From 13aacc1ed495f3453977b67539b29145b53ac850 Mon Sep 17 00:00:00 2001
From: boy-hack <34109680@qq.com>
Date: Sat, 16 Mar 2019 16:19:49 +0800
Subject: [PATCH] solve the httplib&urllib2 content-legnth

---
 lib/core/common.py         |  4 ++--
 lib/core/option.py         | 13 +++++++++++-
 lib/request/connect.py     |  9 ++++-----
 lib/request/httphandler.py | 41 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 59 insertions(+), 8 deletions(-)
 create mode 100644 lib/request/httphandler.py

diff --git a/lib/core/common.py b/lib/core/common.py
index 971deb2b6..863d297e1 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -98,7 +98,7 @@ from lib.core.exception import SqlmapUserQuitException
 from lib.core.exception import SqlmapValueException
 from lib.core.log import LOGGER_HANDLER
 from lib.core.optiondict import optDict
-from lib.core.settings import BANNER
+from lib.core.settings import BANNER, CHUNKED_KEYWORDS
 from lib.core.settings import BOLD_PATTERNS
 from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
@@ -4919,7 +4919,7 @@ def generateChunkDdata(data):
     """
     dl = len(data)
     ret = ""
-    keywords = CHUNK_KEYWORDS
+    keywords = CHUNKED_KEYWORDS
     index = 0
     while index < dl:
         chunk_size = random.randint(1, 9)
diff --git a/lib/core/option.py b/lib/core/option.py
index 4204de6db..158f5ee2c 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
 
 import cookielib
 import glob
+import httplib
 import inspect
 import logging
 import os
@@ -139,6 +140,7 @@ from lib.request.basic import checkCharEncoding
 from lib.request.connect import Connect as Request
 from lib.request.dns import DNSServer
 from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler
+from lib.request.httphandler import HTTPHandler
 from lib.request.httpshandler import HTTPSHandler
 from lib.request.pkihandler import HTTPSPKIAuthHandler
 from lib.request.rangehandler import HTTPRangeHandler
@@ -156,6 +158,7 @@ from thirdparty.socks import socks
 from xml.etree.ElementTree import ElementTree
 
 authHandler = urllib2.BaseHandler()
+httpHandler = HTTPHandler()
 httpsHandler = HTTPSHandler()
 keepAliveHandler = keepalive.HTTPHandler()
 proxyHandler = urllib2.ProxyHandler()
@@ -1106,7 +1109,7 @@ def _setHTTPHandlers():
     debugMsg = "creating HTTP requests opener object"
     logger.debug(debugMsg)
 
-    handlers = filter(None, [multipartPostHandler, proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, httpsHandler])
+    handlers = filter(None, [multipartPostHandler, proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, httpHandler, httpsHandler])
 
     if not conf.dropSetCookie:
         if not conf.loadCookies:
@@ -2602,6 +2605,13 @@ def initOptions(inputOptions=AttribDict(), overrideOptions=False):
     _setKnowledgeBaseAttributes()
     _mergeOptions(inputOptions, overrideOptions)
 
+def _setHttpChunked():
+    if conf.chunk:
+        def hook(self, a, b):
+            pass
+
+        httplib.HTTPConnection._set_content_length = hook
+
 def init():
     """
     Set attributes into both configuration and knowledge base singletons
@@ -2627,6 +2637,7 @@ def init():
     _listTamperingFunctions()
     _setTamperingFunctions()
     _setPreprocessFunctions()
+    _setHttpChunked()
     _setWafFunctions()
     _setTrafficOutputFP()
     _setupHTTPCollector()
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 3a02c8cf8..b0927e04e 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -277,6 +277,7 @@ class Connect(object):
         if multipart:
             post = multipart
         if chunked:
+            post = urllib.unquote(post)
             post = generateChunkDdata(post)
 
         websocket_ = url.lower().startswith("ws")
@@ -471,12 +472,10 @@ class Connect(object):
                 requestMsg += "\r\n%s" % requestHeaders
 
                 if post is not None:
-                    if chunked:
-                        requestMsg += getUnicode(post)
-                    else:
-                        requestMsg += "\r\n\r\n%s" % getUnicode(post)
+                    requestMsg += "\r\n\r\n%s" % getUnicode(post)
 
-                requestMsg += "\r\n"
+                if not chunked:
+                    requestMsg += "\r\n"
 
                 if not multipart:
                     threadData.lastRequestMsg = requestMsg
diff --git a/lib/request/httphandler.py b/lib/request/httphandler.py
new file mode 100644
index 000000000..3fd4fab0e
--- /dev/null
+++ b/lib/request/httphandler.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# @Time    : 2019/3/16 2:48 PM
+# @Author  : w8ay
+# @File    : httphandler.py
+import urllib2
+import httplib
+from lib.core.data import conf
+
+
+class HTTPHandler(urllib2.HTTPHandler):
+
+    def _hook(self, request):
+        host = request.get_host()
+        if not host:
+            raise urllib2.URLError('no host given')
+
+        if request.has_data():  # POST
+            data = request.get_data()
+            if not request.has_header('Content-type'):
+                request.add_unredirected_header(
+                    'Content-type',
+                    'application/x-www-form-urlencoded')
+            if not request.has_header('Content-length') and not conf.chunk:
+                request.add_unredirected_header(
+                    'Content-length', '%d' % len(data))
+
+        sel_host = host
+        if request.has_proxy():
+            scheme, sel = urllib2.splittype(request.get_selector())
+            sel_host, sel_path = urllib2.splithost(sel)
+
+        if not request.has_header('Host'):
+            request.add_unredirected_header('Host', sel_host)
+        for name, value in self.parent.addheaders:
+            name = name.capitalize()
+            if not request.has_header(name):
+                request.add_unredirected_header(name, value)
+        return request
+
+    http_request = _hook