sqlmap/lib/request/connect.py

382 lines
14 KiB
Python
Raw Normal View History

2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
2008-10-15 19:56:32 +04:00
$Id$
2008-10-15 19:38:22 +04:00
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
2008-10-15 19:38:22 +04:00
"""
import httplib
2008-10-15 19:38:22 +04:00
import re
import socket
import time
2008-10-15 19:38:22 +04:00
import urllib2
import urlparse
import traceback
2008-10-15 19:38:22 +04:00
from lib.contrib import multipartpost
from lib.core.agent import agent
from lib.core.common import readInput
2010-11-07 03:12:00 +03:00
from lib.core.common import getFilteredPageContent
2010-06-10 15:34:17 +04:00
from lib.core.common import getUnicode
2008-10-15 19:38:22 +04:00
from lib.core.convert import urlencode
2010-10-31 14:26:33 +03:00
from lib.core.common import urlEncodeCookieValues
2008-10-15 19:38:22 +04:00
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
2010-01-24 02:29:34 +03:00
from lib.core.common import sanitizeAsciiString
2008-10-15 19:38:22 +04:00
from lib.core.exception import sqlmapConnectionException
from lib.request.basic import decodePage
2008-10-15 19:38:22 +04:00
from lib.request.basic import forgeHeaders
from lib.request.basic import parseResponse
from lib.request.direct import direct
from lib.request.comparison import comparison
from lib.request.methodrequest import MethodRequest
2010-10-25 22:38:54 +04:00
from lib.utils.checkpayload import checkPayload
2008-10-15 19:38:22 +04:00
class Connect:
"""
This class defines methods used to perform HTTP requests
"""
@staticmethod
def __getPageProxy(**kwargs):
return Connect.getPage(**kwargs)
2008-10-15 19:38:22 +04:00
@staticmethod
def getPage(**kwargs):
"""
This method connects to the target url or proxy and returns
the target url page content
"""
if conf.delay is not None and isinstance(conf.delay, (int, float)) and conf.delay > 0:
time.sleep(conf.delay)
2010-05-21 16:18:43 +04:00
elif conf.cpuThrottle:
delay = 0.00001 * (conf.cpuThrottle ** 2)
time.sleep(delay)
2010-09-16 13:32:09 +04:00
url = kwargs.get('url', conf.url).replace(" ", "%20")
get = kwargs.get('get', None)
post = kwargs.get('post', None)
method = kwargs.get('method', None)
cookie = kwargs.get('cookie', None)
ua = kwargs.get('ua', None)
direct = kwargs.get('direct', False)
multipart = kwargs.get('multipart', False)
silent = kwargs.get('silent', False)
raise404 = kwargs.get('raise404', True)
auxHeaders = kwargs.get('auxHeaders', None)
2010-10-10 22:56:43 +04:00
response = kwargs.get('response', False)
2008-10-15 19:38:22 +04:00
page = ""
2008-10-15 19:38:22 +04:00
cookieStr = ""
requestMsg = "HTTP request:\n%s " % conf.method
requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/"
2010-01-24 02:29:34 +03:00
responseMsg = "HTTP response "
2008-10-15 19:38:22 +04:00
requestHeaders = ""
responseHeaders = ""
2010-10-11 16:26:35 +04:00
kb.lastRequestUID += 1
2010-10-06 17:38:03 +04:00
2008-10-15 19:38:22 +04:00
try:
if silent:
socket.setdefaulttimeout(3)
if direct:
if "?" in url:
url, params = url.split("?")
params = urlencode(params)
url = "%s?%s" % (url, params)
requestMsg += "?%s" % params
elif multipart:
2010-05-29 03:39:52 +04:00
# Needed in this form because of potential circle dependency
# problem (option -> update -> connect -> option)
2010-02-25 16:45:28 +03:00
from lib.core.option import proxyHandler
2010-02-25 16:45:28 +03:00
multipartOpener = urllib2.build_opener(proxyHandler, multipartpost.MultipartPostHandler)
conn = multipartOpener.open(url, multipart)
page = conn.read()
responseHeaders = conn.info()
page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))
return page
else:
if conf.parameters.has_key("GET") and not get:
get = conf.parameters["GET"]
if get:
url = "%s?%s" % (url, get)
requestMsg += "?%s" % get
if conf.method == "POST":
if conf.parameters.has_key("POST") and not post:
post = conf.parameters["POST"]
requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
2008-10-15 19:38:22 +04:00
# Perform HTTP request
headers = forgeHeaders(cookie, ua)
2010-10-14 02:08:09 +04:00
headers["Referer"] = "%s://%s" % (conf.scheme, conf.hostname)
2010-10-18 12:54:08 +04:00
if kb.authHeader:
headers["Authorization"] = kb.authHeader
if kb.proxyAuthHeader:
headers["Proxy-authorization"] = kb.proxyAuthHeader
2010-09-16 12:43:10 +04:00
if auxHeaders:
for key, item in auxHeaders.items():
headers[key] = item
if method:
req = MethodRequest(url, post, headers)
req.set_method(method)
else:
req = urllib2.Request(url, post, headers)
if not conf.dropSetCookie and conf.cj:
for _, cookie in enumerate(conf.cj):
if not cookieStr:
cookieStr = "Cookie: "
2010-10-18 12:54:08 +04:00
2010-06-10 15:34:17 +04:00
cookie = getUnicode(cookie)
index = cookie.index(" for ")
2010-10-18 12:54:08 +04:00
cookieStr += "%s; " % cookie[8:index]
2008-10-15 19:38:22 +04:00
2010-10-29 02:59:51 +04:00
conn = urllib2.urlopen(req)
2010-10-29 03:22:13 +04:00
if not req.has_header("Accept-Encoding"):
requestHeaders += "Accept-Encoding: identity\n"
2010-10-29 02:59:51 +04:00
requestHeaders += "\n".join(["%s: %s" % (header, value) for header, value in req.header_items()])
2010-10-29 03:22:13 +04:00
if not req.has_header("Cookie") and cookieStr:
requestHeaders += "\n%s" % cookieStr[:-2]
if not req.has_header("Connection"):
requestHeaders += "\nConnection: close"
2008-10-15 19:38:22 +04:00
requestMsg += "\n%s" % requestHeaders
if post:
requestMsg += "\n%s" % post
requestMsg += "\n"
logger.log(8, requestMsg)
2008-10-15 19:38:22 +04:00
2010-10-18 13:50:23 +04:00
if not kb.authHeader and req.has_header("Authorization"):
kb.authHeader = req.get_header("Authorization")
2010-10-18 12:54:08 +04:00
2010-10-18 13:50:23 +04:00
if not kb.proxyAuthHeader and req.has_header("Proxy-authorization"):
kb.proxyAuthHeader = req.get_header("Proxy-authorization")
if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled:
msg = "sqlmap got a %d redirect to " % conn.redcode
msg += "%s - What target address do you " % conn.redurl
msg += "want to use from now on? %s " % conf.url
msg += "(default) or provide another target address based "
msg += "also on the redirection got from the application\n"
while True:
choice = readInput(msg, default="1")
if not choice or choice == "1":
pass
else:
conf.url = choice
return Connect.__getPageProxy(**kwargs)
break
conf.redirectHandled = True
# Reset the number of connection retries
conf.retriesCount = 0
2010-10-10 22:56:43 +04:00
# Return response object
if response:
return conn, None
2008-10-15 19:38:22 +04:00
# Get HTTP response
page = conn.read()
code = conn.code
status = conn.msg
2008-10-15 19:38:22 +04:00
responseHeaders = conn.info()
page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))
2008-10-15 19:38:22 +04:00
except urllib2.HTTPError, e:
2010-11-04 01:07:13 +03:00
code = e.code
status = e.msg
2008-10-15 19:38:22 +04:00
if e.code == 401:
errMsg = "not authorized, try to provide right HTTP "
2010-11-04 01:07:13 +03:00
errMsg += "authentication type and valid credentials (%d)" % code
raise sqlmapConnectionException, errMsg
2010-03-16 16:56:36 +03:00
elif e.code == 404 and raise404:
2010-11-04 01:07:13 +03:00
errMsg = "page not found (%d)" % code
raise sqlmapConnectionException, errMsg
2008-10-15 19:38:22 +04:00
else:
try:
page = e.read()
responseHeaders = e.info()
except socket.timeout:
warnMsg = "connection timed out while trying "
2010-11-04 01:07:13 +03:00
warnMsg += "to get error page information (%d)" % code
logger.warn(warnMsg)
2010-05-04 12:43:14 +04:00
return None, None
2010-06-10 18:15:32 +04:00
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
logger.debug(debugMsg)
except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine), e:
tbMsg = traceback.format_exc()
2008-10-15 19:38:22 +04:00
if "URLError" in tbMsg or "error" in tbMsg:
warnMsg = "unable to connect to the target url"
elif "timeout" in tbMsg:
warnMsg = "connection timed out to the target url"
elif "BadStatusLine" in tbMsg:
warnMsg = "the target url responded with an unknown HTTP "
warnMsg += "status code, try to force the HTTP User-Agent "
warnMsg += "header with option --user-agent or -a"
2009-12-31 15:34:18 +03:00
else:
warnMsg = "unable to connect to the target url"
if "BadStatusLine" not in tbMsg:
warnMsg += " or proxy"
if silent:
return None, None
elif conf.retriesCount < conf.retries:
conf.retriesCount += 1
warnMsg += ", sqlmap is going to retry the request"
logger.critical(warnMsg)
time.sleep(1)
socket.setdefaulttimeout(conf.timeout)
2009-12-21 14:21:18 +03:00
return Connect.__getPageProxy(**kwargs)
else:
socket.setdefaulttimeout(conf.timeout)
