fix: 修复randomAgent参数不生效的问题

- 修复Task初始化时过早调用apply_header_rules()导致randomAgent参数未生效的问题
- 在apply_header_rules()中正确处理randomAgent参数，移除原始User-Agent头
- 在_build_raw_http_request()中跳过原始User-Agent头
- 确保SQLMap能正确添加随机User-Agent

Author: lanshuizhiyue

src/backEnd/doc/sqlmap_cmd_help_doc.txt

@@ -1,7 +1,7 @@
         ___
        __H__
- ___ ___[']_____ ___ ___  {1.9.11.3#dev}
-|_ -| . [)]     | .'| . |
+ ___ ___["]_____ ___ ___  {1.9.11.3#dev}
+|_ -| . [,]     | .'| . |
 |___|_  [']_|_|_|__,|  _|
       |_|V...       |_|   https://sqlmap.org
 

src/backEnd/model/Task.py

@@ -70,8 +70,9 @@ def __init__(self, taskid, remote_addr, scanUrl, host, method, headers, body):
 
         logger.debug(f"[{self.taskid}] Task initialized with {len(self.headers) if self.headers else 0} headers")
 
-        # 在任务创建时就处理请求头，确保请求头规则立即生效
-        self.apply_header_rules()
+        # 注意：不在这里调用 apply_header_rules()
+        # 因为此时 randomAgent 等参数还未设置
+        # apply_header_rules() 会在 engine_start() 中被调用
 
         logger.debug(f"[{self.taskid}] Task initialization completed")
 
@@ -161,13 +162,26 @@ def apply_header_rules(self):
             # 更新请求头
             if processed_headers != self.headers:
                 self.headers = processed_headers
-                # 将处理后的请求头设置到SQLMap配置中
-                # SQLMap期望headers是一个换行符分隔的字符串
-                self.options.headers = "\n".join(processed_headers)
+                
+            # 如果启用了randomAgent，从headers中移除User-Agent
+            # 这样SQLMap的_setHTTPUserAgent()会添加随机UA
+            logger.debug(f"[{self.taskid}] Checking randomAgent: {self.options.randomAgent}")
+            if self.options.randomAgent:
+                original_count = len(self.headers)
+                self.headers = [h for h in self.headers 
+                               if not h.lower().startswith("user-agent:")]
+                if len(self.headers) < original_count:
+                    logger.info(f"[{self.taskid}] Removed User-Agent from headers due to randomAgent=True")
+                else:
+                    logger.debug(f"[{self.taskid}] No User-Agent header found to remove")
+            
+            # 将请求头设置到SQLMap配置中
+            # SQLMap期望headers是一个换行符分隔的字符串
+            self.options.headers = "\n".join(self.headers)
+            
+            if applied_rules:
                 logger.info(f"[{self.taskid}] Applied {len(applied_rules)} header rules: {', '.join(applied_rules)}")
-                logger.debug(f"[{self.taskid}] Set headers option for SQLMap: {self.options.headers}")
-            else:
-                logger.debug(f"[{self.taskid}] No header changes applied")
+            logger.debug(f"[{self.taskid}] Set headers option for SQLMap: {self.options.headers}")
 
             # 标记请求头规则已应用
             self._header_rules_applied = True
@@ -284,6 +298,11 @@ def _build_raw_http_request(self):
         if self.headers:
             for header in self.headers:
                 if header and ":" in header:
+                    # 如果启用了randomAgent，跳过原始User-Agent头
+                    # 让SQLMap的_setHTTPUserAgent()添加随机UA
+                    if self.options.randomAgent and header.lower().startswith("user-agent:"):
+                        logger.debug(f"[{self.taskid}] Skipping original User-Agent header due to randomAgent=True")
+                        continue
                     headers_list.append(header)
 
         # 确保Host头存在

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/ScanConfig.java

@@ -1140,7 +1140,7 @@ public Map<String, Object> toOptionsMap() {
         // Enumeration Extended
         if (getAll) options.put("getAll", true);
         if (getHostname) options.put("getHostname", true);
-        if (getPasswords) options.put("getPasswords", true);
+        if (getPasswords) options.put("getPasswordHashes", true);
         if (getPrivileges) options.put("getPrivileges", true);
         if (getRoles) options.put("getRoles", true);
         if (getSchema) options.put("getSchema", true);

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/ScanConfig.java

@@ -1140,7 +1140,7 @@ public Map<String, Object> toOptionsMap() {
         // Enumeration Extended
         if (getAll) options.put("getAll", true);
         if (getHostname) options.put("getHostname", true);
-        if (getPasswords) options.put("getPasswords", true);
+        if (getPasswords) options.put("getPasswordHashes", true);
         if (getPrivileges) options.put("getPrivileges", true);
         if (getRoles) options.put("getRoles", true);
         if (getSchema) options.put("getSchema", true);

src/frontEnd/src/utils/paramDefinitions.ts

@@ -97,27 +97,56 @@ export const PARAM_DEFINITIONS: ParamDefinition[] = [
   { key: 'threads', name: 'threads', cliName: '--threads', description: '并发线程数', category: 'optimization', type: 'integer', defaultValue: 1, min: 1, max: 10 },
 
   // Enumeration 枚举
+  { key: 'getAll', name: 'all', cliName: '--all', description: '枚举所有信息', category: 'enumeration', type: 'boolean' },
   { key: 'getBanner', name: 'banner', cliName: '--banner', description: '获取DBMS Banner', category: 'enumeration', type: 'boolean' },
   { key: 'getCurrentUser', name: 'current-user', cliName: '--current-user', description: '获取当前用户', category: 'enumeration', type: 'boolean' },
   { key: 'getCurrentDb', name: 'current-db', cliName: '--current-db', description: '获取当前数据库', category: 'enumeration', type: 'boolean' },
+  { key: 'getHostname', name: 'hostname', cliName: '--hostname', description: '获取主机名', category: 'enumeration', type: 'boolean' },
   { key: 'isDba', name: 'is-dba', cliName: '--is-dba', description: '检测是否为DBA', category: 'enumeration', type: 'boolean' },
   { key: 'getUsers', name: 'users', cliName: '--users', description: '枚举用户', category: 'enumeration', type: 'boolean' },
+  { key: 'getPasswordHashes', name: 'passwords', cliName: '--passwords', description: '获取密码哈希', category: 'enumeration', type: 'boolean' },
+  { key: 'getPrivileges', name: 'privileges', cliName: '--privileges', description: '获取权限', category: 'enumeration', type: 'boolean' },
+  { key: 'getRoles', name: 'roles', cliName: '--roles', description: '获取角色', category: 'enumeration', type: 'boolean' },
   { key: 'getDbs', name: 'dbs', cliName: '--dbs', description: '枚举数据库', category: 'enumeration', type: 'boolean' },
   { key: 'getTables', name: 'tables', cliName: '--tables', description: '枚举表', category: 'enumeration', type: 'boolean' },
   { key: 'getColumns', name: 'columns', cliName: '--columns', description: '枚举列', category: 'enumeration', type: 'boolean' },
+  { key: 'getSchema', name: 'schema', cliName: '--schema', description: '获取Schema', category: 'enumeration', type: 'boolean' },
+  { key: 'getCount', name: 'count', cliName: '--count', description: '获取记录数', category: 'enumeration', type: 'boolean' },
+  { key: 'getComments', name: 'comments', cliName: '--comments', description: '获取注释', category: 'enumeration', type: 'boolean' },
+  { key: 'getStatements', name: 'statements', cliName: '--statements', description: '获取SQL语句', category: 'enumeration', type: 'boolean' },
   { key: 'dumpTable', name: 'dump', cliName: '--dump', description: '导出数据', category: 'enumeration', type: 'boolean' },
   { key: 'dumpAll', name: 'dump-all', cliName: '--dump-all', description: '导出所有数据', category: 'enumeration', type: 'boolean' },
+  { key: 'dumpWhere', name: 'where', cliName: '--where', description: 'dump条件', category: 'enumeration', type: 'string' },
