sqlmap/lib/request/basic.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

import codecs
import gzip
import os
import re
import StringIO
import zlib

from lib.core.common import getCompiledRegex
from lib.core.common import getUnicode
from lib.core.common import isWindowsDriveLetterPath
from lib.core.common import posixToNtSlashes
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.parse.headers import headersParser
from lib.parse.html import htmlParser

def forgeHeaders(cookie, ua):
    """
    Prepare HTTP Cookie and HTTP User-Agent headers to use when performing
    the HTTP requests
    """

    headers = {}

    for header, value in conf.httpHeaders:
        if cookie and header == "Cookie":
            headers[header] = cookie
        elif ua and header == "User-Agent":
            headers[header] = ua
        else:
            headers[header] = value

    return headers

def parseResponse(page, headers):
    """
    @param page: the page to parse to feed the knowledge base htmlFp
    (back-end DBMS fingerprint based upon DBMS error messages return
    through the web application) list and absFilePaths (absolute file
    paths) set.
    """

    if headers:
        headersParser(headers)

    if page:
        htmlParser(page)

        # Detect injectable page absolute system path
        # NOTE: this regular expression works if the remote web application
        # is written in PHP and debug/error messages are enabled.

        for regex in ( r" in <b>(?P<result>.*?)</b> on line",  r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" ):
            regObj = getCompiledRegex(regex)
            for match in regObj.finditer(page):
                absFilePath = match.group("result").strip()
                page = page.replace(absFilePath, "")

                if isWindowsDriveLetterPath(absFilePath):
                    absFilePath = posixToNtSlashes(absFilePath)

                if absFilePath not in kb.absFilePaths:
                    kb.absFilePaths.add(absFilePath)

def checkCharEncoding(encoding):
    if encoding:
        encoding = encoding.lower()
    else:
        return encoding

    #http://www.destructor.de/charsets/index.htm
    translate = { 'windows-874':'iso-8859-11' }

    if ';' in encoding:
        encoding = encoding[:encoding.find(';')]

    # http://philip.html5.org/data/charsets-2.html
    if encoding in translate:
        encoding = translate[encoding]
    elif encoding.startswith('cp-'):
        encoding = 'cp%s' % encoding[3:]
    elif encoding.startswith('windows') and not encoding.startswith('windows-'):
        encoding = 'windows-%s' % encoding[7:]

    try:
        codecs.lookup(encoding)
    except LookupError:
        warnMsg  = "unknown charset '%s'. " % encoding
        warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."

        logger.warn(warnMsg)
        encoding = conf.dataEncoding
    return encoding

def decodePage(page, contentEncoding, contentType):
    """
    Decode compressed/charset HTTP response
    """

    if isinstance(contentEncoding, basestring) and contentEncoding.lower() in ('gzip', 'x-gzip', 'deflate'):
        if contentEncoding == 'deflate':
            # http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations
            data = StringIO.StringIO(zlib.decompress(page, -15))
        else:
            data = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(page))

        page = data.read()
    
    #http://stackoverflow.com/questions/1020892/python-urllib2-read-to-unicode
    if contentType and (contentType.find('charset=') != -1):
        charset = checkCharEncoding(contentType.split('charset=')[-1])
        if charset:
            page = getUnicode(page, charset)

    return page
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`#!/usr/bin/env python`

			`"""`
propsets.. 2008-10-15 19:56:32 +04:00			$Id$
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

some charset fix up 2010-06-30 16:09:33 +04:00			`import codecs`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`import gzip`
Almost done with web backdoor functionality 2009-04-28 15:05:07 +04:00			`import os`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`import re`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`import StringIO`
			`import zlib`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
introducing regex caching mechanism 2010-05-21 18:42:59 +04:00			`from lib.core.common import getCompiledRegex`
fix for bug reported by Marek Sarvas (unicode) 2010-09-09 18:03:45 +04:00			`from lib.core.common import getUnicode`
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 20:34:20 +04:00			`from lib.core.common import isWindowsDriveLetterPath`
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 17:37:00 +03:00			`from lib.core.common import posixToNtSlashes`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.core.data import conf`
			`from lib.core.data import kb`
some charset fix up 2010-06-30 16:09:33 +04:00			`from lib.core.data import logger`
Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00			`from lib.parse.headers import headersParser`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.parse.html import htmlParser`

			`def forgeHeaders(cookie, ua):`
			`"""`
			`Prepare HTTP Cookie and HTTP User-Agent headers to use when performing`
			`the HTTP requests`
			`"""`

			`headers = {}`

			`for header, value in conf.httpHeaders:`
			`if cookie and header == "Cookie":`
			`headers[header] = cookie`
			`elif ua and header == "User-Agent":`
			`headers[header] = ua`
			`else:`
			`headers[header] = value`

			`return headers`

Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00			`def parseResponse(page, headers):`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`
			`@param page: the page to parse to feed the knowledge base htmlFp`
			`(back-end DBMS fingerprint based upon DBMS error messages return`
			`through the web application) list and absFilePaths (absolute file`
			`paths) set.`
			`"""`

Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00			`if headers:`
			`headersParser(headers)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00			`if page:`
			`htmlParser(page)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00			`# Detect injectable page absolute system path`
			`# NOTE: this regular expression works if the remote web application`
			`# is written in PHP and debug/error messages are enabled.`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
introducing regex caching mechanism 2010-05-21 18:42:59 +04:00			`for regex in ( r" in <b>(?P<result>.?)</b> on line", r"(?:>\|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/])", r"(?:>\|\s)(?P<result>/\w[/\w.]+)" ):`
			`regObj = getCompiledRegex(regex)`
			`for match in regObj.finditer(page):`
getDocRoot changes 2010-01-05 14:30:33 +03:00			`absFilePath = match.group("result").strip()`
upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this) 2010-02-03 18:06:41 +03:00			`page = page.replace(absFilePath, "")`
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 20:34:20 +04:00
			`if isWindowsDriveLetterPath(absFilePath):`
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 17:37:00 +03:00			`absFilePath = posixToNtSlashes(absFilePath)`
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 20:34:20 +04:00
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed). Minor common library code refactoring. Code cleanup. Set back the default User-Agent to sqlmap for comparison algorithm reasons. Updated THANKS. 2009-04-28 03:05:11 +04:00			`if absFilePath not in kb.absFilePaths:`
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname) also, fixed some issues with Windows paths 2010-02-03 19:40:12 +03:00			`kb.absFilePaths.add(absFilePath)`
few quick changes 2010-06-10 15:34:17 +04:00
some charset fix up 2010-06-30 16:09:33 +04:00			`def checkCharEncoding(encoding):`
fix for "unknown charset 'windows-874'" reported by Phat R. 2010-07-15 12:44:42 +04:00			`if encoding:`
			`encoding = encoding.lower()`
			`else:`
			`return encoding`

			`#http://www.destructor.de/charsets/index.htm`
			`translate = { 'windows-874':'iso-8859-11' }`

fix for bug reported by Marek Sarvas (unicode) 2010-09-09 18:03:45 +04:00			`if ';' in encoding:`
fix for a bug reported by Marek Sarvas 2010-07-26 12:11:28 +04:00			`encoding = encoding[:encoding.find(';')]`
Minor cosmetic fixes 2010-10-14 19:28:54 +04:00
			`# http://philip.html5.org/data/charsets-2.html`
fix for bug reported by Marek Sarvas (unicode) 2010-09-09 18:03:45 +04:00			`if encoding in translate:`
fix for "unknown charset 'windows-874'" reported by Phat R. 2010-07-15 12:44:42 +04:00			`encoding = translate[encoding]`
fix for bug reported by Marek Sarvas (unicode) 2010-09-09 18:03:45 +04:00			`elif encoding.startswith('cp-'):`
			`encoding = 'cp%s' % encoding[3:]`
			`elif encoding.startswith('windows') and not encoding.startswith('windows-'):`
			`encoding = 'windows-%s' % encoding[7:]`
Minor cosmetic fixes 2010-10-14 19:28:54 +04:00
some charset fix up 2010-06-30 16:09:33 +04:00			`try:`
			`codecs.lookup(encoding)`
			`except LookupError:`
			`warnMsg = "unknown charset '%s'. " % encoding`
Minor cosmetic fixes 2010-10-14 19:28:54 +04:00			`warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."`
some charset fix up 2010-06-30 16:09:33 +04:00
			`logger.warn(warnMsg)`
			`encoding = conf.dataEncoding`
			`return encoding`

major bug fix (different HTTP content charsets are now properly handled) 2010-06-09 18:40:36 +04:00			`def decodePage(page, contentEncoding, contentType):`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`"""`
major bug fix (different HTTP content charsets are now properly handled) 2010-06-09 18:40:36 +04:00			`Decode compressed/charset HTTP response`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`"""`

major bug fix (different HTTP content charsets are now properly handled) 2010-06-09 18:40:36 +04:00			`if isinstance(contentEncoding, basestring) and contentEncoding.lower() in ('gzip', 'x-gzip', 'deflate'):`
			`if contentEncoding == 'deflate':`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`# http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations`
			`data = StringIO.StringIO(zlib.decompress(page, -15))`
			`else:`
			`data = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(page))`

			`page = data.read()`
some charset fix up 2010-06-30 16:09:33 +04:00
major bug fix (different HTTP content charsets are now properly handled) 2010-06-09 18:40:36 +04:00			`#http://stackoverflow.com/questions/1020892/python-urllib2-read-to-unicode`
			`if contentType and (contentType.find('charset=') != -1):`
some charset fix up 2010-06-30 16:09:33 +04:00			`charset = checkCharEncoding(contentType.split('charset=')[-1])`
			`if charset:`
fix for bug reported by Marek Sarvas (unicode) 2010-09-09 18:03:45 +04:00			`page = getUnicode(page, charset)`
major bug fix (different HTTP content charsets are now properly handled) 2010-06-09 18:40:36 +04:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`return page`