status, code)
if conf.verbose <= 4: if conf.verbose <= 5:
responseMsg += getUnicode(responseHeaders.__str__()) responseMsg += getUnicode(responseHeaders.__str__())
elif conf.verbose > 4: elif conf.verbose > 5:
responseMsg += "%s\n%s\n" % (responseHeaders, page) responseMsg += "%s\n%s\n" % (responseHeaders, page)
logger.log(8, responseMsg) logger.log(7, responseMsg)
return page, responseHeaders return page, responseHeaders
@ -318,8 +318,7 @@ class Connect:
value = agent.replacePayload(value, payload) value = agent.replacePayload(value, payload)
debugMsg = "payload: %s" % payload logger.log(9, payload)
logger.debug(debugMsg)
if place == "Cookie" and conf.cookieUrlencode: if place == "Cookie" and conf.cookieUrlencode:
value = agent.removePayloadDelimiters(value, False) value = agent.removePayloadDelimiters(value, False)

3
lib/request/inject.py
View File

@ -399,6 +399,9 @@ def goStacked(expression, silent=False):
query = agent.prefixQuery("; %s" % expression) query = agent.prefixQuery("; %s" % expression)
query = agent.postfixQuery("%s;%s" % (query, comment)) query = agent.postfixQuery("%s;%s" % (query, comment))
debugMsg = "query: %s" % query
logger.debug(debugMsg)
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
page, _ = Request.queryPage(payload, content=True, silent=silent) page, _ = Request.queryPage(payload, content=True, silent=silent)

3
lib/techniques/blind/inference.py
View File

@ -75,6 +75,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
else: else:
expressionUnescaped = unescaper.unescape(expression) expressionUnescaped = unescaper.unescape(expression)
debugMsg = "query: %s" % expressionUnescaped
logger.debug(debugMsg)
if length and not isinstance(length, int) and length.isdigit(): if length and not isinstance(length, int) and length.isdigit():
length = int(length) length = int(length)

3
lib/techniques/error/use.py
View File

@ -64,6 +64,9 @@ def errorUse(expression, returnPayload=False):
forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter)) forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
debugMsg = "query: %s" % forgedQuery
logger.debug(debugMsg)
payload = agent.payload(newValue=forgedQuery) payload = agent.payload(newValue=forgedQuery)
result = Request.queryPage(payload, content=True) result = Request.queryPage(payload, content=True)
match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE) match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)

3
lib/techniques/inband/union/use.py
View File

@ -197,6 +197,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
query = agent.forgeInbandQuery(expression, nullChar=nullChar) query = agent.forgeInbandQuery(expression, nullChar=nullChar)
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
debugMsg = "query: %s" % query
logger.debug(debugMsg)
# Perform the request # Perform the request
resultPage, _ = Request.queryPage(payload, content=True) resultPage, _ = Request.queryPage(payload, content=True)
reqCount += 1 reqCount += 1

4
lib/utils/google.py
View File

@ -99,7 +99,7 @@ class Google:
requestMsg = "HTTP request:\nGET %s" % url requestMsg = "HTTP request:\nGET %s" % url
requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
logger.log(9, requestMsg) logger.log(8, requestMsg)
page = conn.read() page = conn.read()
code = conn.code code = conn.code
@ -114,7 +114,7 @@ class Google:
elif conf.verbose > 4: elif conf.verbose > 4:
responseMsg += "%s\n%s\n" % (responseHeaders, page) responseMsg += "%s\n%s\n" % (responseHeaders, page)
logger.log(8, responseMsg) logger.log(7, responseMsg)
except urllib2.HTTPError, e: except urllib2.HTTPError, e:
try: try:
page = e.read() page = e.read()

2
lib/utils/timeout.py
View File

@ -21,7 +21,7 @@ def timeout(func, args=(), kwargs={}, duration=1, default=None):
try: try:
self.result = func(*args, **kwargs) self.result = func(*args, **kwargs)
except Exception, msg: except Exception, msg:
logger.log(8, msg) logger.log(7, msg)
self.result = default self.result = default
thread = InterruptableThread() thread = InterruptableThread()

15
sqlmap.conf
View File

@ -530,12 +530,13 @@ cleanup = False
replicate = False replicate = False
# Verbosity level. # Verbosity level.
# Valid: integer between 0 and 5 # Valid: integer between 0 and 6
# 0: Show only warning and error messages # 0: Show only critical messages
# 1: Show also info messages # 1: Show also warning and info messages
# 2: Show also debug messages # 2: Show also debug messages and query
# 3: Show also HTTP requests # 3: Show also each payload injected
# 4: Show also HTTP responses headers # 4: Show also HTTP requests
# 5: Show also HTTP responses page content # 5: Show also HTTP responses headers
# 6: Show also HTTP responses page content
# Default: 1 # Default: 1
verbose = 1 verbose = 1