no cast and no escape options

Author: Marshall Lee Whittaker

background.js

@@ -25,6 +25,8 @@ var chunkedOption = false;
 var dropcookOption = false;
 var threadsOption = "2";
 var unstableconnOption = false;
+var nocastOption = false;
+var noescapeOption = false;
 var trigger;
 
 
@@ -91,8 +93,11 @@ function assembleCmd(url, referUrl) {
  if (chunkedOption) {sqlmapText += " --chunked"; };
  if (dropcookOption) {sqlmapText += " --drop-set-cookie"; };
  if (unstableconnOption) {sqlmapText += " --unstable"; };
+ if (nocastOption) {sqlmapText += " --no-cast"; };
+ if (noescapeOption) {sqlmapText += " --no-escape"; };
  sqlmapText += " --threads " + threadsOption;
- sqlmapText += sqlmapheaders;
+ 
+ sqlmapText += sqlmapheaders;
  try {
  if (sqlmapUserOption.replace(/\s/g,'')) { sqlmapText += " " + sqlmapUserOption; } 
  }
@@ -164,7 +169,7 @@ browser.contextMenus.onClicked.addListener((info, tab) => {
 
  // check the saved options each click in case they changed
  let gettingOptions = browser.storage.sync.get(
- ['quotes','prog','verbose','rua','dumpall','osshell','sqlmapUser', 'keepalive', 'nullconn', 'textonly', 'titleonly', 'batchp', 'hex', 'mobile', 'chunked', 'dropcook', 'threads', 'unstableconn', 'snackbar'])
+ ['quotes','prog','verbose','rua','dumpall','osshell','sqlmapUser', 'keepalive', 'nullconn', 'textonly', 'titleonly', 'batchp', 'hex', 'mobile', 'chunked', 'dropcook', 'threads', 'unstableconn', 'nocast', 'noescape', 'snackbar'])
  .then((res) => {
  quotesOption = res.quotes;
  programOption = res.prog;
@@ -184,6 +189,8 @@ browser.contextMenus.onClicked.addListener((info, tab) => {
  dropcookOption = res.dropcook;
  threadsOption = res.threads;
  unstableconnOption = res.unstableconn;
+ nocastOption = res.nocast;
+ noescapeOption = res.noescape;
  snackbarOption = res.snackbar;
  });
  let promiseCancel = new Promise(function(resolve,reject) {

options.html

@@ -55,6 +55,10 @@
  "threads" /><br />
  </div>
  <div id="injection" class="tab-content">
+ No payload cast: <input type="checkbox" name="nocast" id=
+ "nocast" /><br />
+ No string escape: <input type="checkbox" name="noescape" id=
+ "noescape" /><br />
  </div>
  <div id="enum" class="tab-content">
  Dump all tables: <input type="checkbox" name="dumpall" id=

options.js

@@ -18,6 +18,8 @@ function saveOptions(e) {
  dropcook: document.querySelector('input[name=dropcook]').checked,
  threads: document.querySelector('input[name=threads]').value,
  unstableconn: document.querySelector('input[name=unstableconn]').checked,
+ nocast: document.querySelector('input[name=nocast]').checked,
+ noescape: document.querySelector('input[name=noescape]').checked,
  snackbar: document.querySelector('input[name=snackbar]').checked, 
 
  });
@@ -29,7 +31,7 @@ function saveOptions(e) {
 
 function restoreOptions() {
  var gettingItem = browser.storage.sync.get(
- ['quotes', 'prog', 'verbose', 'rua', 'dumpall', 'osshell', 'sqlmapUser', 'keepalive', 'nullconn', 'textonly', 'titleonly', 'batchp', 'hex', 'mobile', 'chunked', 'dropcook', 'threads', 'unstableconn', 'snackbar']);
+ ['quotes', 'prog', 'verbose', 'rua', 'dumpall', 'osshell', 'sqlmapUser', 'keepalive', 'nullconn', 'textonly', 'titleonly', 'batchp', 'hex', 'mobile', 'chunked', 'dropcook', 'threads', 'unstableconn', 'nocast', 'noescape', 'snackbar']);
  gettingItem.then((res) => {
 
  if (Object.keys(res).length > 0 && res.constructor === Object) {
@@ -51,6 +53,8 @@ function restoreOptions() {
  document.querySelector('input[name=dropcook]').checked = res.dropcook ? res.dropcook : false;
  document.querySelector('input[name=threads]').value = res.threads ? res.threads : '2';
  document.querySelector('input[name=unstableconn]').checked = res.unstableconn ? res.unstableconn : false;
+ document.querySelector('input[name=nocast]').checked = res.nocast ? res.nocast : false;
+ document.querySelector('input[name=noescape]').checked = res.noescape ? res.noescape : false;
  document.querySelector('input[name=snackbar]').checked = res.snackbar ? res.snackbar : false;
  }
  // if no saved info save the defaults to initialize