From cff0c5963033bace48ffbd5b7fd84dc944c044a7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 28 Nov 2012 11:41:39 +0100
Subject: [PATCH] Implementation for an Issue #264

---
 lib/core/option.py   | 7 +++++++
 lib/core/settings.py | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/lib/core/option.py b/lib/core/option.py
index 769dc3d75..bf4257ca0 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -90,12 +90,14 @@ from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import BURP_REQUEST_REGEX
 from lib.core.settings import CODECS_LIST_PAGE
 from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS
+from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DB2_ALIASES
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DEFAULT_PAGE_ENCODING
 from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
 from lib.core.settings import DEFAULT_TOR_SOCKS_PORT
 from lib.core.settings import FIREBIRD_ALIASES
+from lib.core.settings import INJECT_HERE_MARK
 from lib.core.settings import IS_WIN
 from lib.core.settings import LOCALHOST
 from lib.core.settings import MAXDB_ALIASES
@@ -1350,6 +1352,8 @@ def __cleanupOptions():
         setOptimize()
 
     if conf.data:
+        conf.data = re.sub(INJECT_HERE_MARK, CUSTOM_INJECTION_MARK_CHAR, conf.data, re.I)
+
         if re.search(r'%[0-9a-f]{2}', conf.data, re.I):
             original = conf.data
             class _(unicode): pass
@@ -1358,6 +1362,9 @@ def __cleanupOptions():
         else:
             conf.data = urldecode(conf.data)
 
+    if conf.url:
+        conf.url = re.sub(INJECT_HERE_MARK, CUSTOM_INJECTION_MARK_CHAR, conf.url, re.I)
+
     if conf.os:
         conf.os = conf.os.capitalize()
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 7c483f983..e95b27ce1 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -269,6 +269,9 @@ MAX_RATIO = 1.0
 # Character used for marking injectable position inside provided data
 CUSTOM_INJECTION_MARK_CHAR = '*'
 
+# Other way to declare injection position
+INJECT_HERE_MARK = '%INJECT HERE%'
+
 # Maximum length used for retrieving data over MySQL error based payload due to "known" problems with longer result strings
 MYSQL_ERROR_CHUNK_LENGTH = 50