From e61c4c22c986362dc9f81ff0d4f7a73633f5bc71 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 9 Oct 2012 15:19:47 +0200
Subject: [PATCH] Implementation for an Issue #200

---
 lib/core/common.py                | 11 +++++++++--
 lib/core/enums.py                 |  5 +++++
 lib/core/option.py                |  9 ++++-----
 lib/request/connect.py            |  3 ++-
 lib/techniques/blind/inference.py |  9 +++++----
 5 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 485b14231..3e4629500 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -58,6 +58,7 @@ from lib.core.convert import utf8encode
 from lib.core.decorators import cachedmethod
 from lib.core.dicts import DBMS_DICT
 from lib.core.dicts import SQL_STATEMENTS
+from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CHARSET_TYPE
 from lib.core.enums import DBMS
 from lib.core.enums import EXPECTED
@@ -1906,8 +1907,14 @@ def wasLastRequestDelayed():
         lowerStdLimit = average(kb.responseTimes) + TIME_STDEV_COEFF * deviation
         retVal = (threadData.lastQueryDuration >= lowerStdLimit)
 
-        if not kb.testMode and retVal and kb.adjustTimeDelay:
-            adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit)
+        if not kb.testMode and retVal:
+            if kb.adjustTimeDelay is None:
+                msg = "do you want sqlmap to try to optimize value(s) "
+                msg += "for DBMS delay responses (option '--time-sec')? [Y/n] "
+                choice = readInput(msg, default='Y')
+                kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if choice.upper() == 'N' else ADJUST_TIME_DELAY.YES
+            if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
+                adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit)
 
         return retVal
     else:
diff --git a/lib/core/enums.py b/lib/core/enums.py
index afcc07524..157628fd6 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -223,3 +223,8 @@ class WIZARD:
     BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba")
     SMART = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs")
     ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll")
+
+class ADJUST_TIME_DELAY:
+    DISABLE = -1
+    NO = 0
+    YES = 1
diff --git a/lib/core/option.py b/lib/core/option.py
index 888417920..cf6feb9a4 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -59,6 +59,7 @@ from lib.core.datatype import AttribDict
 from lib.core.datatype import InjectionDict
 from lib.core.defaults import defaults
 from lib.core.dicts import DBMS_DICT
+from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CUSTOM_LOGGING
 from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
@@ -1356,16 +1357,14 @@ def __cleanupOptions():
     if conf.timeSec not in kb.explicitSettings:
         if conf.tor:
             conf.timeSec = 2 * conf.timeSec
-            kb.adjustTimeDelay = False
+            kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
 
             warnMsg = "increasing default value for "
             warnMsg += "option '--time-sec' to %d because " % conf.timeSec
             warnMsg += "switch '--tor' was provided"
             logger.warn(warnMsg)
-        else:
-            kb.adjustTimeDelay = True
     else:
-        kb.adjustTimeDelay = False
+        kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
 
     if conf.code:
         conf.code = int(conf.code)
@@ -1446,7 +1445,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     logger.debug(debugMsg)
 
     kb.absFilePaths = set()
-    kb.adjustTimeDelay = False
+    kb.adjustTimeDelay = None
     kb.alwaysRefresh = None
     kb.arch = None
     kb.authHeader = None
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 473b453b9..a651f2dba 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -40,6 +40,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.dicts import POST_HINT_CONTENT_TYPES
+from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CUSTOM_LOGGING
 from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
@@ -704,7 +705,7 @@ class Connect:
                 deviation = stdev(kb.responseTimes)
 
                 if deviation > WARN_TIME_STDEV:
-                    kb.adjustTimeDelay = False
+                    kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
 
                     warnMsg = "there is considerable lagging "
                     warnMsg += "in connection response(s). Please use as high "
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index fa0714be5..7d0d4b746 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -31,6 +31,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
+from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CHARSET_TYPE
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
@@ -289,10 +290,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                                         warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
                                         logger.warn(warnMsg)
 
-                                        if kb.adjustTimeDelay:
+                                        if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
                                             dbgMsg = "turning off time auto-adjustment mechanism"
                                             logger.debug(dbgMsg)
-                                            kb.adjustTimeDelay = False
+                                            kb.adjustTimeDelay = ADJUST_TIME_DELAY.NO
 
                                         return getChar(idx, originalTbl, continuousOrder, expand, shiftTable)
                                     else:
@@ -303,10 +304,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                                 else:
                                     if timeBasedCompare:
                                         kb.timeValidCharsRun += 1
-                                        if not kb.adjustTimeDelay and kb.timeValidCharsRun > VALID_TIME_CHARS_RUN_THRESHOLD:
+                                        if kb.adjustTimeDelay is ADJUST_TIME_DELAY.NO and kb.timeValidCharsRun > VALID_TIME_CHARS_RUN_THRESHOLD:
                                             dbgMsg = "turning back on time auto-adjustment mechanism"
                                             logger.debug(dbgMsg)
-                                            kb.adjustTimeDelay = True
+                                            kb.adjustTimeDelay = ADJUST_TIME_DELAY.YES
                                     
                                     return decodeIntToUnicode(retVal)
                             else: