chore(release): bump version to 1.8.51

- 同步后端和 Burp 插件 7 处版本号

- 更新 README 中英文变更日志

- 增加 SQLMap -r 参数 bug 的 Issue 报告文档

Author: lanshuizhiyue

README.md

@@ -9,7 +9,7 @@
   <img src="https://img.shields.io/badge/Vue-3.x-green.svg" alt="Vue">
   <img src="https://img.shields.io/badge/FastAPI-0.100+-red.svg" alt="FastAPI">
   <img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License">
-  <img src="https://img.shields.io/badge/Version-1.8.50-orange.svg" alt="Version">
+  <img src="https://img.shields.io/badge/Version-1.8.51-orange.svg" alt="Version">
 </p>
 
 <p align="center">
@@ -292,6 +292,12 @@ sqlmapWebUI/
 
 ## 📝 更新日志
 
+### v1.8.51 (2026-04-16)
+
+**修复 (Burp 插件)**
+- 修复 Burp 插件生成的 HTTP 请求文件尾部多余空行导致 SQLMap `-r` 模式误将 GET 识别为 POST 的问题
+- 在 Montoya API 和 Legacy API 插件中增加尾部空行防御性清理逻辑
+
 ### v1.8.50 (2026-03-27)
 
 **新功能 (VulnShop 靶场)**

README_EN.md

@@ -9,7 +9,7 @@
   <img src="https://img.shields.io/badge/Vue-3.x-green.svg" alt="Vue">
   <img src="https://img.shields.io/badge/FastAPI-0.100+-red.svg" alt="FastAPI">
   <img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License">
-  <img src="https://img.shields.io/badge/Version-1.8.49-orange.svg" alt="Version">
+  <img src="https://img.shields.io/badge/Version-1.8.51-orange.svg" alt="Version">
 </p>
 
 <p align="center">
@@ -292,6 +292,12 @@ Please read the [Disclaimer](DISCLAIMER.md) before use.
 
 ## 📝 Changelog
 
+### v1.8.51 (2026-04-16)
+
+**Fixes (Burp Plugin)**
+- Fixed SQLMap `-r` mode incorrectly treating GET as POST due to trailing newlines in HTTP request files generated by Burp plugins
+- Added defensive trailing newline cleanup logic in both Montoya API and Legacy API plugins
+
 ### v1.8.49 (2026-03-27)
 
