skipped 15 lines 16 16 except: 17 17 print "==== ERROR ====" + "\n\nFailed to load dependencies.\n" +str(sys.exc_info()[1]) +"\n\n==== ERROR ====\n\n" 18 18 19 - VERSION = "0.954 " 19 + VERSION = "0.956 " 20 20 21 21 class BurpExtender(IBurpExtender, ITab, IMessageEditorController, IContextMenuFactory): 22 22 skipped 104 lines 127 127 _url = _url.strip() 128 128 if not self.isURLValid(str(_url)) or _url == self._txtURLDefault: 129 129 self._tbAuthURL.setForeground (Color.red) 130 - self._lblAuthNotification.text = "Please check url list ! " 130 + self._lblAuthNotification.text = "URLs should start with ' http / s ' and not have any spaces . Please check: ' " + _url + " ' " 131 131 self._lblAuthNotification.setForeground (Color.red) 132 132 return 133 133 self._tbAuthURL.setForeground (Color.black) skipped 76 lines 210 210 self._cbUnionDepth.setEnabled(False) 211 211 return 212 212 213 - def _cbOrderBasedFunc(self, ev): 214 - if self._cbOrderBased.isSelected(): 215 - self._cbOrderDepth.setEnabled(True) 216 - else: 217 - self._cbOrderDepth.setEnabled(False) 218 - return 219 - 220 213 def funcGeneratePayload(self, ev): 221 214 self._lblStatusLabel.setForeground (Color.red) 222 215 self._tabDictResultDisplay.setText("") skipped 174 lines 397 390 self._lblStatusLabel.setText('There is no a generic method exists for this choice! Please also pick a database!') 398 391 self._tabDictResultDisplay.setText('') 399 392 return 400 - if not (self._cbTimeBased.isSelected() or self._cbStackedSQL.isSelected() or self._cbUnionBased.isSelected() or self._cbBooleanBased.isSelected() or self . _cbOrderBased . isSelected ( ) ): 393 + if not (self._cbTimeBased.isSelected() or self._cbStackedSQL.isSelected() or self._cbUnionBased.isSelected() or self._cbBooleanBased.isSelected()): 401 394 self._lblStatusLabel.setForeground (Color.red) 402 395 self._lblStatusLabel.setText('There is no a generic method exists for this choice! Please also pick an attack type!') 403 396 self._tabDictResultDisplay.setText('') skipped 33 lines 437 430 listSQLi.append(prefix + " or " + escapeChar + "xyz" + escapeChar + "=" + escapeChar + "xyz" + escapeChar + "\n") 438 431 listSQLi.append(prefix + " or " + escapeChar + "xyz" + escapeChar + "=" + escapeChar + "xyz" + escapeChar + suffix + "\n") 439 432 440 - if self._cbOrderBased.isSelected(): 441 - for prefix in prefixes: 442 - for escapeChar in escapeChars: 443 - if (prefix[:2].count("\\")) and (escapeChar[:2].count("\\")): 444 - if (prefix[:2].count("\\") != escapeChar[:2].count("\\")): 445 - continue 446 - for suffix in suffixes[1:]: 447 - for i in range(int(self._cbOrderDepth.getSelectedItem())): 448 - listSQLi.append(prefix + escapeChar + " order by " + str(i+1) + suffix + "\n") 449 - if not escapeChar: 450 - listSQLi.append(prefix + escapeChar + " order by " + str(i+1) + "\n") 451 - 452 433 unions = ["null", "1337", "'1337'"] 453 434 if self._cbUnionBased.isSelected(): 454 435 for prefix in prefixes: skipped 296 lines 751 732 self._responseViewer.setMessage("", False) 752 733 753 734 def isURLValid(self, urlAdd): 754 - if " " in urlAdd.strip(): 755 - # check if space exists 756 - return False 757 - elif urlAdd.strip().startswith("http://") or urlAdd.startswith("https://"): 758 - # check if it starts with http 759 - return True 760 - elif not urlAdd: 761 - # check if whitespace exists 762 - return True 763 - elif urlAdd.isspace(): 764 - # check if only spaces 735 + if (urlparse.urlparse(urlAdd) and urlparse.urlparse(urlAdd).scheme and not " " in urlAdd.strip()) or urlAdd.isspace() or not urlAdd: 765 736 return True 766 737 else: 767 738 return False skipped 234 lines 1002 973 self._cbUnionDepth.setSelectedIndex(4) 1003 974 self._cbUnionDepth.setEnabled(False) 1004 975 self._cbUnionDepth.setToolTipText("Column numbers") 1005 - self._cbOrderBased = JCheckBox('Order-Based', False, itemStateChanged=self._cbOrderBasedFunc) 1006 - self._cbOrderBased.setToolTipText("Order-Based SQL Injection") 1007 - self._cbOrderDepth = JComboBox(list(range(1, 20))) 1008 - self._cbOrderDepth.setSelectedIndex(4) 1009 - self._cbOrderDepth.setEnabled(False) 1010 - self._cbOrderDepth.setToolTipText("Column numbers") 1011 976 self._cbBooleanBased = JCheckBox('Boolean-Based', True) 1012 977 self._cbBooleanBased.setToolTipText("Boolean-Based SQL Injection") 1013 978 self._cbMssqlBased = JCheckBox('MSSQL', True) skipped 34 lines 1048 1013 self._tabDictPanel_SQLi.add(self._cbTimeBased, BorderLayout.PAGE_START) 1049 1014 self._tabDictPanel_SQLi.add(self._cbUnionBased, BorderLayout.PAGE_START) 1050 1015 self._tabDictPanel_SQLi.add(self._cbUnionDepth, BorderLayout.PAGE_START) 1051 - self._tabDictPanel_SQLi.add(self._cbOrderBased, BorderLayout.PAGE_START) 1052 - self._tabDictPanel_SQLi.add(self._cbOrderDepth, BorderLayout.PAGE_START) 1053 1016 self._tabDictPanel_SQLi.setVisible(False) 1054 1017 _tabDictPanel_1.add(self._tabDictPanel_LFI, BorderLayout.PAGE_START) 1055 1018 _tabDictPanel_1.add(self._cbDictCommandInjOpt, BorderLayout.PAGE_START) skipped 145 lines