Fixes #172 - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now

bdamele · bdamele · commit d2f86fb0a51b · 2010-03-16T15:21:42.000Z
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -138,7 +138,7 @@ def start():
 
                 logMsg = "testing url %s" % targetUrl
                 logger.info(logMsg)
-            
+
             initTargetEnv()
             parseTargetUrl()
             setupTargetEnv()
@@ -150,28 +150,28 @@ def start():
                 for _, cookie in enumerate(conf.cj):
                     cookie = str(cookie)
                     index  = cookie.index(" for ")
-        
+
                     cookieStr += "%s;" % cookie[8:index]
 
                 if cookieStr:
                     cookieStr = cookieStr[:-1]
-        
+
                     if "Cookie" in conf.parameters:
                         message  = "you provided an HTTP Cookie header value. "
                         message += "The target url provided its own Cookie within "
                         message += "the HTTP Set-Cookie header. Do you want to "
                         message += "continue using the HTTP Cookie values that "
                         message += "you provided? [Y/n] "
                         test = readInput(message, default="Y")
-        
+
                         if not test or test[0] in ("y", "Y"):
                             setCookieAsInjectable = False
-        
+
                     if setCookieAsInjectable:
                         conf.httpHeaders.append(("Cookie", cookieStr))
                         conf.parameters["Cookie"] = cookieStr
                         __paramDict = paramToDict("Cookie", cookieStr)
-        
+
                         if __paramDict:
                             conf.paramDict["Cookie"] = __paramDict
                             __testableParameters = True
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -227,6 +227,29 @@ def __setMultipleTargets():
         infoMsg += "testable requests from the targets list"
         logger.info(infoMsg)
 
+def __setRequestFromFile():
+    """
+    This function checks if the way to make a HTTP request is through supplied
+    textual file, parses it and saves the information into the knowledge base.
+    """
+
+    if not conf.requestFile:
+        return
+    
+    addedTargetUrls = set()
+
+    conf.requestFile = os.path.expanduser(conf.requestFile)
+    
+    infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
+    logger.info(infoMsg)
+
+    if not os.path.isfile(conf.requestFile):
+        errMsg  = "the specified HTTP request file "
+        errMsg += "does not exist"
+        raise sqlmapFilePathException, errMsg
+
+    __feedTargetsDict(conf.requestFile, addedTargetUrls)
+            
 def __setGoogleDorking():
     """
     This function checks if the way to request testable hosts is through
@@ -274,109 +297,6 @@ def __setGoogleDorking():
         errMsg += "have GET parameters to test for SQL injection"
         raise sqlmapGenericException, errMsg
 
-def __setRequestFromFile():
-    """
-    This function checks if the way to make a HTTP request is through supplied
-    textual file, parses it and saves the information into the knowledge base.
-    """
-
-    if not conf.requestFile:
-        return
-    
-    conf.requestFile = os.path.expanduser(conf.requestFile)
-    
-    infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
-    logger.info(infoMsg)
-
-    if not os.path.isfile(conf.requestFile):
-        errMsg  = "the specified HTTP request file "
-        errMsg += "'%s' does not exist" % conf.requestFile
-        raise sqlmapFilePathException, errMsg
-    
-    fp = open(conf.requestFile, "r")
-    fread = fp.read()
-    fread = fread.replace("\r", "")
-    fp.close()
-    
-    lines = fread.split("\n")
-    
-    if len(lines) == 0:
-        errMsg  = "the specified HTTP request file "
-        errMsg += "'%s' has no content" % conf.requestFile
-        raise sqlmapFilePathException, errMsg
-    
-    if not (lines[0].upper().startswith("GET ") or lines[0].upper().startswith("POST ")):
-        errMsg =  "the specified HTTP request file "
-        errMsg += "doesn't start with GET or POST keyword"
-        raise sqlmapFilePathException, errMsg
-
-    
-    if lines[0].upper().startswith("GET "):
-        index = 4
-    else:
-        index = 5
-
-    if lines[0].upper().find(" HTTP/") == -1:
-        errMsg  = "the specified HTTP request file " 
-        errMsg += "has a syntax error at line: 1"
-        raise sqlmapFilePathException, errMsg
-        
-    host = None
-    headers = ""
-    page = lines[0][index:lines[0].index(" HTTP/")]
-    
-    if conf.method:
-        warnMsg  = "HTTP method previously set. overriding it with "
-        warnMsg += "the value supplied from the HTTP request file"
-        logger.warn(warnMsg)
-    conf.method = lines[0][:index-1]
-
-    for index in xrange(1, len(lines) - 1):
-        line = lines[index]
-        valid = True
-        
-        if len(line) == 0:
-            break
-        
-        headers += line + "\n"
-        
-        items = line.split(': ')
-        if len(items) != 2:
-            valid = False
-        else:
-            if items[0].upper() == "HOST":
-                host = items[1]
-                
-        if not valid:
-            errMsg  = "the specified HTTP request file" 
-            errMsg += "has a syntax error at line: %d" % (index + 1)
-            raise sqlmapFilePathException, errMsg
-    
-    if conf.headers and headers:
-        warnMsg  = "HTTP headers previously set. overriding it with "
-        warnMsg += "the value(s) supplied from the HTTP request file"
-        logger.warn(warnMsg)
-    conf.headers = headers.strip("\n")
-    
-    if fread.find("\n\n") != -1:
-        if conf.data:
-            warnMsg  = "HTTP POST data previously set. overriding it with "
-            warnMsg += "the value supplied from the HTTP request file"
-            logger.warn(warnMsg)
-        conf.data = fread[fread.index('\n\n')+2:].strip("\n")
-    
-    if conf.url:
-        warnMsg  = "target url previously set. overriding it with "
-        warnMsg += "the value supplied from the HTTP request file"
-        logger.warn(warnMsg)
-        
-    if host:
-        conf.url = "%s%s" % (host, page)
-    else:
-        errMsg  = "mandatory HTTP header HOST is missing in "
-        errMsg += "the HTTP request file"
-        raise sqlmapFilePathException, errMsg
-            
 def __setMetasploit():
     if not conf.osPwn and not conf.osSmb and not conf.osBof:
         return
