adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)

lib/core/optiondict.py

@@ -68,7 +68,8 @@ optDict = {
                                "risk":              "integer",
                                "string":            "string",
                                "regexp":            "string",
-                               "textOnly":          "boolean"
+                               "textOnly":          "boolean",
+                               "titles":            "boolean"
                              },
 
             "Techniques":    {

lib/core/settings.py

@@ -351,3 +351,6 @@ LEGAL_DISCLAIMER = "usage of sqlmap for attacking targets without prior mutual i
 
 # After this number of misses reflective removal mechanism is turned off (for speed up reasons)
 REFLECTIVE_MISS_THRESHOLD = 20
+
+# Regular expression used for extracting HTML title
+HTML_TITLE_REGEX = "<title>(?P<result>[^<]+)</title>"

lib/parse/cmdline.py

@@ -209,6 +209,10 @@ def cmdLineParser():
                              action="store_true", default=False,
                              help="Compare pages based only on the textual content")
 
+        detection.add_option("--titles", dest="titles",
+                             action="store_true", default=False,
+                             help="Compare pages based only on their titles")
+
         # Techniques options
         techniques = OptionGroup(parser, "Techniques", "These options can be "
                                  "used to tweak testing of specific SQL "

lib/request/comparison.py

@@ -9,6 +9,7 @@ See the file 'doc/COPYING' for copying permission
 
 import re
 
+from lib.core.common import extractRegexResult
 from lib.core.common import getFilteredPageContent
 from lib.core.common import removeDynamicContent
 from lib.core.common import wasLastRequestDBMSError
@@ -19,6 +20,7 @@ from lib.core.data import logger
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.settings import DEFAULT_PAGE_ENCODING
 from lib.core.settings import DIFF_TOLERANCE
+from lib.core.settings import HTML_TITLE_REGEX
 from lib.core.settings import MIN_RATIO
 from lib.core.settings import MAX_RATIO
 from lib.core.settings import LOWER_RATIO_BOUND
@@ -80,8 +82,13 @@ def comparison(page, getRatioValue=False, pageLength=None):
         elif isinstance(seqMatcher.a, unicode) and isinstance(page, str):
             seqMatcher.a = seqMatcher.a.encode(kb.pageEncoding or DEFAULT_PAGE_ENCODING, 'ignore')
 
-        seqMatcher.set_seq1(getFilteredPageContent(seqMatcher.a, True) if conf.textOnly else seqMatcher.a)
+        if conf.titles:
-        seqMatcher.set_seq2(getFilteredPageContent(page, True) if conf.textOnly else page)
+            seqMatcher.set_seq1(extractRegexResult(HTML_TITLE_REGEX, seqMatcher.a))
+            seqMatcher.set_seq2(extractRegexResult(HTML_TITLE_REGEX, page))
+        else:
+            seqMatcher.set_seq1(getFilteredPageContent(seqMatcher.a, True) if conf.textOnly else seqMatcher.a)
+            seqMatcher.set_seq2(getFilteredPageContent(page, True) if conf.textOnly else page)
+
         if seqMatcher.a is None or seqMatcher.b is None:
             ratio = None
         else:

sqlmap.conf

@@ -221,6 +221,10 @@ regexp =
 # Valid: True or False
 textOnly = False
 
+# Compare pages based only on their titles
+# Valid: True or False
+titles = False
+
 
 # These options can be used to tweak testing of specific SQL injection
 # techniques.