Note: This document is the standalone changelog for SQLMap Web UI. All version updates are maintained here.
Documentation
- Fixed docs and scripts in
doc/encrypted_paramsdirectory, aligning all content toprocess_script_demo.pyas the authoritative reference preprocess_script.py: renamed outer field todata, aligned logic to coupon interface (direct Base64 encode/decode on field value)tamper_script.py: renamed inner parameter tocoupon_code, aligned endpoint to/api/coupon/queryREADME.md/CAUTIONS.md/USAGE_SCENARIOS.md: fully aligned field names, endpoints, and code examples
Fixes (CI/CD)
- Fixed GitHub Actions release issue where
softprops/action-gh-releasereused existing releases, causing release notes not to update - Added pre-release deletion of existing releases to ensure fresh release_notes.md is used each time
Documentation
- Split changelog from README into standalone CHANGELOG.md and CHANGELOG_EN.md files
- Updated AGENTS.md and CLAUDE.md developer guides
- Added tmp/ directory to .gitignore
New Features (VulnShop Lab)
- Added coupon system with Base64 encoded parameter SQL injection testing scenarios
- Added member center popup with membership level query, points query, and purchase history
- Added review center popup for product review management and submission
- Added coupon query, search, and category filtering features
Fixes (VulnShop Lab)
- Fixed sidebar menu item duplication issue
- Fixed review center click navigation error
Refactoring (Burp Plugin)
- Reorganized Burp plugin architecture with layered structure:
api/- API clients (ApiClient, SqlmapApiClient)config/- Configuration management (ScanConfig, PresetConfig, etc.)core/- Extension entry points (BurpExtender, SqlmapWebUIExtension)model/- Data models (TitleRule, RegexSource, etc.)service/- Business services (BinaryContentDetector, RequestDeduplicator)ui/- User interfacecomponent/- Reusable componentsdialog/- Dialog windowspanel/- Configuration panelstab/- Main tabs
util/- Utilities (CommandExecutor, SqlCommandBuilder, etc.)
- Both Legacy API and Montoya API plugins follow the same structure
- Pure code reorganization, no functional changes, improved maintainability
Fixes (Burp Plugin & Backend)
- Fixed SQLMap
-rmode incorrectly treating GET as POST due to trailing newlines in HTTP request files generated by Burp plugins and backend task engine - Added defensive trailing newline cleanup logic in Montoya API, Legacy API plugins, and backend Task engine
Fixes (Burp Plugin)
- Fixed SQLMap
-rmode incorrectly treating GET as POST due to trailing newlines in HTTP request files generated by Burp plugins - Added defensive trailing newline cleanup logic in both Montoya API and Legacy API plugins
New Features (VulnShop Lab)
- Added nested encrypted parameter SQL injection testing scenarios
- Added 5 encrypted parameter test endpoints (user query, product search, order query, debug encode/decode)
- Support for Base64 encoded nested JSON parameter injection testing
- Complete Tamper and Preprocess script examples provided
- Detailed documentation and testing scenario descriptions included
Documentation
- Added
doc/encrypted_params/directory containing:- README.md - Usage tutorial
- USAGE_SCENARIOS.md - Various use cases
- CAUTIONS.md - Important notes
- tamper_script.py - Tamper script
- preprocess_script.py - Preprocess script
Documentation
- Comprehensive update of project documentation to reflect latest features
- Updated README version numbers and changelogs in both Chinese and English
- Updated user guide with Burp plugin command execution configuration details
- Updated frontend About page version number
- Updated Burp plugin help documentation
Fixes (CI/CD)
- Fixed GitHub Actions build Burp Legacy plugin
maven-clean-plugin:3.2.0download 403 Forbidden error - Explicitly declared
maven-clean-plugin:3.4.0in both Burp plugin pom.xml files
New Features (Burp Plugin)
- Added command execution configuration, support direct SQLMap scan execution in terminal
- Added terminal window title rule configuration, support custom title extraction rules
- Added command preview dialog, real-time preview of generated SQLMap commands
- Added configuration import/export functionality for easy backup and sharing
Fixes (Scan Tasks)
- Fixed proxy connection timeout issue when submitting scans via Burp plugin
- Root cause:
