Description

Raw HTTP requets exported from BurpSuite (which _parseBurpLog parses them) don't contain any information about the connection (protocol,host,port).

sqlmap parses the Host header value to get this information. What if the Host header does not exist?

Also, there are some cases (e.g.: WAF evasion,SSRF exploitation) which the connection address may differ from the Host header value.

Steps to reproduce

Connection address for the target server is www.example.com:80

Request to test for SQL injection on www.example.com:80, Host header value is set to localhost in order to bypass the WAF protection:

GET /path?param=1%INJECT_HERE% HTTP/1.1
Host: localhost
Connection: close

sqlmap command: sqlmap -r request.txt -v 4

As there is no way to specify the connection address, sqlmap parses the Host header value to get the connection address, which wrongly results in localhost:80:

[DEBUG] resolving hostname 'localhost'
[INFO] testing connection to the target URL
[TRAFFIC OUT] HTTP request [#1]:
GET /path?param=1 HTTP/1.1
Host: localhost
Connection: close

[CRITICAL] unable to connect to the target URL ('Connection refused'). sqlmap is going to retry the request(s)

Expected behavior

There should be command-line arguments to provide the connection address (host and port number) just like --force-ssl which specifies the connection protocol (http or https) when the provided input is a raw HTTP request exported from BurpSuite (or other similar request formats).
(e.g.: --connent-host www.example.com --connect-port 8443 --force-ssl)

Running environment:

• sqlmap version: 1.5.2#pip
• Installation method: pip
• Operating system: Ubuntu 18.04
• Python version: 3.8.5