Fixes #178 and #179 - proper handling of custom redirects

2025-12-06 20:51:31 +00:00 · 2010-03-16 14:30:57 +00:00
parent 3b3353e05b
commit 466df89c4a
4 changed files with 28 additions and 17 deletions
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -31,6 +31,7 @@ import urlparse
 import traceback

 from lib.contrib import multipartpost
+from lib.core.common import readInput
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
@@ -125,12 +126,24 @@ class Connect:
            req            = urllib2.Request(url, post, headers)
            conn           = urllib2.urlopen(req)

-            if hasattr(conn, "redurl"):
-                infoMsg  = "connection redirected, going to use "
-                infoMsg += "%s as target address" % conn.redurl
-                logger.info(infoMsg)
+            if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled:
+                msg  = "sqlmap got a %d redirect to " % conn.redcode
+                msg += "%s - What target address do you " % conn.redurl
+                msg += "want to use from now on? %s " % conf.url
+                msg += "(default) or provide another target address based "
+                msg += "also on the redirection got from the application\n"

-                conf.url = conn.redurl
+                while True:
+                    choice = readInput(msg, default="1")
+
+                    if not choice or choice == "1":
+                        pass
+                    else:
+                        conf.url = choice
+
+                    break
+
+                conf.redirectHandled = True

                return Connect.__getPageProxy(**kwargs)