今天,我发现了一个问题,即我的sqlmap gui无法使用sqlmap来破解DVWA。 DVWA需要cookie,但是要使用复制和粘贴,我要验证下载cookie的真实性,并将cookie放入标签中。如何验证下载的Cookie并放入标签中?
#!/usr/bin/python2
from tkinter import *
from tkinter import ttk
import os
import subprocess
from urllib import parse
import os, http.cookiejar, urllib.request
root = Tk()
root.title('SQLmap GUI v5')
root.rowconfigure(50, weight=1)
root.columnconfigure(50, weight=1)
root.geometry("580x600")
class app(Frame):
def __init__(self, mw):
Frame.__init__(self, mw)
self.grid( sticky='nswe' )
self.master.minsize(640,480)
self.rowconfigure( 0, weight=100 )
self.columnconfigure( 0, weight=100 )
#
panedUrl = ttk.Panedwindow(root, orient=VERTICAL)
panedUrl.rowconfigure( 0, weight=1 )
panedUrl.columnconfigure( 0, weight=10 )
#URL
URL = ttk.Labelframe(root, text='Target url', width=600, height=50)
URL.rowconfigure( 0, weight=200 )
URL.columnconfigure( 0, weight=200)
panedUrl.add(URL)
self.urlentry = ttk.Combobox(root)
self.urlentry.grid(row=0, column=0,sticky = 'we', pady=5)
#query to sqlmap
queryLF = ttk.Labelframe(panedUrl, text='query to sqlmap:', width=100, height=100)
queryLF.rowconfigure( 0, weight=1 )
queryLF.columnconfigure( 0, weight=1 )
panedUrl.add(queryLF)
self.sql_var = StringVar()
self.sqlEdit = ttk.Entry(queryLF)
self.sqlEdit.config(text="", textvariable = self.sql_var)
self.sqlEdit.grid(sticky = 'we', pady=5)
self.sqlEdit.columnconfigure(0, weight=1)
#
panedUrl.grid(row=0, column=0, sticky='we', rowspan =2)
# main frame
noBF = ttk.Notebook(root)
enumer = ttk.Frame(noBF)
noBF.add(enumer, text='Enumeration')
noBF.columnconfigure(10, weight=200)
noBF.grid(row=10, column=0, sticky = 'nswe')
#
# take query SqlMAP
but = ttk.Button(root)
but.config(text ="Injection",width = 10, command=self.commands)
#
but.grid(row=3,column=0, sticky='nw')
#
butstart = ttk.Button(root)
butstart.config(text ="start",width = 10, command=self.injectIT)
butstart.grid(row=3,column=0, sticky='ne')
# Enumerate
#--users Enumerate DBMS users
self.chk_users = ttk.Checkbutton(enumer)
self.chk_users_var = StringVar()
self.chk_text = Text(root)
self.chk_users.config(text="users", variable= self.chk_users_var, onvalue= "on" , offvalue = "off", command= self.chek_users)
self.chk_users.grid(row=0,column=2,sticky = 'w')
#-passwords Enumerate DBMS users password hashes
self.chk_passwords = ttk.Checkbutton(enumer)
self.chk_passwords_var = StringVar()
self.chk_passwords.config(text="passwords", variable= self.chk_passwords_var, onvalue= "on" , offvalue = "off", command= self.chk_passwords)
self.chk_passwords.grid(row=0,column=3,sticky = 'w')
#--roles Enumerate DBMS users roles
self.chk_roles = ttk.Checkbutton(enumer)
self.chk_roles_var = StringVar()
self.chk_roles.config(text="roles", variable= self.chk_roles_var, onvalue= "on" , offvalue = "off", command= self.chek_roles)
self.chk_roles.grid(row=1,column=3,sticky = 'w')
#-dbs Enumerate DBMS databases
self.chk_dbs = ttk.Checkbutton(enumer)
self.chk_dbs_var = StringVar()
self.chk_dbs.config(text="dbs", variable= self.chk_dbs_var, onvalue= "on" , offvalue = "off", command= self.chek_dbs)
self.chk_dbs.grid(row=3,column=2,sticky = 'w')
#--tables Enumerate DBMS database tables
self.chk_tables = ttk.Checkbutton(enumer)
self.chk_tables_var = StringVar()
self.chk_tables.config(text="tables", variable= self.chk_tables_var, onvalue= "on" , offvalue = "off", command= self.chek_tables)
self.chk_tables.grid(row=3,column=3,sticky = 'w')
#--columns Enumerate DBMS database table columns
self.chk_columns = ttk.Checkbutton(enumer)
self.chk_columns_var = StringVar()
self.chk_columns.config(text="columns", variable= self.chk_columns_var, onvalue= "on" , offvalue = "off", command= self.chek_columns)
self.chk_columns.grid(row=1,column=2,sticky = 'w')
#--count Retrieve number of entries for table(s)
self.chk_count = ttk.Checkbutton(enumer)
self.chk_count_var = StringVar()
self.chk_count.config(text="count", variable= self.chk_count_var, onvalue= "on" , offvalue = "off", command= self.chek_count)
self.chk_count.grid(row=3,column=4,sticky = 'w')
# users
def chek_users(self):
sql_users = self.chk_users_var.get()
if sql_users == "on" :
users_sql= ' --users'
else:
users_sql= ''
return users_sql
# passwords
def chek_passwords(self):
sql_passwords = self.chk_passwords_var.get()
if sql_passwords == "on" :
passwords_sql= ' --passwords'
else:
passwords_sql= ''
return passwords_sql
# roles
def chek_roles(self):
sql_roles = self.chk_roles_var.get()
if sql_roles == "on" :
roles_sql= ' --roles'
else:
roles_sql= ''
return roles_sql
# dbs
def chek_dbs(self, *args):
sql_dbs = self.chk_dbs_var.get()
if sql_dbs == "on" :
sql_dbs=' --dbs'
else:
sql_dbs=''
return sql_dbs
# tables
def chek_tables(self):
sql_tables = self.chk_tables_var.get()
if sql_tables == "on" :
tables_sql= ' --tables'
else:
tables_sql= ''
return tables_sql
# columns
def chek_columns(self):
sql_columns = self.chk_columns_var.get()
if sql_columns == "on" :
columns_sql= ' --columns'
else:
columns_sql= ''
return columns_sql
# count
def chek_count(self):
sql_count = self.chk_count_var.get()
if sql_count == "on" :
count_sql= ' --count'
else:
count_sql= ' '
return count_sql
# sqlmap:
def commands(self):
target = ' -u "'+self.urlentry.get()+'"'
inject = target+\
self.chek_passwords()+ self.chek_tables()+\
self.chek_roles()+self.chek_dbs()+\
self.chek_columns()+self.chek_users()+self.chek_count()
self.sql_var.set(inject)
def injectIT(self):
if (os.name == "posix"):
cmd = os.popen("yes Y | sqlmap" + self.sqlEdit.get() +" > t.txt").readlines()
f = open("t.txt", "r")
r_f = f.read()
self.chk_text.insert(INSERT, r_f)
self.chk_text.grid(row=12,column=0)
else:
cmd = os.popen("yes Y | sqlmap" + self.sqlEdit.get() +" > t.txt").readlines()
f = open("t.txt", "r")
r_f = f.read()
self.chk_text.insert(INSERT, r_f)
self.chk_text.grid(row=12,column=0)
cj = http.cookiejar.MozillaCookieJar()
cj.load(os.path.join(os.path.expanduser("~"), ".netscape", "cookies.txt"))
opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
r = opener.open( self.urlentry )
#-----------------------------------------
def main():
appl = app(mw=root)
appl.mainloop()
#-----------------------------------------
if __name__ == '__main__':
main()