+  { key: 'limitStart', name: 'start', cliName: '--start', description: '起始行', category: 'enumeration', type: 'integer', min: 0 },
+  { key: 'limitStop', name: 'stop', cliName: '--stop', description: '结束行', category: 'enumeration', type: 'integer', min: 0 },
+  { key: 'firstChar', name: 'first', cliName: '--first', description: '起始字符位', category: 'enumeration', type: 'integer', min: 0 },
+  { key: 'lastChar', name: 'last', cliName: '--last', description: '结束字符位', category: 'enumeration', type: 'integer', min: 0 },
   { key: 'db', name: 'database', cliName: '-D', description: '指定数据库', category: 'enumeration', type: 'string' },
   { key: 'tbl', name: 'table', cliName: '-T', description: '指定表', category: 'enumeration', type: 'string' },
   { key: 'col', name: 'column', cliName: '-C', description: '指定列', category: 'enumeration', type: 'string' },
-  
+  { key: 'extensiveFp', name: 'fingerprint', cliName: '--fingerprint', description: '深度指纹识别', category: 'enumeration', type: 'boolean' },
+
+  // Techniques 扩展
+  { key: 'uCols', name: 'union-cols', cliName: '--union-cols', description: 'UNION列数范围', category: 'techniques', type: 'string' },
+  { key: 'uChar', name: 'union-char', cliName: '--union-char', description: 'UNION填充字符', category: 'techniques', type: 'string' },
+  { key: 'uFrom', name: 'union-from', cliName: '--union-from', description: 'UNION FROM表', category: 'techniques', type: 'string' },
+  { key: 'uValues', name: 'union-values', cliName: '--union-values', description: 'UNION填充值', category: 'techniques', type: 'string' },
+
   // General 通用
+  { key: 'requestFile', name: 'request file', cliName: '-r', description: 'HTTP请求文件', category: 'general', type: 'string' },
+  { key: 'sessionFile', name: 'session file', cliName: '-s', description: '会话文件', category: 'general', type: 'string' },
+  { key: 'trafficFile', name: 'traffic file', cliName: '-t', description: '流量日志文件', category: 'general', type: 'string' },
   { key: 'batch', name: 'batch', cliName: '--batch', description: '批处理模式(不提问)', category: 'general', type: 'boolean', defaultValue: true },
   { key: 'forms', name: 'forms', cliName: '--forms', description: '解析并测试表单', category: 'general', type: 'boolean' },
   { key: 'crawlDepth', name: 'crawl', cliName: '--crawl', description: '爬取深度', category: 'general', type: 'integer', min: 0, max: 10 },
   { key: 'flushSession', name: 'flush-session', cliName: '--flush-session', description: '刷新会话文件', category: 'general', type: 'boolean' },
   { key: 'freshQueries', name: 'fresh-queries', cliName: '--fresh-queries', description: '忽略会话缓存', category: 'general', type: 'boolean' },
-  { key: 'verbose', name: 'verbose', cliName: '-v', description: '详细级别 (0-6)', category: 'general', type: 'integer', defaultValue: 1, min: 0, max: 6 }
+  { key: 'verbose', name: 'verbose', cliName: '-v', description: '详细级别 (0-6)', category: 'general', type: 'integer', defaultValue: 1, min: 0, max: 6 },
+  { key: 'answers', name: 'answers', cliName: '--answers', description: '预定义答案', category: 'general', type: 'string' },
+  { key: 'rParam', name: 'randomize', cliName: '--randomize', description: '随机化参数值', category: 'general', type: 'string' },
+  { key: 'evalCode', name: 'eval', cliName: '--eval', description: '执行Python代码', category: 'general', type: 'string' },
+  { key: 'shLib', name: 'shared-lib', cliName: '--shared-lib', description: '共享库路径', category: 'general', type: 'string' },
+  { key: 'regVal', name: 'reg-value', cliName: '--reg-value', description: '注册表值', category: 'general', type: 'string' },
 ]
 