raise sqlmapConnectionException, warnMsg
socket.setdefaulttimeout(conf.timeout)
2010-01-24 02:29:34 +03:00
page = sanitizeAsciiString(page)
parseResponse(page, responseHeaders)
2010-05-04 12:43:14 +04:00
2008-10-15 19:38:22 +04:00
responseMsg += "(%s - %d):\n" % (status, code)
2010-05-04 12:43:14 +04:00
if conf.verbose <= 5:
2010-08-22 12:52:15 +04:00
responseMsg += getUnicode(responseHeaders.__str__())
elif conf.verbose > 5:
2008-10-15 19:38:22 +04:00
responseMsg += "%s\n%s\n" % (responseHeaders, page)
2010-05-04 12:43:14 +04:00
logger.log(7, responseMsg)
2008-10-15 19:38:22 +04:00
return page, responseHeaders
2008-10-15 19:38:22 +04:00
@staticmethod
2010-11-04 00:51:36 +03:00
def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None, response=False, raise404 = None):
2008-10-15 19:38:22 +04:00
"""
This method calls a function to get the target url page content
and returns its page MD5 hash or a boolean value in case of
string match check ('--string' command line parameter)
"""
if conf.direct:
return direct(value, content)
2010-09-16 13:32:09 +04:00
get = None
post = None
cookie = None
ua = None
page = None
pageLength = None
2010-09-23 18:07:23 +04:00
uri = None
2010-11-04 00:51:36 +03:00
raise404 = place != "URI" if raise404 is None else raise404
2010-10-31 14:03:59 +03:00
toUrlencode = { "GET": True, "POST": True, "Cookie": conf.cookieUrlencode, "User-Agent": True, "URI": False }
2008-10-15 19:38:22 +04:00
if not place:
place = kb.injPlace
2010-11-08 00:55:24 +03:00
payload = agent.extractPayload(value)
2010-10-30 03:00:48 +04:00
2010-11-08 00:55:24 +03:00
if payload:
if kb.tamperFunctions:
for function in kb.tamperFunctions:
payload = function(payload)
2010-10-30 03:00:48 +04:00
value = agent.replacePayload(value, payload)
logger.log(9, payload)
2010-10-31 14:26:33 +03:00
if place == "Cookie" and conf.cookieUrlencode:
value = agent.removePayloadDelimiters(value, False)
value = urlEncodeCookieValues(value)
elif place:
2010-10-31 14:03:59 +03:00
value = agent.removePayloadDelimiters(value, toUrlencode[place])
2008-10-15 19:38:22 +04:00
2010-10-25 19:37:43 +04:00
if conf.checkPayload:
checkPayload(value)
if "GET" in conf.parameters:
get = conf.parameters["GET"] if place != "GET" or not value else value
2008-10-15 19:38:22 +04:00
if "POST" in conf.parameters:
post = conf.parameters["POST"] if place != "POST" or not value else value
2008-10-15 19:38:22 +04:00
if "Cookie" in conf.parameters:
cookie = conf.parameters["Cookie"] if place != "Cookie" or not value else value
if "User-Agent" in conf.parameters:
ua = conf.parameters["User-Agent"] if place != "User-Agent" or not value else value
2008-10-15 19:38:22 +04:00
2010-09-22 15:56:35 +04:00
if "URI" in conf.parameters:
uri = conf.url if place != "URI" or not value else value
2010-09-23 18:07:23 +04:00
else:
uri = conf.url
2010-09-22 15:56:35 +04:00
if conf.safUrl and conf.saFreq > 0:
kb.queryCounter += 1
if kb.queryCounter % conf.saFreq == 0:
2010-09-16 13:32:09 +04:00
Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua)
2010-10-10 22:56:43 +04:00
if not content and not response and kb.nullConnection:
2010-09-16 13:32:09 +04:00
if kb.nullConnection == "HEAD":
2010-10-10 22:56:43 +04:00
method = "HEAD"
2010-09-16 13:32:09 +04:00
elif kb.nullConnection == "Range":
if not auxHeaders:
auxHeaders = {}
2010-10-15 15:17:17 +04:00
2010-09-16 13:32:09 +04:00
auxHeaders["Range"] = "bytes=-1"
2010-10-10 22:56:43 +04:00
_, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
2010-10-15 15:20:19 +04:00
if kb.nullConnection == "HEAD" and 'Content-Length' in headers:
2010-10-10 22:56:43 +04:00
pageLength = int(headers['Content-Length'])
2010-10-15 15:20:19 +04:00
elif kb.nullConnection == "Range" and 'Content-Range' in headers:
pageLength = int(headers['Content-Range'][headers['Content-Range'].find('/') + 1:])
2010-09-16 13:47:33 +04:00
if not pageLength:
2010-10-10 22:56:43 +04:00
page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404)
2010-11-07 03:12:00 +03:00
if conf.textOnly:
page = getFilteredPageContent(page)
2008-10-15 19:38:22 +04:00
2010-10-10 22:56:43 +04:00
if content or response:
return page, headers
2010-09-16 13:32:09 +04:00
elif pageLength or page:
return comparison(page, headers, getSeqMatcher, pageLength)
else:
return False