MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / parseRequestFile

Function parseRequestFile

lib/core/common.py:5276–5482  ·  view source on GitHub ↗

Parses WebScarab and Burp logs and adds results to the target URL list >>> handle, reqFile = tempfile.mkstemp(suffix=".req") >>> content = b"POST / HTTP/1.0\\nUser-agent: foobar\\nHost: www.example.com\\n\\nid=1\\n" >>> _ = os.write(handle, content) >>> os.close(handle) >>>

(reqFile, checkParams=True)

Source from the content-addressed store, hash-verified

5274 break
5275
5276def parseRequestFile(reqFile, checkParams=True):
5277 """
5278 Parses WebScarab and Burp logs and adds results to the target URL list
5279
5280 >>> handle, reqFile = tempfile.mkstemp(suffix=".req")
5281 >>> content = b"POST / HTTP/1.0\\nUser-agent: foobar\\nHost: www.example.com\\n\\nid=1\\n"
5282 >>> _ = os.write(handle, content)
5283 >>> os.close(handle)
5284 >>> next(parseRequestFile(reqFile)) == ('http://www.example.com:80/', 'POST', 'id=1', None, (('User-agent', 'foobar'), ('Host', 'www.example.com')))
5285 True
5286 """
5287
5288 def _parseWebScarabLog(content):
5289 """
5290 Parses WebScarab logs (POST method not supported)
5291 """
5292
5293 if WEBSCARAB_SPLITTER not in content:
5294 return
5295
5296 reqResList = content.split(WEBSCARAB_SPLITTER)
5297
5298 for request in reqResList:
5299 url = extractRegexResult(r"URL: (?P<result>.+?)\n", request, re.I)
5300 method = extractRegexResult(r"METHOD: (?P<result>.+?)\n", request, re.I)
5301 cookie = extractRegexResult(r"COOKIE: (?P<result>.+?)\n", request, re.I)
5302
5303 if not method or not url:
5304 logger.debug("not a valid WebScarab log data")
5305 continue
5306
5307 if method.upper() == HTTPMETHOD.POST:
5308 warnMsg = "POST requests from WebScarab logs aren't supported "
5309 warnMsg += "as their body content is stored in separate files. "
5310 warnMsg += "Nevertheless you can use -r to load them individually."
5311 logger.warning(warnMsg)
5312 continue
5313
5314 if not (conf.scope and not re.search(conf.scope, url, re.I)):
5315 yield (url, method, None, cookie, tuple())
5316
5317 def _parseBurpLog(content):
5318 """
5319 Parses Burp logs
5320 """
5321
5322 if not re.search(BURP_REQUEST_REGEX, content, re.I | re.S):
5323 if re.search(BURP_XML_HISTORY_REGEX, content, re.I | re.S):
5324 reqResList = []
5325 for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S):
5326 port, request = match.groups()
5327 try:
5328 request = decodeBase64(request, binary=False)
5329 except (binascii.Error, TypeError):
5330 continue
5331 _ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request)
5332 if _:
5333 host = _.group(0).strip()

Callers 2

_setMultipleTargetsFunction · 0.90
_setRequestFromFileFunction · 0.90

Calls 6

readCachedFileContentFunction · 0.85
_parseBurpLogFunction · 0.85
_parseWebScarabLogFunction · 0.85
infoMethod · 0.80
getSafeExStringFunction · 0.70

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…