def save_handler(self, req, req_body, res, res_body): #check res.status if re.match(config.filter_code, str(res.status)): return #check host if not len([h for h in config.included_host if req.headers.get('Host', '').endswith(h)]): return if len([h for h in config.excluded_host if req.headers.get('Host', '').endswith(h)]): return #check fileext if len([h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h)]): return #check query, get must have query string or url-rewrited #GET method, have ext and do not have query string if os.path.splitext(req.path)[1] and req.command == 'GET' and not urlparse.urlparse(req.path).query: return #prepare request req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers) if req.command == 'GET': request = req_header_text + '\n' keystr = req.path else: request = req_header_text + '\n' + req_body a = req_body b = a.split('&') c = [] for i in b: if i.find('=') > 0: arr = i.split('=') c.append(arr[0]) keystr = "%s%s"%(req.path,''.join(sorted(c))) else: request = req_header_text + '\n' keystr = req.path #post请求时把postdata放入检测 #print req_body #avoid same params multi test sig = self.make_sig(req.path) if self.check_history(sig): return self.query_log[sig] = True fname = str(uuid.uuid4()) f = open(config.save_path + '/' + fname, 'w') f.write(request) f.close() #print req.headers.get('Cookie') if req_body: payload = {'url':req.path,'data':req_body,'cookie':req.headers.get('Cookie')} else: payload = {'url':req.path,'cookie':req.headers.get('Cookie')} #通过类传参,把payload传入检测队列 i = SqlmapAPIWrapper(fname,payload) if i.scan_start(): self.q.put((fname,i.taskid,payload,time.time()))
def save_handler(self, req, req_body, res, res_body): #check res.status if re.match(config.filter_code, str(res.status)): return #check host if not len([ h for h in config.included_host if req.headers.get('Host', '').endswith(h) ]): return if len([ h for h in config.excluded_host if req.headers.get('Host', '').endswith(h) ]): return #check fileext if len([ h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h) ]): return #check query, get must have query string or url-rewrited #GET method, have ext and do not have query string if os.path.splitext( req.path )[1] and req.command == 'GET' and not urlparse.urlparse( req.path).query: return #prepare request req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers) if req.command == 'GET': request = req_header_text + '\n' else: request = req_header_text + '\n' + req_body #avoid same params multi test sig = self.make_sig(req.path) if self.check_history(sig): return self.query_log[sig] = True fname = str(uuid.uuid4()) f = open(config.save_path + '/' + fname, 'w') f.write(request) f.close() i = SqlmapAPIWrapper(fname) if i.scan_start(): config.queue.put((fname, i.taskid, req.path, time.time()))
def save_handler(self, req, req_body, res, res_body): #check res.status if re.match(config.filter_code, str(res.status)): return #check host if not len([h for h in config.included_host if req.headers.get('Host', '').endswith(h)]): return if len([h for h in config.excluded_host if req.headers.get('Host', '').endswith(h)]): return #check fileext if len([h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h)]): return #check query, get must have query string or url-rewrited #GET method, have ext and do not have query string if os.path.splitext(req.path)[1] and req.command == 'GET' and not urlparse.urlparse(req.path).query: return #prepare request req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers) if req.command == 'GET': request = req_header_text + '\n' else: request = req_header_text + '\n' + req_body #avoid same params multi test sig = self.make_sig(req.path) if self.check_history(sig): return self.query_log[sig] = True fname = str(uuid.uuid4()) f = open(config.save_path + '/' + fname, 'w') f.write(request) f.close() i = SqlmapAPIWrapper(fname) if i.scan_start(): config.queue.put((fname,i.taskid,req.path,time.time()))
def save_handler(self, req, req_body, res, res_body): #check res.status if re.match(config.filter_code, str(res.status)): return #check host if not len([ h for h in config.included_host if req.headers.get('Host', '').endswith(h) ]): return if len([ h for h in config.excluded_host if req.headers.get('Host', '').endswith(h) ]): return #check fileext if len([ h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h) ]): return #check query, get must have query string or url-rewrited #GET method, have ext and do not have query string if os.path.splitext( req.path )[1] and req.command == 'GET' and not urlparse.urlparse( req.path).query: return #prepare request req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers) if req.command == 'GET': request = req_header_text + '\n' keystr = req.path else: #POST if req_body: request = req_header_text + '\n' + str(req_body) a = str(req_body) #分割post data参数 b = a.split('&') c = [] for i in b: if i.find('=') > 0: arr = i.split('=') c.append(arr[0]) keystr = "%s/%s" % (req.path, ''.join(sorted(c))) #修改某些Post请求为空时出错 #else: request = req_header_text + '\n' + str(req_body) keystr = req.path #post请求时把postdata放入检测 #print req_body #avoid same params multi test sig = self.make_sig(keystr) if self.check_history(sig): return self.query_log[sig] = True fname = str(uuid.uuid4()) f = open(config.save_path + '/' + fname, 'w') f.write(request) f.close() #print req.headers.get('Cookie') if req_body: payload = { 'url': req.path, 'data': req_body, 'cookie': req.headers.get('Cookie'), 'agent': req.headers.get('User-Agent'), 'level': 3 } else: payload = { 'url': req.path, 'cookie': req.headers.get('Cookie'), 'agent': req.headers.get('User-Agent'), 'level': 3 } #通过类传参,把payload传入检测队列 i = SqlmapAPIWrapper(fname, payload) if i.scan_start(): self.q.put((fname, i.taskid, payload, time.time()))