mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file).
Major bug fix in the controller library.
This commit is contained in:
Bernardo Damele
parent
9be844cf3e
commit
f2737ad0a3
|
|
@ -105,7 +105,7 @@ def start():
|
||||||
cookieStr = ""
|
cookieStr = ""
|
||||||
setCookieAsInjectable = True
|
setCookieAsInjectable = True
|
||||||
|
|
||||||
for targetUrl, _ in kb.targetUrls.items():
|
for targetUrl, targetData in kb.targetUrls.items():
|
||||||
if conf.multipleTargets:
|
if conf.multipleTargets:
|
||||||
hostCount += 1
|
hostCount += 1
|
||||||
|
|
||||||
|
|
@ -123,6 +123,9 @@ def start():
|
||||||
logMsg = "testing url %s" % targetUrl
|
logMsg = "testing url %s" % targetUrl
|
||||||
logger.info(logMsg)
|
logger.info(logMsg)
|
||||||
|
|
||||||
|
if targetData:
|
||||||
|
conf.method, conf.data, conf.cookie = targetData
|
||||||
|
|
||||||
conf.url = targetUrl
|
conf.url = targetUrl
|
||||||
initTargetEnv()
|
initTargetEnv()
|
||||||
|
|
||||||
|
|
@ -210,13 +213,19 @@ def start():
|
||||||
if not kb.injPlace or not kb.injParameter or not kb.injType:
|
if not kb.injPlace or not kb.injParameter or not kb.injType:
|
||||||
if len(injData) == 1:
|
if len(injData) == 1:
|
||||||
injDataSelected = injData[0]
|
injDataSelected = injData[0]
|
||||||
|
|
||||||
elif len(injData) > 1:
|
elif len(injData) > 1:
|
||||||
injDataSelected = __selectInjection(injData)
|
injDataSelected = __selectInjection(injData)
|
||||||
|
|
||||||
|
elif conf.multipleTargets:
|
||||||
|
continue
|
||||||
|
|
||||||
else:
|
else:
|
||||||
return
|
return
|
||||||
|
|
||||||
if injDataSelected == "Quit":
|
if injDataSelected == "Quit":
|
||||||
return
|
return
|
||||||
|
|
||||||
else:
|
else:
|
||||||
kb.injPlace, kb.injParameter, kb.injType = injDataSelected
|
kb.injPlace, kb.injParameter, kb.injType = injDataSelected
|
||||||
setInjection()
|
setInjection()
|
||||||
|
|
|
||||||
|
|
@ -130,10 +130,57 @@ def __setGoogleDorking():
|
||||||
|
|
||||||
|
|
||||||
def __feedTargetsDict(reqFile):
|
def __feedTargetsDict(reqFile):
|
||||||
pass
|
fp = open(reqFile, "r")
|
||||||
#kb.targetUrls = googleObj.getTargetUrls()
|
|
||||||
#conf.data
|
fread = fp.read()
|
||||||
#conf.cookie
|
fread = fread.replace("\r", "")
|
||||||
|
|
||||||
|
# TODO: fix for Burp log file
|
||||||
|
reqResList = fread.split("\n\n======================================================\n\n\n\n")
|
||||||
|
|
||||||
|
for request in reqResList:
|
||||||
|
url = None
|
||||||
|
host = None
|
||||||
|
method = None
|
||||||
|
data = None
|
||||||
|
cookie = None
|
||||||
|
params = False
|
||||||
|
lines = request.split("\n")
|
||||||
|
|
||||||
|
for line in lines:
|
||||||
|
if len(line) == 0 or line == "\n":
|
||||||
|
continue
|
||||||
|
|
||||||
|
if line.startswith("GET ") or line.startswith("POST "):
|
||||||
|
if line.startswith("GET "):
|
||||||
|
index = 4
|
||||||
|
else:
|
||||||
|
index = 5
|
||||||
|
|
||||||
|
url = line[index:line.index(" HTTP/")]
|
||||||
|
method = line[:index-1]
|
||||||
|
|
||||||
|
if "?" in line and "=" in line:
|
||||||
|
params = True
|
||||||
|
|
||||||
|
elif "?" in line and "=" in line:
|
||||||
|
data = line
|
||||||
|
params = True
|
||||||
|
|
||||||
|
elif ": " in line:
|
||||||
|
key, value = line.split(": ", 1)
|
||||||
|
|
||||||
|
if key.lower() == "cookie":
|
||||||
|
cookie = value
|
||||||
|
elif key.lower() == "host":
|
||||||
|
host = value
|
||||||
|
|
||||||
|
if params:
|
||||||
|
if not url.startswith("http"):
|
||||||
|
url = "http://%s%s" % (host, url)
|
||||||
|
|
||||||
|
# TODO: exclude duplicated urls
|
||||||
|
kb.targetUrls[url] = ( method, data, cookie )
|
||||||
|
|
||||||
|
|
||||||
def __setMultipleTargets():
|
def __setMultipleTargets():
|
||||||
|
|
@ -142,7 +189,7 @@ def __setMultipleTargets():
|
||||||
mode.
|
mode.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
listType = None
|
initialTargetsCount = len(kb.targetUrls)
|
||||||
|
|
||||||
if conf.googleDork or conf.list:
|
if conf.googleDork or conf.list:
|
||||||
conf.multipleTargets = True
|
conf.multipleTargets = True
|
||||||
|
|
@ -156,6 +203,7 @@ def __setMultipleTargets():
|
||||||
|
|
||||||
if os.path.isfile(conf.list):
|
if os.path.isfile(conf.list):
|
||||||
__feedTargetsDict(conf.list)
|
__feedTargetsDict(conf.list)
|
||||||
|
|
||||||
elif os.path.isdir(conf.list):
|
elif os.path.isdir(conf.list):
|
||||||
files = os.listdir(conf.list)
|
files = os.listdir(conf.list)
|
||||||
files.sort()
|
files.sort()
|
||||||
|
|
@ -164,12 +212,19 @@ def __setMultipleTargets():
|
||||||
if not re.search("([\d]+)\-request", reqFile):
|
if not re.search("([\d]+)\-request", reqFile):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
__feedTargetsDict(reqFile)
|
__feedTargetsDict(os.path.join(conf.list, reqFile))
|
||||||
|
|
||||||
else:
|
else:
|
||||||
errMsg = "the specified list of target urls is not a file "
|
errMsg = "the specified list of target urls is not a file "
|
||||||
errMsg += "nor a directory"
|
errMsg += "nor a directory"
|
||||||
raise sqlmapFilePathException, errMsg
|
raise sqlmapFilePathException, errMsg
|
||||||
|
|
||||||
|
updatedTargetsCount = len(kb.targetUrls)
|
||||||
|
|
||||||
|
if updatedTargetsCount > initialTargetsCount:
|
||||||
|
infoMsg = "sqlmap parsed %d requests from the targets list" % (updatedTargetsCount - initialTargetsCount)
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
|
||||||
def __setRemoteDBMS():
|
def __setRemoteDBMS():
|
||||||
"""
|
"""
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user