apply_header_rules()wrote all request headers to sqlmap config file'sheadersoption, conflicting with request file (-r) headers - Now headers are only passed through request file, consistent with command line execution behavior
Fixes (Scan Tasks)
- Fixed XML body truncation issue (Windows line endings causing Content-Length mismatch)
- Removed Content-Length header, allowing sqlmap to auto-calculate based on actual body
- Use binary mode to write request files, avoiding Windows automatic line ending conversion
- Normalized body line endings to standard HTTP line endings
Improvements (Burp Plugin)
- Replaced manual JSON string concatenation with Gson/PayloadBuilder
- Eliminated risks of incomplete escaping for special characters (e.g., XML content)
New Features (VulnShop Lab)
- Added logistics management module, support order shipping and tracking
- Added shipping_handlers for logistics-related requests
- Updated database structure, added logistics information table
- Updated frontend interface, added logistics management page and styles
Fixes
- Fixed task_monitor.py related issues
- Removed deprecated req.txt file
New Features (Burp Plugin)
- Added command execution configuration, support custom SQLMap command execution methods
- Added command execution configuration panel with visual configuration interface
- Added command execution help dialog with detailed configuration instructions
- Added request title extraction, support extracting custom titles from requests
- Added title rule management, support creating, editing, deleting title extraction rules
- Added title rule test dialog, support real-time testing of rule effects
- Added command preview dialog, support previewing generated SQLMap commands
- Added direct execution configuration panel, support one-click scan execution
Refactoring (Burp Plugin)
- Removed deprecated clipboard configuration panel, replaced with more flexible command execution configuration
- Refactored command executor to support configurable command execution
- Refactored SQL command builder to enhance command building capabilities
- Refactored title extractor to support multiple title source types and regex matching
Improvements (Burp Plugin)
- Optimized context menu integration, providing richer scan options
- Improved configuration manager to support more configuration types
- Optimized preset configuration database to support title rule storage
Documentation
- Fully refactored frontend help page with modular design (8 components, <700 lines per file)
- Added complete bilingual user guide (Chinese/English)
- Updated Burp Suite plugin help documentation
- Optimized README document structure and navigation links
New Features
- VulnShop frontend page visual design fully improved
- Added system log viewer function, supporting Application/Access/Error log switching
- Log viewer supports custom display line count (50/100/200/500 lines)
Fixes
- Fixed "View Logs" function not responding when clicked
- Optimized log display interface and interaction experience
Fixes
- Fixed scanPresetService return value unpacking issue
New Features
- History config table added sorting function (support sorting by ID, command line params, last used time, usage count)
- History config table added pagination function (support selecting items per page)
- History config cards display ID identifier
Fixes
- Burp plugin auto-refreshes history config table after task creation
New Features
- Burp plugin auto-saves to history config after creating tasks
Improvements
- Improved history config deduplication logic, only updates usage time when same name and params
Fixes
- Fixed frontend build failure caused by TypeScript unused variable warnings (TS6133)
Refactoring
- GuidedParamEditor component refactored to modular architecture
- CustomModePanel optimized, added scanOptionsConverter utility
New Features
- Command line preview component adopts GitHub Dark theme style, added terminal window style
Improvements
- Burp plugins (Montoya & Legacy) version synchronized to 1.8.33
Fixes
- Fixed randomAgent parameter not taking effect
New Features
- Added tick marks to auto-refresh interval slider in config page (major ticks every 5 minutes, minor ticks every 1 minute)
Fixes
- Fixed dark theme adaptation issue for config trigger bar in AddTask page
Fixes
- Fixed HTTP Host header non-default port being incorrectly removed
Refactoring
- AddTask page split into modular components (ConfigTriggerBar, CustomModePanel, PresetModePanel, etc.)