 **Documentation**

doc/SQLMAP_R_PARAMETER_POST_BUG_REPORT.md

@@ -0,0 +1,169 @@
+# SQLMap `-r` 参数误识别 GET 请求为 POST 请求 —— GitHub Issue 报告
+
+---
+
+## Issue 标题
+
+`-r` option incorrectly treats GET request as POST when request file contains trailing newlines
+
+---
+
+## 问题描述 / Description
+
+When using SQLMap with the `-r` option to load an HTTP request from a file, if the request file contains **trailing newlines after the standard HTTP empty line** (i.e., more than one `\r\n` or `\n` at the end), SQLMap incorrectly interprets the request as a **POST request**, regardless of the actual HTTP method specified in the request line.
+
+This behavior affects any HTTP method (GET, PUT, DELETE, etc.) when the request file is not strictly terminated after the single empty line that separates headers from the body.
+
+A typical scenario where this bug is triggered: the original request is a POST (see "Original Request" below), but after editing it in Burp Repeater to change the method to GET and removing the body, the generated request file may still contain trailing newlines. SQLMap then incorrectly treats the edited GET request as POST.
+
+---
+
+## 复现步骤 / Steps to Reproduce
+
+### Original Request (for context)
+
+The original HTTP request before editing was a POST with a JSON body:
+
+```http
+POST /api/user/login HTTP/1.1
+Host: 127.0.0.1:9527
+Content-Length: 37
+sec-ch-ua-platform: "Windows"
+Accept-Language: zh-CN,zh;q=0.9
+sec-ch-ua: "Chromium";v="145", "Not:A-Brand";v="99"
+Content-Type: application/json
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
+Accept: */*
+Origin: http://127.0.0.1:9527
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://127.0.0.1:9527/
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+
+{"username":"test","password":"test"}
+```
+
+### Reproducible Request File
+
+After editing the request in Burp Repeater (changing method to GET and removing the body), create a file `requests.txt` with the following content. Note that it ends with **two empty lines** instead of one:
+
+```http
+GET /api/user/login HTTP/1.1
+Host: 127.0.0.1:9527
+Content-Length: 0
+sec-ch-ua-platform: "Windows"
+Accept-Language: zh-CN,zh;q=0.9
+sec-ch-ua: "Chromium";v="145", "Not:A-Brand";v="99"
+Content-Type: application/json
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
+Accept: */*
+Origin: http://127.0.0.1:9527
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://127.0.0.1:9527/
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+
+
+```
+
+> **Note:** The file ends with **two empty lines** instead of one. In other words, there are extra newline characters after the standard HTTP empty line.
+
+Run SQLMap with the `-r` option:
+
+```bash
+python sqlmap.py -r requests.txt --batch --level=1 --risk=1
+```
+
+To verify the actual HTTP method sent by SQLMap, you can proxy the traffic through Burp Suite or any other intercepting proxy using the `--proxy` option:
+
+```bash
+python sqlmap.py -r requests.txt --batch --level=1 --risk=1 --proxy=http://127.0.0.1:8080
+```
+
+Observe that SQLMap treats this as a **POST request** and attempts to inject into the "body" parameters, even though the request method is explicitly `GET`.
+
+---
+
+## 预期行为 / Expected Behavior
+
+SQLMap should respect the HTTP method specified in the request line (`GET` in this case) and should not incorrectly infer `POST` solely based on trailing newlines in the request file.
+
+According to RFC 7230, the empty line (`CRLF CRLF`) marks the end of the header section. Any content **after** that empty line constitutes the message body. However, **trailing empty lines alone** (without actual body content) should not cause SQLMap to change the request method or assume the presence of a body.
+
+---
+
+## 实际行为 / Actual Behavior
+
+SQLMap detects "content" after the first empty line (even if it's just additional newline characters) and proceeds to:
+- Treat the request as a **POST request**
+- Attempt to parse and inject into what it believes is the request body
+- Ignore or mishandle URL/query parameters that should be the actual injection targets
+
+---
+
+## 环境信息 / Environment
+
+- **SQLMap version:** 1.10 (also affects 1.9.11.3 and likely earlier versions)
+- **Python version:** 3.10+
+- **OS:** Windows 10 (also reproducible on Windows 11 and Linux)
+
+---
+
+## 根因分析 / Root Cause Analysis
+
+The issue appears to be in how SQLMap parses the request file when the `-r` option is used. Specifically, the parser likely checks for the presence of **any bytes after the first `\r\n\r\n`** (or `\n\n`) sequence. If trailing newlines exist, the parser assumes there is a message body and consequently switches the request method to `POST`.
+
+A more robust approach would be:
+1. Strip trailing whitespace/newlines from the end of the request file **before** determining if a body exists.
+2. Only treat the request as having a body if there is **non-whitespace content** after the header-empty-line.
+3. Always preserve the HTTP method explicitly stated in the request line.
+
+---
+
+## 影响范围 / Impact
+
+This bug affects automated workflows and third-party tools (e.g., Burp Suite extensions, custom scripts) that generate HTTP request files for SQLMap. It is common for text editors, logging tools, or programmatic file writers to append trailing newlines, making this issue easy to trigger unintentionally.
+
+---
+
+## 建议修复 / Suggested Fix
+
+In the request file parsing logic (likely within `lib/request/connect.py` or similar), consider stripping trailing newlines before deciding whether a body is present:
+
+```python
+# Pseudo-code suggestion
+raw_request = read_file(request_file)
+# Split headers and body at the first empty line
+header_part, _, body_part = raw_request.partition('\r\n\r\n')
+# Strip trailing whitespace from the body before evaluation
+body_part = body_part.rstrip('\r\n')
+if not body_part:
+    # No actual body content; preserve the original method
+    has_body = False
+else:
+    has_body = True
+```
+
+Alternatively, ensure that the HTTP method from the request line is never overridden unless explicitly requested by the user (e.g., via `--method`).
+
+---
+
+## 附件 / Attachments
+
+- `requests.txt` — Minimal reproducible request file (see "Steps to Reproduce" above)
+
+---
+
+## 备注 / Additional Notes
+
+This issue was discovered while integrating SQLMap with the [SQLMap WebUI](https://github.com/c0ny1/sqlmap-webui) project, where HTTP request files are generated programmatically. Trailing newlines occasionally occur during file generation, leading to unexpected POST behavior on what should be GET-based scans.
+
+Thank you for maintaining SQLMap!
+
+---

src/backEnd/config.py

@@ -4,4 +4,4 @@
 MAX_TASKS_COUNT_LOCK = threading.Lock()
 
