Fixed some bugs and added random user agent selection.

Author: Marshall Lee Whittaker

background.js

@@ -11,9 +11,9 @@
 
 
 var quotesOption = false;
-var programOption = 'curl';
-var fileOption = 'auto';
+var programOption = 'sqlmap';
 var verboseOption = false;
+var ruaOption = true;
 var headers = '';
 var sqlmapheaders = '';
 var snackbarOption = false;
@@ -55,7 +55,10 @@ let getHeaders = (e) => {
  headers = '';
  sqlmapheaders = '';
  for (let header of e.requestHeaders) {
- sqlmapheaders += " --header '" + header.name + ": " + header.value + "'";
+ if(header.name.match(/Cookie/)) {
+// grabs the cookie value
+ sqlmapheaders += " --cookie '" + header.value + "'";
+ }
  }
  //console.log('headers: ' + headers.toString());
 
@@ -71,6 +74,7 @@ let getHeaders = (e) => {
 function assembleCmd(url, referUrl) {
  let sqlmapText = "sqlmap.py"; // sqlmap command holder
  if (verboseOption) {sqlmapText += " -v 4"; }
+ if (ruaOption) {sqlmapText += " --random-agent"; }
  // ######################################################################
  // use remote suggested filename, how safe is this? also only available in moderately up to date 
  // ## replacement for -O -J, same security issues though, make optional 
@@ -155,13 +159,12 @@ browser.contextMenus.onClicked.addListener((info, tab) => {
 
  // check the saved options each click in case they changed
  let gettingOptions = browser.storage.sync.get(
- ['quotes','prog','file','filename','ratelimit','verbose','resume','wgetUser','curlUser', 'sqlmapUser', 'snackbar'])
+ ['quotes','prog','verbose','rua','sqlmapUser', 'snackbar'])
  .then((res) => {
  quotesOption = res.quotes;
  programOption = res.prog;
- fileOption = res.file;
- filenameOption = res.filename;
  verboseOption = res.verbose;
+ ruaOption = res.rua;
  sqlmapUserOption = res.sqlmapUser;
  snackbarOption = res.snackbar;
  });

options.html

@@ -12,8 +12,9 @@
  <input visibility="hidden" type="radio" name="prog" id="prog" value="sqlmap"> SQLMap <br>
  Show Message on Copy: <input type="checkbox" name="snackbar" id="snackbar" checked="checked"><br>
  Verbose output: <input type="checkbox" name="verbose" id="verbose"><br><br><br>
+ Use Random User-Agent: <input type="checkbox" name="rua" id="rua"><br><br><br>
  Any input in the boxes below will be inserted as options for the respective commands<br>
- SQLMap Options: <input type="text" name="sqlmapUser" id="sqlmapUser" ><br><br><br>
+  SQLMap Options: <input type="text" name="sqlmapUser" id="sqlmapUser" ><br><br><br>
 
  <button type="submit">Save</button>
  </form>

options.js

@@ -2,9 +2,8 @@ function saveOptions(e) {
  browser.storage.sync.set({
  quotes: document.querySelector('input[name=quotes]').checked,
  prog: document.querySelector('input[name=prog]:checked').value,
- file: document.querySelector('input[name=file]:checked').value,
- filename: document.querySelector('input[name=filename]').value,
  verbose: document.querySelector('input[name=verbose]').checked,
+ rua: document.querySelector('input[name=rua]').checked,
  sqlmapUser: document.querySelector('input[name=sqlmapUser]').value,
  snackbar: document.querySelector('input[name=snackbar]').checked,
 
@@ -17,13 +16,14 @@ function saveOptions(e) {
 
 function restoreOptions() {
  var gettingItem = browser.storage.sync.get(
- ['quotes', 'prog','verbose','resume','sqlmapUser','snackbar']);
+ ['quotes', 'prog','verbose','rua','resume','sqlmapUser','snackbar']);
  gettingItem.then((res) => {
 
  if (Object.keys(res).length > 0 && res.constructor === Object) {
  document.querySelector('input[name=quotes]').checked = res.quotes ? res.quotes : false;
  document.querySelector('input[name=prog][value=' + res.prog + ']').checked = true;
  document.querySelector('input[name=verbose]').checked = res.verbose ? res.verbose : false;
+ document.querySelector('input[name=rua]').checked = res.rua ? res.rua : false;
  document.querySelector('input[name=sqlmapUser]').value = res.sqlmapUser ? res.sqlmapUser : '';
  document.querySelector('input[name=snackbar]').checked = res.snackbar ? res.snackbar : false;
  }