adding switch --eval

stamparm · stamparm · commit 65b2b0ad8797 · 2011-11-21T16:41:02.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -3135,4 +3135,11 @@ def getHostHeader(url):
     if any(map(lambda x: retVal.endswith(':%d' % x), [80, 443])):
         retVal = retVal.split(':')[0]
 
-    return retVal
+    return retVal
+
+def executeCode(code, variables=None):
+    try:
+        exec(code, variables)
+    except Exception, ex:
+        errMsg = "an error occured while evaluating provided code ('%s'). " % ex
+        raise sqlmapGenericException, errMsg
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1402,7 +1402,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     kb.dynamicMarkings = []
     kb.dynamicParameters = False
     kb.endDetection = False
-    kb.httpErrorCodes = {}
     kb.explicitSettings = set()
     kb.errorIsNone = True
     kb.forcedDbms = None
@@ -1411,6 +1410,8 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     kb.heuristicTest = None
     kb.hintValue = None
     kb.htmlFp = []
+    kb.httpErrorCodes = {}
+    kb.inferenceMode = False
     kb.ignoreTimeout = False
     kb.injection = InjectionDict()
     kb.injections = []
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -44,7 +44,8 @@
                                "retries":           "integer",
                                "scope":             "string",
                                "safUrl":            "string",
-                               "saFreq":            "integer"
+                               "saFreq":            "integer",
+                               "evalCode":          "string"
                              },
 
             "Optimization":  {
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -140,6 +140,9 @@ def cmdLineParser():
         request.add_option("--safe-freq", dest="saFreq", type="int",
                            help="Test requests between two visits to a given safe url")
 
+        request.add_option("--eval", dest="evalCode",
+                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(str(id)).hexdigest()\")")
+
         # Optimization options
         optimization = OptionGroup(parser, "Optimization", "These "
                                "options can be used to optimize the "
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -22,6 +22,7 @@
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import clearConsoleLine
 from lib.core.common import cpuThrottle
+from lib.core.common import executeCode
 from lib.core.common import extractRegexResult
 from lib.core.common import getCurrentThreadData
 from lib.core.common import getFilteredPageContent
@@ -603,6 +604,31 @@ def _randomizeParameter(paramString, randomParameter):
                         elif item == PLACE.COOKIE and cookie:
                             cookie = _randomizeParameter(cookie, randomParameter)
 
+        if conf.evalCode:
+            variables = {}
+            originals = {}
+
+            if get:
+                executeCode(get.replace("&", ";"), variables)
+            if post:
+                executeCode(post.replace("&", ";"), variables)
+
+            originals.update(variables)
+            executeCode(conf.evalCode, variables)
+
+            for name, value in variables.items():
+                if name != "__builtins__" and originals.get(name, "") != value:
+                    if isinstance(value, (basestring, int)):
+                        value = unicode(value)
+                        if '%s=' % name in (get or ""):
+                            get = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, get)
+                        elif '%s=' % name in (post or ""):
+                            post = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, post)
+                        elif post:
+                            post += "&%s=%s" % (name, value)
+                        else:
+                            get += "&%s=%s" % (name, value)
+                
         get = urlencode(get, limit=True)
         if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE):
             post = getattr(post, UNENCODED_ORIGINAL_VALUE)
diff --git a/lib/request/inject.py b/lib/request/inject.py
@@ -63,7 +63,9 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
 
     dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression))
 
+    kb.inferenceMode = True
     count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)
+    kb.inferenceMode = False
 
     if not kb.bruteMode:
         debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -130,6 +130,10 @@ safUrl =
 # Default: 0
 saFreq = 0
 
+# Evaluate provided Python code before the request
+# Example: import hashlib;id2=hashlib.md5(str(id)).hexdigest()
+evalCode = 
+
 
 # These options can be used to optimize the performance of sqlmap.
 [Optimization]
