feat: adds a targeted command thats generate and copy a sqlmap command based on the request

juliosmelo · thc202 · commit 26b7da5e2eeb · 2023-05-15T08:00:30.000+01:00
Signed-off-by: Julio Silveira Melo &lt;juliocsmelo@gmail.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
+### Added
+- targeted/SQLMapCommandGenerator.js - it will generate and copy sqlmap command based on the request
+
 ### Changed
 - Update minimum ZAP version to 2.12.0:
   - Remove compatibility code that provided the singletons (`control` and `model`) in JavaScript scripts, they can now be accessed directly always.
diff --git a/targeted/SQLMapCommandGenerator.js b/targeted/SQLMapCommandGenerator.js
@@ -0,0 +1,30 @@
+//it will generate and copy sqlmap command based on the request
+//released under the Apache v2.0 licence.
+//You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+//author: @juliosmelo
+
+
+function invokeWith(msg) {
+	var string = "sqlmap --url '"+msg.getRequestHeader().getURI().toString()+"' \\\n";
+	var header = msg.getRequestHeader().getHeadersAsString();
+	header = header.split(msg.getRequestHeader().getLineDelimiter());
+
+	for(var i=0;i<header.length;i++){
+		string += " -H '"+header[i].trim()+"' ";
+	}
+	string += " \\\n";
+	var body = msg.getRequestBody().toString();
+	if(body.length() != 0){
+		string += "--data='"+addSlashes(body)+"'";
+	}
+	var selected = new java.awt.datatransfer.StringSelection(string);
+	var clipboard = java.awt.Toolkit.getDefaultToolkit().getSystemClipboard();
+	clipboard.setContents(selected, null);
+	print (string);
+}
+
+function addSlashes(body){
+	var a ={}
+	a[body] = 1;
+	return JSON.stringify(a).slice(2,-4);
+}
