Add support for run based on HTTP capture

atiilla · atiilla · commit 7d2ef7c71318 · 2025-08-25T00:38:24.000+02:00
diff --git a/README.md b/README.md
@@ -104,6 +104,60 @@ sqlmap-ai -u "http://example.com/page.php?id=1"
 sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider groq
 ```
 
+### HTTP Request File Testing (NEW!)
+
+```bash
+# Test using HTTP request capture file
+sqlmap-ai -r request.txt
+
+# Enhanced mode with request file and adaptive testing
+sqlmap-ai --enhanced --adaptive -r request.txt
+
+# With specific AI provider
+sqlmap-ai --enhanced -r request.txt --ai-provider groq
+
+# Simple mode with request file
+sqlmap-ai --simple -r request.txt
+```
+
+**Request File Format:**
+```http
+POST /login.php HTTP/1.1
+Host: example.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 38
+
+username=admin&password=test
+```
+
+**Creating Request Files:**
+
+1. **From Browser Developer Tools:**
+   - Open Developer Tools (F12)
+   - Go to Network tab
+   - Perform the action you want to test
+   - Right-click the request → Copy → Copy as cURL
+   - Convert cURL to HTTP format
+
+2. **From Burp Suite:**
+   - Intercept the request
+   - Right-click → Save item
+   - Save as .txt file
+
+3. **From OWASP ZAP:**
+   - Right-click request → Export → HTTP Message
+   - Save as .txt file
+
+**Supported Request Types:**
+ - [x] GET requests with parameters
+ - [x] POST requests with form data
+ - [x] POST requests with JSON data
+ - [x] Requests with cookies
+ - [x] Requests with custom headers
+ - [x] Multipart form data
+
 ### Advanced Testing
 
 ```bash
@@ -112,6 +166,9 @@ sqlmap-ai --adaptive
 
 # Simple mode (basic SQLMap without AI)
 sqlmap-ai --simple -u "http://example.com/page.php?id=1"
+
+# Enhanced mode with custom options
+sqlmap-ai --enhanced -u "http://example.com/page.php?id=1" --level 3 --risk 2
 ```
 
 ### AI Provider Selection
@@ -130,6 +187,90 @@ sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider openai
 sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider auto
 ```
 
+### Complete Testing Workflow
+
+```bash
+# 1. Basic scan with URL
+sqlmap-ai -u "http://example.com/page.php?id=1"
+
+# 2. Enhanced scan with request file
+sqlmap-ai --enhanced --adaptive -r captured_request.txt
+
+# 3. Advanced scan with custom options
+sqlmap-ai --enhanced -r request.txt --level 4 --risk 3 --threads 10
+
+# 4. Simple mode for quick testing
+sqlmap-ai --simple -r request.txt --batch
+```
+
+## Testing Modes
+
+### Enhanced Mode (Default)
+Full AI-powered testing with advanced features:
+
+```bash
+# Basic enhanced scan
+sqlmap-ai --enhanced -u "http://example.com/page.php?id=1"
+
+# With request file
+sqlmap-ai --enhanced -r request.txt
+
+# Adaptive testing with AI analysis
+sqlmap-ai --enhanced --adaptive -r request.txt --ai-provider groq
+```
+
+**Features:**
+- AI-powered vulnerability analysis
+- Adaptive testing strategies
+- WAF evasion techniques
+- Beautiful HTML reports
+- Risk assessment and remediation guidance
+- Interactive CLI with progress tracking
+- Multiple AI providers (Groq, OpenAI, Anthropic, Ollama)
+- Advanced configuration management
+- Request file support (NEW!)
+
+### Simple Mode
+Basic SQL injection testing without AI features:
+
+```bash
+# Basic simple scan
+sqlmap-ai --simple -u "http://example.com/page.php?id=1"
+
+# With request file
+sqlmap-ai --simple -r request.txt
+
+# Quick batch mode
+sqlmap-ai --simple -r request.txt --batch
+```
+
+**Features:**
+- Basic SQL injection detection
+- Standard SQLMap functionality
+- Minimal dependencies
+- Fast execution
+- Request file support (NEW!)
+- Simple text output
+- Basic result saving
+
+### Adaptive Mode
+Intelligent step-by-step testing that adapts to the target:
+
+```bash
+# Full adaptive testing
+sqlmap-ai --enhanced --adaptive -r request.txt
+
+# With specific AI provider
+sqlmap-ai --enhanced --adaptive -r request.txt --ai-provider groq
+```
+
+**Adaptive Steps:**
+1. **🟢 Initial Assessment** - Check for SQL injection vulnerabilities
+2. **🟠 DBMS Identification** - Detect database type (MySQL, PostgreSQL, etc.)
+3. **🔴 Enhanced Testing** - Try more aggressive techniques
+4. **🟣 Data Extraction** - Extract valuable data from identified tables
+5. **🤖 AI Analysis** - Get AI recommendations for next steps
+
 ## AI Providers Comparison
 
 | Provider | Setup | Speed | Privacy | Cost |
@@ -203,6 +344,17 @@ ui:
 - Run `sqlmap-ai --config-wizard` to fix setup
 - Check `sqlmap-ai --validate-config` for issues
 
