diff --git a/lib/core/option.py b/lib/core/option.py index 769dc3d75..bf4257ca0 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -90,12 +90,14 @@ from lib.core.settings import ACCESS_ALIASES from lib.core.settings import BURP_REQUEST_REGEX from lib.core.settings import CODECS_LIST_PAGE from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS +from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DB2_ALIASES from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_PAGE_ENCODING from lib.core.settings import DEFAULT_TOR_HTTP_PORTS from lib.core.settings import DEFAULT_TOR_SOCKS_PORT from lib.core.settings import FIREBIRD_ALIASES +from lib.core.settings import INJECT_HERE_MARK from lib.core.settings import IS_WIN from lib.core.settings import LOCALHOST from lib.core.settings import MAXDB_ALIASES @@ -1350,6 +1352,8 @@ def __cleanupOptions(): setOptimize() if conf.data: + conf.data = re.sub(INJECT_HERE_MARK, CUSTOM_INJECTION_MARK_CHAR, conf.data, re.I) + if re.search(r'%[0-9a-f]{2}', conf.data, re.I): original = conf.data class _(unicode): pass @@ -1358,6 +1362,9 @@ def __cleanupOptions(): else: conf.data = urldecode(conf.data) + if conf.url: + conf.url = re.sub(INJECT_HERE_MARK, CUSTOM_INJECTION_MARK_CHAR, conf.url, re.I) + if conf.os: conf.os = conf.os.capitalize() diff --git a/lib/core/settings.py b/lib/core/settings.py index 7c483f983..e95b27ce1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -269,6 +269,9 @@ MAX_RATIO = 1.0 # Character used for marking injectable position inside provided data CUSTOM_INJECTION_MARK_CHAR = '*' +# Other way to declare injection position +INJECT_HERE_MARK = '%INJECT HERE%' + # Maximum length used for retrieving data over MySQL error based payload due to "known" problems with longer result strings MYSQL_ERROR_CHUNK_LENGTH = 50