 
-VERSION = "1.8.50"
+VERSION = "1.8.51"

src/burpEx/legacy-api/pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.sqlmapwebui</groupId>
     <artifactId>sqlmap-webui-burp-legacy</artifactId>
-    <version>1.8.50</version>
+    <version>1.8.51</version>
     <packaging>jar</packaging>
 
     <name>SQLMap WebUI Burp Extension (Legacy API)</name>

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BurpExtender.java

@@ -50,7 +50,7 @@ public class BurpExtender implements IBurpExtender, IContextMenuFactory, ITab {
     private SqlmapUITab uiTab;
 
     private static final String EXTENSION_NAME = "SQLMap WebUI";
-    private static final String EXTENSION_VERSION = "1.8.50";
+    private static final String EXTENSION_VERSION = "1.8.51";
 
     /**
      * 过滤结果类 - 存储过滤后的纯文本请求和过滤统计
@@ -585,6 +585,12 @@ private void handleExecuteSqlMap(IHttpRequestResponse message) {
     /**
      * 从IHttpRequestResponse构建HTTP请求字符串
      */
+    /**
+     * 构建HTTP请求内容字符串
+     * 
+     * 防御性修复：去除尾部多余空行，避免SQLMap -r模式误将GET识别为POST
+     * (SQLMap在请求文件末尾存在多余空行时会错误推断存在body并切换为POST方法)
+     */
     private String buildHttpRequest(IHttpRequestResponse message) {
         StringBuilder request = new StringBuilder();
 
@@ -619,7 +625,16 @@ private String buildHttpRequest(IHttpRequestResponse message) {
             request.append(bodyStr);
         }
 
-        return request.toString();
+        // 去除尾部多余换行符，确保SQLMap -r模式正确识别请求方法
+        String result = request.toString();
+        while (result.endsWith("\r\n\r\n")) {
+            result = result.substring(0, result.length() - 2);
+        }
+        while (result.endsWith("\n\n")) {
+            result = result.substring(0, result.length() - 1);
+        }
+        
+        return result;
     }
 
     /**

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/dialogs/AboutDialog.java

@@ -11,7 +11,7 @@
  */
 public class AboutDialog extends JDialog {
 
-    private static final String VERSION = "1.8.50";
+    private static final String VERSION = "1.8.51";
 
     // 帮助内容HTML模板 - 使用模块化组织
     private static final String HELP_CONTENT_HTML = "<html><head><style>" +

src/burpEx/montoya-api/pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.sqlmapwebui</groupId>
     <artifactId>sqlmap-webui-burp-montoya</artifactId>
-    <version>1.8.50</version>
+    <version>1.8.51</version>
     <packaging>jar</packaging>
 
     <name>SQLMap WebUI Burp Extension (Montoya API)</name>

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/SqlmapContextMenuProvider.java

@@ -568,6 +568,9 @@ private void handleExecuteSqlmap(List<HttpRequestResponse> messages) {
 
     /**
      * 构建HTTP请求内容字符串
+     * 
+     * 防御性修复：去除尾部多余空行，避免SQLMap -r模式误将GET识别为POST
+     * (SQLMap在请求文件末尾存在多余空行时会错误推断存在body并切换为POST方法)
      */
     private String buildHttpRequestContent(HttpRequest request) {
         StringBuilder sb = new StringBuilder();
@@ -591,6 +594,15 @@ private String buildHttpRequestContent(HttpRequest request) {
             sb.append(body);
         }
 
-        return sb.toString();
+        // 去除尾部多余换行符，确保SQLMap -r模式正确识别请求方法
+        String result = sb.toString();
+        while (result.endsWith("\r\n\r\n")) {
+            result = result.substring(0, result.length() - 2);
+        }
+        while (result.endsWith("\n\n")) {
+            result = result.substring(0, result.length() - 1);
+        }
+        
+        return result;
     }
 }

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/SqlmapWebUIExtension.java

@@ -19,7 +19,7 @@
 public class SqlmapWebUIExtension implements BurpExtension {
 
     private static final String EXTENSION_NAME = "SQLMap WebUI";
-    private static final String EXTENSION_VERSION = "1.8.50";
+    private static final String EXTENSION_VERSION = "1.8.51";
 
     private MontoyaApi api;
     private ConfigManager configManager;