adding some user input for "refreshing" cases (like redirect ones)

2024-11-25 11:03:47 +03:00 · 2011-05-27 22:42:23 +00:00 · 2011-05-27 22:42:23 +00:00 · c11ea35d53
commit c11ea35d53
parent cf69809c3c
2 changed files with 26 additions and 15 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1317,6 +1317,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.absFilePaths = set()
    kb.adjustTimeDelay = False
    kb.alwaysRedirect = None
+    kb.alwaysRefresh = None
    kb.arch = None
    kb.authHeader = None
    kb.bannerFp = advancedDict()
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -260,7 +260,7 @@ class Connect:
                    msg += "from now on (or stay on the original page)? [Y/n]"
                    choice = readInput(msg, default="Y")

-                    kb.alwaysRedirect = choice in ("n", "N")
+                    kb.alwaysRedirect = choice not in ("n", "N")

                kwargs['url'] = conn.redurl if kb.alwaysRedirect else conf.url
                kwargs['redirecting'] = True
@ -281,23 +281,33 @@ class Connect:
            if extractRegexResult(META_REFRESH_REGEX, page, re.DOTALL | re.IGNORECASE) and not refreshing:
                url = extractRegexResult(META_REFRESH_REGEX, page, re.DOTALL | re.IGNORECASE)

-                if url.lower().startswith('http://'):
-                    kwargs['url'] = url
-                else:
-                    kwargs['url'] = conf.url[:conf.url.rfind('/')+1] + url
-
-                threadData.lastRedirectMsg = (threadData.lastRequestUID, page)
-                kwargs['refreshing'] = True
-                kwargs['get'] = None
-                kwargs['post'] = None
-
                debugMsg = "got HTML meta refresh header"
                logger.debug(debugMsg)

-                try:
-                    return Connect.__getPageProxy(**kwargs)
-                except sqlmapSyntaxException:
-                    pass
+                if kb.alwaysRefresh is None:
+                    msg = "sqlmap got a refresh request "
+                    msg += "(redirect like response common to login pages). "
+                    msg += "do you want to apply the refresh "
+                    msg += "from now on (or stay on the original page)? [Y/n]"
+                    choice = readInput(msg, default="Y")
+
+                    kb.alwaysRefresh = choice not in ("n", "N")
+
+                if kb.alwaysRefresh:
+                    if url.lower().startswith('http://'):
+                        kwargs['url'] = url
+                    else:
+                        kwargs['url'] = conf.url[:conf.url.rfind('/')+1] + url
+
+                    threadData.lastRedirectMsg = (threadData.lastRequestUID, page)
+                    kwargs['refreshing'] = True
+                    kwargs['get'] = None
+                    kwargs['post'] = None
+
+                    try:
+                        return Connect.__getPageProxy(**kwargs)
+                    except sqlmapSyntaxException:
+                        pass

            # Explicit closing of connection object
            if not conf.keepAlive: