sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers

by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.

sqlmap.conf

@@ -3,8 +3,8 @@
 # Target URL.
 # Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
 # PHP and MySQL (local)
-#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
-url = http://127.0.0.1/sqlmap/mysql/get_int_partialunion.php?id=1
+url = http://127.0.0.1/sqlmap/mysql/get_str.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_int_partialunion.php?id=1
 # PHP and Oracle (local)
 #url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
 # PHP and PostgreSQL (local)
@@ -62,6 +62,12 @@ agent =
 # Example: ./txt/user-agents.txt
 userAgentsFile = 
 
+# Extra HTTP headers
+# Note: there must be a space at the beginning of each header line
+headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Accept-Language: en-us,en;q=0.5
+ Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
+
 # HTTP Authentication type. Useful only if the target url requires
 # HTTP Basic or Digest authentication and you have such data.
 # Valid: Basic or Digest
@@ -105,6 +111,12 @@ testParameter =
 # Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
 dbms = 
 
+# Injection payload prefix string
+prefix = 
+
+# Injection payload postfix string
+postfix = 
+
 # String to match within the page content when the query is valid, only
 # needed if the page content dynamically changes at each refresh,
 # consequently changing the MD5 hash of the page which is the method used