Implementation for an Issue #4

lib/core/optiondict.py

@@ -88,7 +88,8 @@ optDict = {
                                "timeSec":           "integer",
                                "uCols":             "string",
                                "uChar":             "string",
-                               "dnsName":           "string"
+                               "dnsName":           "string",
+                               "secondOrder":       "string"
                              },
 
             "Fingerprint":   {

lib/parse/cmdline.py

@@ -288,6 +288,10 @@ def cmdLineParser():
         techniques.add_option("--dns-domain", dest="dnsName",
                               help="Domain name used for DNS exfiltration attack")
 
+        techniques.add_option("--second-order", dest="secondOrder",
+                             help="Resulting page url searched for second-order "
+                                  "response")
+
         # Fingerprint options
         fingerprint = OptionGroup(parser, "Fingerprint")
 

lib/request/connect.py

@@ -192,7 +192,7 @@ class Connect:
         code = None
         page = None
         requestMsg = u"HTTP request [#%d]:\n%s " % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post else HTTPMETHOD.GET))
-        requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/"
+        requestMsg += ("%s" % urlparse.urlsplit(url)[2] or "/") if not any((refreshing, crawling)) else url
         responseMsg = u"HTTP response "
         requestHeaders = u""
         responseHeaders = None
@@ -236,7 +236,7 @@ class Connect:
 
                 return page
 
-            elif any ([refreshing, crawling]):
+            elif any ((refreshing, crawling)):
                 pass
 
             elif target:
@@ -731,6 +731,9 @@ class Connect:
         if not pageLength:
             page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
 
+        if conf.secondOrder:
+            page, headers, code = Connect.getPage(url=conf.secondOrder, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)
+
         threadData.lastQueryDuration = calculateDeltaSeconds(start)
 
         kb.originalCode = kb.originalCode or code

sqlmap.conf

@@ -310,6 +310,10 @@ uChar =
 # Valid: string
 dnsName =
 
+# Resulting page url searched for second-order response
+# Valid: string
+secondOrder =
+
 
 [Fingerprint]