important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode

lib/core/data.py

@@ -21,6 +21,9 @@ from lib.core.settings import FIREBIRD_ALIASES
 # sqlmap paths
 paths = advancedDict()
 
+# object to store original command line options
+cmdLineOptions = advancedDict()
+
 # object to share within function and classes command
 # line options and settings
 conf = advancedDict()

lib/core/session.py

@@ -40,6 +40,19 @@ def unSafeFormatString(value):
         retVal = retVal.replace("__LEFT_SQUARE_BRACKET__", "[").replace("__RIGHT_SQUARE_BRACKET__", "]")
     return retVal
 
+def setTextOnly():
+    """
+    Save text only option to session file.
+    """
+
+    condition = (
+                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
+                  not kb.resumedQueries[conf.url].has_key("Text only") )
+                )
+
+    if condition:
+        dataToSessionFile("[%s][None][None][Text only][True]\n" % conf.url)
+
 def setString():
     """
     Save string to match in session file.
@@ -263,7 +276,23 @@ def setRemoteTempPath():
         dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(conf.tmpPath)))
 
 def resumeConfKb(expression, url, value):
-    if expression == "String" and url == conf.url:
+    if expression == "Text only" and url == conf.url:
+        value = unSafeFormatString(value[:-1])
+
+        logMsg = "resuming text only option '%s' from session file" % value
+        logger.info(logMsg)
+
+        if value and not conf.textOnly:
+            message = "you did not turned on --text-only switch this time "
+            message += "which could potentially lead to different "
+            message += "and/or unstable results. "
+            message += "Do you want to turn it on? [Y/n] "
+            test = readInput(message, default="Y")
+
+            if not test or test[0] in ("y", "Y"):
+                conf.textOnly = value
+
+    elif expression == "String" and url == conf.url:
         string = unSafeFormatString(value[:-1])
 
         logMsg = "resuming string match '%s' from session file" % string

lib/core/target.py

@@ -16,6 +16,7 @@ import time
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
 from lib.core.common import readInput
+from lib.core.data import cmdLineOptions
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -29,6 +30,7 @@ from lib.core.exception import sqlmapSyntaxException
 from lib.core.option import __setDBMS
 from lib.core.option import __setKnowledgeBaseAttributes
 from lib.core.session import resumeConfKb
+from lib.core.session import setTextOnly
 from lib.core.xmldump import dumper as xmldumper
 from lib.request.connect import Connect as Request
 
@@ -263,6 +265,22 @@ def __createTargetDirs():
     __createFilesDir()
     __configureDumper()
 
+def __saveSwitches():
+    """
+    Store critical switches to the session file.
+    """
+    if conf.textOnly:
+        setTextOnly()
+
+def __restoreCmdLineOptions():
+    """
+    Restore command line options that could be possibly 
+    changed during the testing of previous target.
+    """
+    conf.regexp = cmdLineOptions.regexp
+    conf.string = cmdLineOptions.string
+    conf.textOnly = cmdLineOptions.textOnly
+
 def initTargetEnv():
     """
     Initialize target environment.
@@ -277,9 +295,11 @@ def initTargetEnv():
         conf.sessionFile   = None
 
         __setKnowledgeBaseAttributes(False)
+        __restoreCmdLineOptions()
         __setDBMS()
 
 def setupTargetEnv():
     __createTargetDirs()
     __setRequestParams()
     __setOutputResume()
+    __saveSwitches()