diff --git a/lib/core/data.py b/lib/core/data.py index 216e491ba..a612162d1 100644 --- a/lib/core/data.py +++ b/lib/core/data.py @@ -21,6 +21,9 @@ from lib.core.settings import FIREBIRD_ALIASES # sqlmap paths paths = advancedDict() +# object to store original command line options +cmdLineOptions = advancedDict() + # object to share within function and classes command # line options and settings conf = advancedDict() diff --git a/lib/core/session.py b/lib/core/session.py index b4903d904..c1a88c274 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -40,6 +40,19 @@ def unSafeFormatString(value): retVal = retVal.replace("__LEFT_SQUARE_BRACKET__", "[").replace("__RIGHT_SQUARE_BRACKET__", "]") return retVal +def setTextOnly(): + """ + Save text only option to session file. + """ + + condition = ( + not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and + not kb.resumedQueries[conf.url].has_key("Text only") ) + ) + + if condition: + dataToSessionFile("[%s][None][None][Text only][True]\n" % conf.url) + def setString(): """ Save string to match in session file. @@ -263,7 +276,23 @@ def setRemoteTempPath(): dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(conf.tmpPath))) def resumeConfKb(expression, url, value): - if expression == "String" and url == conf.url: + if expression == "Text only" and url == conf.url: + value = unSafeFormatString(value[:-1]) + + logMsg = "resuming text only option '%s' from session file" % value + logger.info(logMsg) + + if value and not conf.textOnly: + message = "you did not turned on --text-only switch this time " + message += "which could potentially lead to different " + message += "and/or unstable results. " + message += "Do you want to turn it on? [Y/n] " + test = readInput(message, default="Y") + + if not test or test[0] in ("y", "Y"): + conf.textOnly = value + + elif expression == "String" and url == conf.url: string = unSafeFormatString(value[:-1]) logMsg = "resuming string match '%s' from session file" % string diff --git a/lib/core/target.py b/lib/core/target.py index 812508368..2b07c6f85 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -16,6 +16,7 @@ import time from lib.core.common import dataToSessionFile from lib.core.common import paramToDict from lib.core.common import readInput +from lib.core.data import cmdLineOptions from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -29,6 +30,7 @@ from lib.core.exception import sqlmapSyntaxException from lib.core.option import __setDBMS from lib.core.option import __setKnowledgeBaseAttributes from lib.core.session import resumeConfKb +from lib.core.session import setTextOnly from lib.core.xmldump import dumper as xmldumper from lib.request.connect import Connect as Request @@ -263,6 +265,22 @@ def __createTargetDirs(): __createFilesDir() __configureDumper() +def __saveSwitches(): + """ + Store critical switches to the session file. + """ + if conf.textOnly: + setTextOnly() + +def __restoreCmdLineOptions(): + """ + Restore command line options that could be possibly + changed during the testing of previous target. + """ + conf.regexp = cmdLineOptions.regexp + conf.string = cmdLineOptions.string + conf.textOnly = cmdLineOptions.textOnly + def initTargetEnv(): """ Initialize target environment. @@ -277,9 +295,11 @@ def initTargetEnv(): conf.sessionFile = None __setKnowledgeBaseAttributes(False) + __restoreCmdLineOptions() __setDBMS() def setupTargetEnv(): __createTargetDirs() __setRequestParams() __setOutputResume() + __saveSwitches() diff --git a/sqlmap.py b/sqlmap.py index f5507c8a8..ae3c7b3a3 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -29,6 +29,7 @@ from lib.core.common import dataToStdout from lib.core.common import getUnicode from lib.core.common import setPaths from lib.core.common import weAreFrozen +from lib.core.data import cmdLineOptions from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -64,7 +65,9 @@ def main(): setPaths() banner() - cmdLineOptions = cmdLineParser() + + # Store original command line options for possible later restoration + cmdLineOptions.update(cmdLineParser().__dict__) dataToStdout("[*] starting at: %s\n\n" % time.strftime("%X"), forceOutput=True)