From 10eafa35fdc49bc3aec47bfcc6ebe123c794719c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 23 Jul 2016 23:02:15 +0200 Subject: [PATCH] Adding CloudFlare CAPTCHA warning --- lib/core/settings.py | 4 ++-- lib/request/basic.py | 2 ++ txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 265141eb1..67fdd1374 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.7.39" +VERSION = "1.0.7.40" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") @@ -603,7 +603,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100 CHECK_ZERO_COLUMNS_THRESHOLD = 10 # Boldify all logger messages containing these "patterns" -BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved") +BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA") # Generic www root directory names GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www") diff --git a/lib/request/basic.py b/lib/request/basic.py index 321ea1940..db9fa8e4a 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -359,6 +359,8 @@ def processResponse(page, responseHeaders): if re.search(r"(?i)captcha", match.group(0)): kb.captchaDetected = True warnMsg = "potential CAPTCHA protection mechanism detected" + if re.search(r"(?i)[^<]*CloudFlare", page): + warnMsg += " (CloudFlare)" singleTimeWarnMessage(warnMsg) break diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3941812c0..decc1119e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py -b10a550bac6290cc73312c413c39506a lib/core/settings.py +b80701b8eaf927683e27192bcbc8825f lib/core/settings.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py 0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py @@ -66,7 +66,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e lib/parse/__init__.py af6b8e1c6eb074b56bbd9cd80aebcd97 lib/parse/payloads.py b40a4c5d91770d347df36d3065b63798 lib/parse/sitemap.py 9299f21804033f099681525bb9bf51c0 lib/request/basicauthhandler.py -92fb749208255c64bcac82e9efd39cf4 lib/request/basic.py +a3e83cfe7e6825fb1b70951ad290d2ae lib/request/basic.py 9d757c63413a15222af90d3648de9de3 lib/request/comparison.py 72a0e7bb1010bb39c6538dbc77eae180 lib/request/connect.py 49b4c583af68689de5f9acb162de2939 lib/request/direct.py