adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)

stamparm · stamparm · commit f8dde2c23bec · 2011-06-10T23:18:43.000Z
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -68,7 +68,8 @@
                                "risk":              "integer",
                                "string":            "string",
                                "regexp":            "string",
-                               "textOnly":          "boolean"
+                               "textOnly":          "boolean",
+                               "titles":            "boolean"
                              },
 
             "Techniques":    {
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -351,3 +351,6 @@
 
 # After this number of misses reflective removal mechanism is turned off (for speed up reasons)
 REFLECTIVE_MISS_THRESHOLD = 20
+
+# Regular expression used for extracting HTML title
+HTML_TITLE_REGEX = "<title>(?P<result>[^<]+)</title>"
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -209,6 +209,10 @@ def cmdLineParser():
                              action="store_true", default=False,
                              help="Compare pages based only on the textual content")
 
+        detection.add_option("--titles", dest="titles",
+                             action="store_true", default=False,
+                             help="Compare pages based only on their titles")
+
         # Techniques options
         techniques = OptionGroup(parser, "Techniques", "These options can be "
                                  "used to tweak testing of specific SQL "
diff --git a/lib/request/comparison.py b/lib/request/comparison.py
@@ -9,6 +9,7 @@
 
 import re
 
+from lib.core.common import extractRegexResult
 from lib.core.common import getFilteredPageContent
 from lib.core.common import removeDynamicContent
 from lib.core.common import wasLastRequestDBMSError
@@ -19,6 +20,7 @@
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.settings import DEFAULT_PAGE_ENCODING
 from lib.core.settings import DIFF_TOLERANCE
+from lib.core.settings import HTML_TITLE_REGEX
 from lib.core.settings import MIN_RATIO
 from lib.core.settings import MAX_RATIO
 from lib.core.settings import LOWER_RATIO_BOUND
@@ -80,8 +82,13 @@ def comparison(page, getRatioValue=False, pageLength=None):
         elif isinstance(seqMatcher.a, unicode) and isinstance(page, str):
             seqMatcher.a = seqMatcher.a.encode(kb.pageEncoding or DEFAULT_PAGE_ENCODING, 'ignore')
 
-        seqMatcher.set_seq1(getFilteredPageContent(seqMatcher.a, True) if conf.textOnly else seqMatcher.a)
-        seqMatcher.set_seq2(getFilteredPageContent(page, True) if conf.textOnly else page)
+        if conf.titles:
+            seqMatcher.set_seq1(extractRegexResult(HTML_TITLE_REGEX, seqMatcher.a))
+            seqMatcher.set_seq2(extractRegexResult(HTML_TITLE_REGEX, page))
+        else:
+            seqMatcher.set_seq1(getFilteredPageContent(seqMatcher.a, True) if conf.textOnly else seqMatcher.a)
+            seqMatcher.set_seq2(getFilteredPageContent(page, True) if conf.textOnly else page)
+
         if seqMatcher.a is None or seqMatcher.b is None:
             ratio = None
         else:
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -221,6 +221,10 @@ regexp =
 # Valid: True or False
 textOnly = False
 
+# Compare pages based only on their titles
+# Valid: True or False
+titles = False
+
 
 # These options can be used to tweak testing of specific SQL injection
 # techniques.
