From f2737ad0a377c9ef72c5b519b38cac0082642616 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 22 Nov 2008 01:57:22 +0000
Subject: [PATCH] Updated work on multiple targets support (works for WebScarab
 conversations/ folder, still to work out for Burp log file). Major bug fix in
 the controller library.

---
 lib/controller/controller.py | 17 ++++++---
 lib/core/option.py           | 67 ++++++++++++++++++++++++++++++++----
 2 files changed, 74 insertions(+), 10 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index dfcd9aca1..7da39b948 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -52,9 +52,9 @@ def __selectInjection(injData):
     message += "one to use to go ahead:\n"
 
     for i in xrange(0, len(injData)):
-        injPlace = injData[i][0]
+        injPlace     = injData[i][0]
         injParameter = injData[i][1]
-        injType = injData[i][2]
+        injType      = injData[i][2]
 
         message += "[%d] place: %s, parameter: " % (i, injPlace)
         message += "%s, type: %s" % (injParameter, injType)
@@ -65,7 +65,7 @@ def __selectInjection(injData):
         message += "\n"
 
     message += "[q] Quit\nChoice: "
-    select = readInput(message, default="0")
+    select   = readInput(message, default="0")
 
     if not select:
         index = 0
@@ -105,7 +105,7 @@ def start():
     cookieStr               = ""
     setCookieAsInjectable   = True
 
-    for targetUrl, _ in kb.targetUrls.items():
+    for targetUrl, targetData in kb.targetUrls.items():
         if conf.multipleTargets:
             hostCount += 1
 
@@ -123,6 +123,9 @@ def start():
             logMsg = "testing url %s" % targetUrl
             logger.info(logMsg)
 
+        if targetData:
+            conf.method, conf.data, conf.cookie = targetData
+
         conf.url = targetUrl
         initTargetEnv()
 
@@ -210,13 +213,19 @@ def start():
         if not kb.injPlace or not kb.injParameter or not kb.injType:
             if len(injData) == 1:
                 injDataSelected = injData[0]
+
             elif len(injData) > 1:
                 injDataSelected = __selectInjection(injData)
+
+            elif conf.multipleTargets:
+                continue
+
             else:
                 return
 
             if injDataSelected == "Quit":
                 return
+
             else:
                 kb.injPlace, kb.injParameter, kb.injType = injDataSelected
                 setInjection()
diff --git a/lib/core/option.py b/lib/core/option.py
index 351ad9cc7..3e2ca9e4d 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -130,10 +130,57 @@ def __setGoogleDorking():
 
 
 def __feedTargetsDict(reqFile):
-    pass
-    #kb.targetUrls = googleObj.getTargetUrls()
-    #conf.data
-    #conf.cookie
+    fp = open(reqFile, "r")
+
+    fread = fp.read()
+    fread = fread.replace("\r", "")
+
+    # TODO: fix for Burp log file
+    reqResList = fread.split("\n\n======================================================\n\n\n\n")
+
+    for request in reqResList:
+        url    = None
+        host   = None
+        method = None
+        data   = None
+        cookie = None
+        params = False
+        lines  = request.split("\n")
+
+        for line in lines:
+            if len(line) == 0 or line == "\n":
+                continue 
+
+            if line.startswith("GET ") or line.startswith("POST "):
+                if line.startswith("GET "):
+                    index = 4
+                else:
+                    index = 5
+
+                url    = line[index:line.index(" HTTP/")]
+                method = line[:index-1]
+
+                if "?" in line and "=" in line:
+                    params = True
+
+            elif "?" in line and "=" in line:
+                data   = line
+                params = True
+
+            elif ": " in line:
+                key, value = line.split(": ", 1)
+
+                if key.lower() == "cookie":
+                    cookie = value
+                elif key.lower() == "host":
+                    host = value
+
+        if params:
+            if not url.startswith("http"):
+                url = "http://%s%s" % (host, url)
+
+            # TODO: exclude duplicated urls
+            kb.targetUrls[url] = ( method, data, cookie )
 
 
 def __setMultipleTargets():
@@ -142,7 +189,7 @@ def __setMultipleTargets():
     mode.
     """
 
-    listType = None
+    initialTargetsCount = len(kb.targetUrls)
 
     if conf.googleDork or conf.list:
         conf.multipleTargets = True
@@ -156,6 +203,7 @@ def __setMultipleTargets():
 
     if os.path.isfile(conf.list):
         __feedTargetsDict(conf.list)
+
     elif os.path.isdir(conf.list):
         files = os.listdir(conf.list)
         files.sort()
@@ -164,12 +212,19 @@ def __setMultipleTargets():
             if not re.search("([\d]+)\-request", reqFile):
                 continue
 
-            __feedTargetsDict(reqFile)
+            __feedTargetsDict(os.path.join(conf.list, reqFile))
+
     else:
         errMsg  = "the specified list of target urls is not a file "
         errMsg += "nor a directory"
         raise sqlmapFilePathException, errMsg
 
+    updatedTargetsCount = len(kb.targetUrls)
+
+    if updatedTargetsCount > initialTargetsCount:
+        infoMsg = "sqlmap parsed %d requests from the targets list" % (updatedTargetsCount - initialTargetsCount)
+        logger.info(infoMsg)
+
 
 def __setRemoteDBMS():
     """