Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ca44b23

Browse files
stamparmstamparm
committed
Implementation for --eval to support cookies
1 parent 02da417 commit ca44b23

1 file changed

Lines changed: 12 additions & 2 deletions

File tree

lib/request/connect.py

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@
6666
from lib.core.settings import ASTERISK_MARKER
6767
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
6868
from lib.core.settings import DEFAULT_CONTENT_TYPE
69+
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
6970
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
7071
from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
7172
from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
@@ -750,17 +751,26 @@ def _randomizeParameter(paramString, randomParameter):
750751
value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
751752
evaluateCode("%s=%s" % (name, repr(value)), variables)
752753

754+
if cookie:
755+
for part in cookie.split(conf.pDel or DEFAULT_COOKIE_DELIMITER):
756+
if '=' in part:
757+
name, value = part.split('=', 1)
758+
value = urldecode(value, convall=True)
759+
evaluateCode("%s=%s" % (name, repr(value)), variables)
760+
753761
originals.update(variables)
754762
evaluateCode(conf.evalCode, variables)
755763

756764
for name, value in variables.items():
757765
if name != "__builtins__" and originals.get(name, "") != value:
758766
if isinstance(value, (basestring, int)):
759767
value = unicode(value)
760-
if '%s=' % name in (get or ""):
768+
if re.search(r"\b%s=" % name, (get or "")):
761769
get = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, get)
762-
elif '%s=' % name in (post or ""):
770+
elif re.search(r"\b%s=" % name, (post or "")):
763771
post = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, post)
772+
elif re.search(r"\b%s=" % name, (cookie or "")):
773+
cookie = re.sub("((\A|\W)%s=)([^%s]+)" % (name, conf.pDel or DEFAULT_COOKIE_DELIMITER), "\g<1>%s" % value, cookie)
764774
elif post is not None:
765775
post += "%s%s=%s" % (delimiter, name, value)
766776
else:

0 commit comments

Comments
 (0)