From ef2038f1c80305e833046f6088a72fea77df495c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 21 Nov 2012 10:16:13 +0100 Subject: [PATCH] Implementation for an Issue #253 --- lib/core/common.py | 73 ++++++++++++++++++++++++++---------------- lib/core/optiondict.py | 2 ++ lib/parse/cmdline.py | 3 ++ sqlmap.conf | 6 ++++ 4 files changed, 56 insertions(+), 28 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index bfc574f8a..441fd710f 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -759,6 +759,7 @@ def readInput(message, default=None, checkBatch=True): Reads input from terminal """ + retVal = None kb.stickyLevel = None if "\n" in message: @@ -766,36 +767,52 @@ def readInput(message, default=None, checkBatch=True): elif message[-1] == ']': message += " " - if checkBatch and conf.batch: - if isListLike(default): - options = ",".join(getUnicode(opt, UNICODE_ENCODING) for opt in default) - elif default: - options = getUnicode(default, UNICODE_ENCODING) + if conf.answers: + for item in conf.answers.split(','): + question = item.split('=')[0].strip() + answer = item.split('=')[1] if len(item.split('=')) > 1 else None + if answer and question.lower() in message.lower(): + retVal = getUnicode(answer, UNICODE_ENCODING) + + infoMsg = "%s%s" % (getUnicode(message), retVal) + logger.info(infoMsg) + + debugMsg = "used the given answer" + logger.debug(debugMsg) + + break + + if retVal is None: + if checkBatch and conf.batch: + if isListLike(default): + options = ",".join(getUnicode(opt, UNICODE_ENCODING) for opt in default) + elif default: + options = getUnicode(default, UNICODE_ENCODING) + else: + options = unicode() + + infoMsg = "%s%s" % (getUnicode(message), options) + logger.info(infoMsg) + + debugMsg = "used the default behaviour, running in batch mode" + logger.debug(debugMsg) + + retVal = default else: - options = unicode() + logging._acquireLock() + dataToStdout("\r%s" % message, forceOutput=True, bold=True) + kb.prependFlag = False + try: + retVal = raw_input() or default + retVal = getUnicode(retVal, system=True) if retVal else retVal + except: + time.sleep(0.05) # Reference: http://www.gossamer-threads.com/lists/python/python/781893 + kb.prependFlag = True + raise sqlmapUserQuitException + finally: + logging._releaseLock() - infoMsg = "%s%s" % (getUnicode(message), options) - logger.info(infoMsg) - - debugMsg = "used the default behaviour, running in batch mode" - logger.debug(debugMsg) - - data = default - else: - logging._acquireLock() - dataToStdout("\r%s" % message, forceOutput=True, bold=True) - kb.prependFlag = False - try: - data = raw_input() or default - data = getUnicode(data, system=True) if data else data - except: - time.sleep(0.05) # Reference: http://www.gossamer-threads.com/lists/python/python/781893 - kb.prependFlag = True - raise sqlmapUserQuitException - finally: - logging._releaseLock() - - return data + return retVal def randomRange(start=0, stop=1000): """ diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 45f1cdd51..784881688 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -190,6 +190,8 @@ optDict = { }, "Miscellaneous": { + "mnemonics": "string", + "answers": "string", "checkPayload": "boolean", "cleanup": "boolean", "dependencies": "boolean", diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 93eb0ed5f..ad08baed9 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -604,6 +604,9 @@ def cmdLineParser(): miscellaneous.add_option("-z", dest="mnemonics", help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")") + miscellaneous.add_option("--answers", dest="answers", + help="Set question answers (e.g. \"quit=N,follow=N\")") + miscellaneous.add_option("--check-payload", dest="checkPayload", action="store_true", help="Offline WAF/IPS/IDS payload detection testing") diff --git a/sqlmap.conf b/sqlmap.conf index ebb86f578..f560b7d83 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -650,6 +650,12 @@ updateAll = False [Miscellaneous] +# Use short mnemonics (e.g. "flu,bat,ban,tec=EU") +mnemonics = + +# Set question answers (e.g. "quit=N,follow=N") +answers = + # Offline WAF/IPS/IDS payload detection testing. checkPayload = False