 // 根据key获取参数定义
@@ -129,3 +158,58 @@ export function getParamDefinition(key: string): ParamDefinition | undefined {
 export function getParamByCliName(cliName: string): ParamDefinition | undefined {
   return PARAM_DEFINITIONS.find(p => p.cliName === cliName)
 }
+
+// 驼峰转连字符（后备方案，用于映射表中未定义的参数）
+export function camelToKebab(str: string): string {
+  return str.replace(/([A-Z])/g, '-$1').toLowerCase().replace(/^-/, '')
+}
+
+// 创建 key→cliName 映射表（缓存用，避免每次遍历数组）
+let _paramKeyToCliNameMap: Map<string, string> | null = null
+export function getParamKeyToCliNameMap(): Map<string, string> {
+  if (!_paramKeyToCliNameMap) {
+    _paramKeyToCliNameMap = new Map<string, string>()
+    for (const param of PARAM_DEFINITIONS) {
+      _paramKeyToCliNameMap.set(param.key, param.cliName)
+    }
+  }
+  return _paramKeyToCliNameMap
+}
+
+// 转换单个参数为命令行格式
+export function convertOptionToCliArg(key: string, value: any): string | null {
+  if (value === false || value === null || value === undefined || value === '') {
+    return null
+  }
+
+  const map = getParamKeyToCliNameMap()
+  // 优先使用映射表中的 cliName
+  let cliName = map.get(key)
+  if (!cliName) {
+    // 后备: 驼峰转连字符
+    cliName = '--' + camelToKebab(key)
+  }
+
+  if (value === true) {
+    return cliName
+  }
+
+  const formatted = formatCliValue(value)
+  // 短选项（如 -v, -D 等）用空格分隔值
+  if (/^-[a-zA-Z]$/.test(cliName)) {
+    return `${cliName} ${formatted}`
+  }
+  return `${cliName}=${formatted}`
+}
+
+// 格式化命令行参数值
+function formatCliValue(value: any): string {
+  if (Array.isArray(value)) {
+    return value.join(',')
+  }
+  const str = String(value)
+  if (/[\s,;|&"']/.test(str)) {
+    return `"${str.replace(/"/g, '\\"')}"`
+  }
+  return str
+}

src/frontEnd/src/views/TaskDetail/components/TaskOptions.vue

@@ -84,6 +84,7 @@ import DataTable from 'primevue/datatable'
 import Column from 'primevue/column'
 import Tag from 'primevue/tag'
 import CommandLinePreview from '@/components/CommandLinePreview.vue'
+import { getParamDefinition, convertOptionToCliArg, camelToKebab } from '@/utils/paramDefinitions'
 
 interface Props {
   task: Task | null
@@ -102,11 +103,14 @@ const viewOptions = [
 
 const optionsList = computed(() => {
   if (!props.task?.options) return []
-  return Object.entries(props.task.options).map(([name, value]) => ({
-    name,
-    value,
-    description: getOptionDescription(name)
-  }))
+  return Object.entries(props.task.options).map(([name, value]) => {
+    const paramDef = getParamDefinition(name)
+    return {
+      name: paramDef?.cliName || ('--' + camelToKebab(name)),
+      value,
+      description: paramDef?.description || getOptionDescription(name)
+    }
+  })
 })
 
 const filteredOptions = computed(() => {
@@ -119,16 +123,17 @@ const filteredOptions = computed(() => {
 })
 
 const commandLine = computed(() => {
-  if (!props.task?.options) return 'sqlmap'
-  
-  const args = Object.entries(props.task.options)
-    .filter(([_, value]) => value !== false && value !== undefined && value !== null)
-    .map(([key, value]) => {
-      if (value === true) return `--${key}`
-      return `--${key}=${value}`
-    })
-  
-  return `sqlmap ${args.join(' ')}`
+  if (!props.task?.options) return 'python sqlmap.py'
+
+  const args: string[] = []
+  for (const [key, value] of Object.entries(props.task.options)) {
+    const arg = convertOptionToCliArg(key, value)
+    if (arg) {
+      args.push(arg)
+    }
+  }
+
+  return `python sqlmap.py ${args.join(' ')}`
 })
 
 function getOptionDescription(name: string): string {