New Features
- Support parsing all SQLMap command line parameters (215 params)
- Frontend refactored to PrimeVue 4 clean theme
- Session Header management component modularized
Improvements
- Optimized frontend styles and component layouts
- Unified homepage and config page background panel width
- Fixed task list dropdown text truncation issue
Fixes
- Fixed white background issues on multiple pages in dark mode
- Fixed Burp plugin parameter parsing and backend parameter display issues
- Fixed Burp plugin JSON requests being misjudged as binary
New Features
- Added file sync script supporting dual API architecture
- Added architecture documentation explaining dual API design
Fixes
- Fixed guided parameter editor parameter display and loading issues
- Fixed TypeScript type errors and SCSS variables
Fixes
- Fixed cURL (Windows CMD) parsing not removing escape character
^before Chinese characters - Fixed HTTP message editor long lines stretching container, added soft wrap support
Fixes
- Fixed Burp plugin (Legacy/Montoya) Chinese garbled text, forced UTF-8 encoding for HTTP requests
Fixes
- Fixed task log area unable to scroll to display all logs
Fixes
- Fixed Burp plugin right-click menu scan config source selection not taking effect
Fixes
- Fixed session Header and Body field configuration not taking effect
Fixes
- URL parsing excludes port from host field for cross-platform consistency
Improvements
- Optimized homepage statistic card sizes
New Features
- Added session Body field dynamic replacement function
- VulnShop lab added logging system
- VulnShop lab modular refactoring and security enhancement
Improvements
- Improved VulnShop lab robustness, prevents crashes during SQLMap scanning
- Adjusted task list empty data area height
- API prefix renamed (/chrome/admin → /web/admin)
New Features
- Added backend service startup scripts (Windows/Linux/macOS)
- Support automatic creation and reuse of virtual environments
- Support configuring PyPI mirrors (Tsinghua/Aliyun/USTC, etc.)
- Support intranet private mirror configuration
- Support fully offline environment deployment
- Added WebSocket real-time notification mechanism, backend can actively push task status changes
- Added confirmation dialogs for delete and stop operations on task list page
Improvements
- Optimized task operation thread safety, moved sync lock operations to thread pool to avoid blocking event loop
- Optimized scan config preset selection UI
- Improved submit button disabled logic and prompt messages
- Python minimum version requirement adjusted to 3.10+
Fixes
- Solved Windows/Linux command line Chinese garbled text issues
- Fixed refresh interval API response data structure handling error
- Added backend service disclaimer document
- Added project Logo design (shield + injection needle concept)
- Web: Updated favicon, status bar, about page Logo
- BurpSuite plugin: Added help/about dialog (includes usage help, open source license, disclaimer)
- BurpSuite plugin: About page uses Java2D to draw custom Logo
- Fixed PrimeVue 4 component deprecation warnings (TabView → Tabs)
- Fixed BurpSuite plugin JLabel HTML rendering issues
- Updated project documentation adding Logo display
- Updated all project documents to reflect latest features
- Improved AGENTS.md and CLAUDE.md AI programming guides
- Optimized user usage guide documentation
- Added scan config preset management (default/preset/history configs)
- Added guided parameter editor
- Added HTTP request parser (supports cURL/PowerShell/fetch/raw HTTP)
- Added code editor component (line numbers, syntax highlighting, search)
- Frontend code modular refactoring
- Fixed fetch parser escaped quote handling issues
- Added header rules scope configuration function
- Added session-level header management
- Added batch header rules import function
- Added summary statistics row to task list
- Enhanced task filters (date range, injection status)
- Optimized smart polling strategy
- Updated project documentation
- Updated project documentation
- Improved Burp Suite plugin integration
- Fixed backend configuration issues
- Added VulnShop SQL injection testing lab
- Support 8 types of SQL injection vulnerabilities
- Modern UI with light/dark theme
- Complete shopping flow simulation
- 3 difficulty levels and WAF protection