直接传headers

AutoSqli.py

@@ -8,7 +8,7 @@
 
 class AutoSqli(Thread):
     def __init__(self, server='', target='', 
-        data='', referer='', cookie='', req_text=''):
+        data='', headers='', req_text=''):
         Thread.__init__(self)
         self.server = server
         if self.server[-1] != '/':
@@ -18,8 +18,11 @@ def __init__(self, server='', target='',
         self.engineid = ''
         self.status = ''
         self.data = data
-        self.referer = referer
-        self.cookie = cookie
+        self.headers = ''
+        for key,value in headers:
+            self.headers += "%s:%s\n" % (key, value)
+        #self.referer = referer
+        #self.cookie = cookie
         self.req_text = req_text
         self.start_time = time.time()
 
@@ -38,15 +41,16 @@ def task_delete(self):
         return False
 
     def scan_start(self):
-        headers = {'Content-Type': 'application/json'}
+        _headers = {'Content-Type': 'application/json'}
         payload = {
             'url': self.target,
             'data': self.data,
-            'cookie': self.cookie,
-            'referer': self.referer}
+            #'cookie': self.cookie,
+            #'referer': self.referer}
+            'headers': self.headers}
         url = self.server + 'scan/' + self.taskid + '/start'
         t = json.loads(
-            requests.post(url, data=json.dumps(payload), headers=headers).text)
+            requests.post(url, data=json.dumps(payload), headers=_headers).text)
         self.engineid = t['engineid']
         if len(str(self.engineid)) > 0 and t['success']:
             return True
@@ -68,18 +72,19 @@ def scan_data(self):
         if len(self.data) == 0:
             print 'not injection:\t' + self.target
         else:
-            print '=======> injection:\t' + self.target
-            SQLIRecords.insert(url=self.target, request_text=self.req_text).execute()
+            print '\033[1;5;32;40m=======> injection:\t' + self.target + '\033[0m'
+            SQLIRecords.insert(url=self.target, parameter=self.data[0]['value'][0]['parameter'], request_text=self.req_text).execute()
 
     def option_set(self):
-        headers = {'Content-Type': 'application/json'}
+        _headers = {'Content-Type': 'application/json'}
         option = {"options": {
                     "smart": True,
+                    #"batch": True,
                     }
                  }
         url = self.server + 'option/' + self.taskid + '/set'
         t = json.loads(
-            requests.post(url, data=json.dumps(option), headers=headers).text)
+            requests.post(url, data=json.dumps(option), headers=_headers).text)
 
     def scan_stop(self):
         json.loads(
@@ -101,13 +106,13 @@ def run(self):
                 return False
             while True:
                 if self.scan_status() == 'running':
-                    time.sleep(10)
+                    time.sleep(5)
                 elif self.scan_status() == 'terminated':
                     break
                 else:
                     break
                 print self.target + ":\t" + str(time.time() - self.start_time)
-                if time.time() - self.start_time > 500:
+                if time.time() - self.start_time > 50:
                     error = True
                     self.scan_stop()
                     self.scan_kill()
@@ -121,4 +126,4 @@ def run(self):
 
 # if __name__ == '__main__':
 #     t = AutoSqli('http://127.0.0.1:8775', 'http://www.zxssyxx.com/read.asp?id=2471')
-#     t.run()
+#     t.run()

sqlirunner.py

@@ -12,9 +12,10 @@ class SqliRunner(object):
     def __init__(self, request):
         self.request = request
         self.url = request.url
-        self.data = request.body
-        self.cookie = self.get_from_headers('cookie')
-        self.referer = self.get_from_headers('referer')
+        self.content = request.content        
+        self.headers = request.headers
+        #self.cookie = self.get_from_headers('Cookie')
+        #self.referer = self.get_from_headers('Referer')
         self.req_text = self.get_raw_request(self.request)
 
     def get_raw_request(self, request):
@@ -25,7 +26,7 @@ def get_raw_request(self, request):
         method = request.method
         url = request.url
         urlp = urlparse(url)
-        body = request.body
+        body = request.content
         headers = request.headers
         protocol = 'HTTP/1.1'
         if not urlp.fragment and not urlp.query:
@@ -37,29 +38,29 @@ def get_raw_request(self, request):
         else:
             link = "%s?%s#%s" % (urlp.path, urlp.query, urlp.fragment)
         text += "%s %s %s\r\n" % (method, link, protocol)
-        for h in headers.get_all():
-            text += "%s: %s\r\n" % (h[0], h[1])
+        for key,value in headers:
+            text += "%s: %s\r\n" % (key, value)
         text += "\r\n"
         if body: text += body
         return text
 
-    def get_from_headers(self, key):
-        try:
-            item = self.request.headers.get_list(key)
-            if not item: 
-                return ''
-            else:
-                return item[0]
-        except Exception, e:
-            return ''
+    # def get_from_headers(self, key):
+        # try:
+            # item = self.request.headers.get(key)
+            # if not item: 
+                # return ''
+            # else:
+                # return item[0]
+        # except Exception, e:
+            # return ''
 
     def run(self):
         """
         Run the sqli detection using HTTPRequest object.
         """
         try:
-            detecter = AutoSqli(SERVER, self.url, self.data, 
-                self.referer, self.cookie, self.req_text) 
+            detecter = AutoSqli(SERVER, self.url, self.content, 
+                self.headers, self.req_text) 
             detecter.deamon = True
             detecter.start()
         except Exception, e: