major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces

2025-11-04 01:47:37 +03:00 · 2010-11-07 21:18:09 +00:00 · 2010-11-07 21:18:09 +00:00 · d3e7e89e60
commit d3e7e89e60
parent 620fa1c8fb
16 changed files with 35 additions and 42 deletions
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -318,6 +318,11 @@ class Connect:

                value = agent.replacePayload(value, payload)

+        payload = agent.extractPayload(value)
+        if payload:
+            debugMsg = "payload: %s" % payload
+            logger.debug(debugMsg)
+
        if place == "Cookie" and conf.cookieUrlencode:
            value = agent.removePayloadDelimiters(value, False)
            value = urlEncodeCookieValues(value)
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -399,9 +399,6 @@ def goStacked(expression, silent=False):
    query   = agent.prefixQuery("; %s" % expression)
    query   = agent.postfixQuery("%s;%s" % (query, comment))

-    debugMsg = "query: %s" % query
-    logger.debug(debugMsg)
-
    payload = agent.payload(newValue=query)
    page, _ = Request.queryPage(payload, content=True, silent=silent)

--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -75,9 +75,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
    else:
        expressionUnescaped              = unescaper.unescape(expression)

-    debugMsg = "query: %s" % expressionUnescaped
-    logger.debug(debugMsg)
-
    if length and not isinstance(length, int) and length.isdigit():
        length = int(length)

--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -64,9 +64,6 @@ def errorUse(expression, returnPayload=False):

    forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))

-    debugMsg = "query: %s" % forgedQuery
-    logger.debug(debugMsg)
-
    payload = agent.payload(newValue=forgedQuery)
    result = Request.queryPage(payload, content=True)
    match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -197,9 +197,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
        query = agent.forgeInbandQuery(expression, nullChar=nullChar)
        payload = agent.payload(newValue=query)

-        debugMsg = "query: %s" % query
-        logger.debug(debugMsg)
-
        # Perform the request
        resultPage, _ = Request.queryPage(payload, content=True)
        reqCount += 1
--- a/lib/utils/parenthesis.py
+++ b/lib/utils/parenthesis.py
@ -45,8 +45,8 @@ def checkForParenthesis():
        randInt = randomInt()
        randStr = randomStr()

-        query  = case.usage.prefix.format % eval(case.usage.prefix.params) +\
-            case.usage.postfix.format % eval(case.usage.postfix.params)
+        query = case.usage.prefix.format % eval(case.usage.prefix.params)
+        query = query[:-1] + case.usage.postfix.format % eval(case.usage.postfix.params)

        payload = agent.payload(newValue=query)
        result = Request.queryPage(payload)