+**5. "Request file not working"**
+- Ensure request file has proper HTTP format
+- Check that Host header is present
+- Verify request file path is correct
+- Try with `--simple` mode first: `sqlmap-ai --simple -r request.txt`
+
+**6. "URL validation failed"**
+- When using request files, the URL is automatically extracted
+- Ensure request file contains valid HTTP request
+- Check that the Host header matches the target domain
+
 ### Getting Help
 
 ```bash
diff --git a/sqlmap_ai/main.py b/sqlmap_ai/main.py
@@ -24,6 +24,7 @@
 from sqlmap_ai.advanced_reporting import report_generator
 from sqlmap_ai.evasion_engine import evasion_engine
 from utils.ai_providers import ai_manager, get_available_ai_providers
+from typing import Optional
 def main():
     """Enhanced main function with improved CLI and security"""
     # Create enhanced CLI parser
@@ -45,15 +46,14 @@ def main():
             return
     
     # Check if we have a target
-    if not args.url and not args.request_file:
+    target_url = get_target_url_from_args(args)
+    if not target_url:
         if args.interactive:
             target_url = get_target_url()
         else:
             print_error("No target specified. Use -u/--url or -r/--request-file")
             print_info("Use --help for usage information")
             return
-    else:
-        target_url = args.url
     
     try:
         # Security validation
@@ -108,6 +108,10 @@ def build_sqlmap_options(args) -> list:
     
     config = get_config()
     
+    # Add request file if provided
+    if args.request_file:
+        options.extend(["-r", args.request_file])
+    
     # Add risk and level
     risk = args.risk or config.sqlmap.default_risk
     level = args.level or config.sqlmap.default_level
@@ -425,6 +429,55 @@ def confirm_additional_step():
         else:
             print("Please answer with 'y' or 'n'.")
 
+def extract_url_from_request_file(request_file_path: str) -> Optional[str]:
+    """Extract target URL from HTTP request file"""
+    try:
+        with open(request_file_path, 'r', encoding='utf-8') as f:
+            content = f.read().strip()
+        
+        # Parse the first line to get the request line
+        lines = content.split('\n')
+        if not lines:
+            return None
+        
+        # First line should be: METHOD /path HTTP/1.1
+        request_line = lines[0].strip()
+        parts = request_line.split()
+        if len(parts) < 2:
+            return None
+        
+        # Find Host header
+        host = None
+        for line in lines[1:]:
+            if line.lower().startswith('host:'):
+                host = line.split(':', 1)[1].strip()
+                break
+        
+        if not host:
+            return None
+        
+        # Determine protocol (default to http)
+        protocol = 'https' if 'https://' in content.lower() else 'http'
+        
+        # Construct URL
+        path = parts[1]
+        if not path.startswith('/'):
+            path = '/' + path
+        
+        return f"{protocol}://{host}{path}"
+        
+    except Exception as e:
+        print_warning(f"Failed to extract URL from request file: {e}")
+        return None
+
+def get_target_url_from_args(args) -> Optional[str]:
+    """Get target URL from either URL argument or request file"""
+    if args.url:
+        return args.url
+    elif args.request_file:
+        return extract_url_from_request_file(args.request_file)
+    return None
+
 def main_simple():
     """Simple mode - basic SQL injection testing without AI features"""
     print("🔧 SQLMap AI Simple Mode")
diff --git a/sqlmap_ai/runner.py b/sqlmap_ai/runner.py
@@ -414,8 +414,20 @@ def run_sqlmap(self, target_url: str, options: Union[List[str], str], timeout: i
         task_id = self._create_new_task()
         if not task_id:
             return None
+        
+        # Check if we're using a request file
+        using_request_file = False
+        if isinstance(options, list):
+            using_request_file = any(opt.startswith('-r') or opt.startswith('--request-file') for opt in options)
+        elif isinstance(options, str):
+            using_request_file = '-r' in options or '--request-file' in options
+            
+        # Build command string
+        if using_request_file:
+            command_str = "sqlmap"
+        else:
+            command_str = f"sqlmap -u {target_url}"
             
-        command_str = f"sqlmap -u {target_url}"
         if isinstance(options, list):
             command_str += " " + " ".join(options)
         else:
diff --git a/testphp.txt b/testphp.txt
@@ -0,0 +1,9 @@
+GET /product.php?pic=1 HTTP/1.1
+Host: testphp.vulnweb.com
+Accept-Language: en-US,en;q=0.9
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Referer: http://testphp.vulnweb.com/listproducts.php?cat=1
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
