solve the httplib&urllib2 content-legnth

2025-07-28 00:50:06 +03:00 · 2019-03-16 16:19:49 +08:00 · 2019-03-16 16:19:49 +08:00 · 13aacc1ed4
commit 13aacc1ed4
parent 0ca7502000
4 changed files with 59 additions and 8 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -98,7 +98,7 @@ from lib.core.exception import SqlmapUserQuitException
 from lib.core.exception import SqlmapValueException
 from lib.core.log import LOGGER_HANDLER
 from lib.core.optiondict import optDict
-from lib.core.settings import BANNER
+from lib.core.settings import BANNER, CHUNKED_KEYWORDS
 from lib.core.settings import BOLD_PATTERNS
 from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
@ -4919,7 +4919,7 @@ def generateChunkDdata(data):
    """
    dl = len(data)
    ret = ""
-    keywords = CHUNK_KEYWORDS
+    keywords = CHUNKED_KEYWORDS
    index = 0
    while index < dl:
        chunk_size = random.randint(1, 9)
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission

 import cookielib
 import glob
+import httplib
 import inspect
 import logging
 import os
@ -139,6 +140,7 @@ from lib.request.basic import checkCharEncoding
 from lib.request.connect import Connect as Request
 from lib.request.dns import DNSServer
 from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler
+from lib.request.httphandler import HTTPHandler
 from lib.request.httpshandler import HTTPSHandler
 from lib.request.pkihandler import HTTPSPKIAuthHandler
 from lib.request.rangehandler import HTTPRangeHandler
@ -156,6 +158,7 @@ from thirdparty.socks import socks
 from xml.etree.ElementTree import ElementTree

 authHandler = urllib2.BaseHandler()
+httpHandler = HTTPHandler()
 httpsHandler = HTTPSHandler()
 keepAliveHandler = keepalive.HTTPHandler()
 proxyHandler = urllib2.ProxyHandler()
@ -1106,7 +1109,7 @@ def _setHTTPHandlers():
    debugMsg = "creating HTTP requests opener object"
    logger.debug(debugMsg)

-    handlers = filter(None, [multipartPostHandler, proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, httpsHandler])
+    handlers = filter(None, [multipartPostHandler, proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, httpHandler, httpsHandler])

    if not conf.dropSetCookie:
        if not conf.loadCookies:
@ -2602,6 +2605,13 @@ def initOptions(inputOptions=AttribDict(), overrideOptions=False):
    _setKnowledgeBaseAttributes()
    _mergeOptions(inputOptions, overrideOptions)

+def _setHttpChunked():
+    if conf.chunk:
+        def hook(self, a, b):
+            pass
+
+        httplib.HTTPConnection._set_content_length = hook
+
 def init():
    """
    Set attributes into both configuration and knowledge base singletons
@ -2627,6 +2637,7 @@ def init():
    _listTamperingFunctions()
    _setTamperingFunctions()
    _setPreprocessFunctions()
+    _setHttpChunked()
    _setWafFunctions()
    _setTrafficOutputFP()
    _setupHTTPCollector()
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -277,6 +277,7 @@ class Connect(object):
        if multipart:
            post = multipart
        if chunked:
+            post = urllib.unquote(post)
            post = generateChunkDdata(post)

        websocket_ = url.lower().startswith("ws")
@ -471,12 +472,10 @@ class Connect(object):
                requestMsg += "\r\n%s" % requestHeaders

                if post is not None:
-                    if chunked:
-                        requestMsg += getUnicode(post)
-                    else:
-                        requestMsg += "\r\n\r\n%s" % getUnicode(post)
+                    requestMsg += "\r\n\r\n%s" % getUnicode(post)

-                requestMsg += "\r\n"
+                if not chunked:
+                    requestMsg += "\r\n"

                if not multipart:
                    threadData.lastRequestMsg = requestMsg
--- a/lib/request/httphandler.py
+++ b/lib/request/httphandler.py
@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# @Time    : 2019/3/16 2:48 PM
+# @Author  : w8ay
+# @File    : httphandler.py
+import urllib2
+import httplib
+from lib.core.data import conf
+
+
+class HTTPHandler(urllib2.HTTPHandler):
+
+    def _hook(self, request):
+        host = request.get_host()
+        if not host:
+            raise urllib2.URLError('no host given')
+
+        if request.has_data():  # POST
+            data = request.get_data()
+            if not request.has_header('Content-type'):
+                request.add_unredirected_header(
+                    'Content-type',
+                    'application/x-www-form-urlencoded')
+            if not request.has_header('Content-length') and not conf.chunk:
+                request.add_unredirected_header(
+                    'Content-length', '%d' % len(data))
+
+        sel_host = host
+        if request.has_proxy():
+            scheme, sel = urllib2.splittype(request.get_selector())
+            sel_host, sel_path = urllib2.splithost(sel)
+
+        if not request.has_header('Host'):
+            request.add_unredirected_header('Host', sel_host)
+        for name, value in self.parent.addheaders:
+            name = name.capitalize()
+            if not request.has_header(name):
+                request.add_unredirected_header(name, value)
+        return request
+
+    http_request = _hook