sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-20 13:03:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implement experimental --http2 (#4402)

Browse Source
This commit is contained in:
Miroslav Stampar 2025-02-20 13:03:47 +01:00
parent fa9dc20c6e
commit 327f98aaa3
7 changed files with 67 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
data/txt/sha256sums.txt
View File

@ -180,7 +180,7 @@ ec8d94fb704c0a40c88f5f283624cda025e2ea0e8b68722fe156c2b5676f53ac lib/core/dicts
93c256111dc753967169988e1289a0ea10ec77bfb8e2cbd1f6725e939bfbc235 lib/core/gui.py 93c256111dc753967169988e1289a0ea10ec77bfb8e2cbd1f6725e939bfbc235 lib/core/gui.py
1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/core/__init__.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/core/__init__.py
53499dc202a036289e3b2b9699d19568e794d077e16fd3a5c91771983de45451 lib/core/log.py 53499dc202a036289e3b2b9699d19568e794d077e16fd3a5c91771983de45451 lib/core/log.py
eb1890d111e6187cac4cf81c3a525e95e7061607847d4f05ec23f9dba8febdcd lib/core/optiondict.py bcb54f1813b3757fe717d7b4f3429fbcd08ff416af1100b716708955702e66d6 lib/core/optiondict.py
ceea031ce1a49a20af689d750d33d057e38a7c631f008872b04f380e2de39bb9 lib/core/option.py ceea031ce1a49a20af689d750d33d057e38a7c631f008872b04f380e2de39bb9 lib/core/option.py
81275fdbd463d89a2bfd8c00417a17a872aad74f34c18e44be79c0503e67dfa5 lib/core/patch.py 81275fdbd463d89a2bfd8c00417a17a872aad74f34c18e44be79c0503e67dfa5 lib/core/patch.py
e79df3790f16f67988e46f94b0a516d7ee725967f7698c8e17f210e4052203a7 lib/core/profiling.py e79df3790f16f67988e46f94b0a516d7ee725967f7698c8e17f210e4052203a7 lib/core/profiling.py
@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl
63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py
5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py
0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py
167941c1f7c279d31a377a80915de0cae31f06ba39bf802571a9980bb5ffbfff lib/core/settings.py 2511201edc299a8efca0f9f5b55423503ef5e5982c16c4938ec4b0be842abb6f lib/core/settings.py
a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py
841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py
9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py
@ -199,7 +199,7 @@ b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625 lib/core/testi
12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30 lib/core/wordlist.py 12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30 lib/core/wordlist.py
1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/__init__.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/__init__.py
a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2 lib/parse/banner.py a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2 lib/parse/banner.py
9c7f95948cb6ee20b2b5bff7b36c23179c44303d3c8ad555247f65f12f30e0a9 lib/parse/cmdline.py f8d1701df33a31920e2ebf9a23fa7b6f4ccd2aff22b4ae1e14b495e51e5939fe lib/parse/cmdline.py
3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac lib/parse/configfile.py 3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac lib/parse/configfile.py
ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64 lib/parse/handler.py ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64 lib/parse/handler.py
3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c lib/parse/headers.py 3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c lib/parse/headers.py
@ -211,7 +211,7 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d lib/parse/site
89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8 lib/request/basic.py 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8 lib/request/basic.py
6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1 lib/request/chunkedhandler.py 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1 lib/request/chunkedhandler.py
ad661a075c6df0624747722d77ca3b1f69f36e54708e33673a33cfdef1ed5075 lib/request/comparison.py ad661a075c6df0624747722d77ca3b1f69f36e54708e33673a33cfdef1ed5075 lib/request/comparison.py
2dfe357dfa62f40d711e6809a93ce46d7c0478118155da4fc35ac081d4a43ec7 lib/request/connect.py 40543c462d261c8cec1ec1f68033bd3d7b4e72688aa9eb564b2c474947a449da lib/request/connect.py
0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e lib/request/direct.py 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e lib/request/direct.py
5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d lib/request/dns.py 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d lib/request/dns.py
2dd88e1f75c0ee54c335d5d0d9199216194aa299bd8ce99dca333c2e4f9ea38b lib/request/httpshandler.py 2dd88e1f75c0ee54c335d5d0d9199216194aa299bd8ce99dca333c2e4f9ea38b lib/request/httpshandler.py
@ -244,7 +244,7 @@ b781403433a2ad9a18fa9b1cc291165f04f734942268b4eba004a53afe8abe49 lib/techniques
c09927bccdbdb9714865c9a72d2a739da745375702a935349ddb9edc1d50de70 lib/utils/api.py c09927bccdbdb9714865c9a72d2a739da745375702a935349ddb9edc1d50de70 lib/utils/api.py
1d72a586358c5f6f0b44b48135229742d2e598d40cefbeeabcb40a1c2e0b70b2 lib/utils/brute.py 1d72a586358c5f6f0b44b48135229742d2e598d40cefbeeabcb40a1c2e0b70b2 lib/utils/brute.py
dd0b67fc2bdf65a4c22a029b056698672a6409eff9a9e55da6250907e8995728 lib/utils/crawler.py dd0b67fc2bdf65a4c22a029b056698672a6409eff9a9e55da6250907e8995728 lib/utils/crawler.py
41a037169ca0b595781d70d6af40e2b47c9a2732fd08378029502bbe6f522960 lib/utils/deps.py eac125d270256eff54e39736a423dde866bac3b2bb4c76d3cbc32fc53b3bbb99 lib/utils/deps.py
0b83cc8657d5bea117c02facde2b1426c8fe35d9372d996c644d67575d8b755f lib/utils/getch.py 0b83cc8657d5bea117c02facde2b1426c8fe35d9372d996c644d67575d8b755f lib/utils/getch.py
c2a2fa68d2c575ab35f472d50b8d52dd6fc5e1b4d6c86a06ac06365650fec321 lib/utils/har.py c2a2fa68d2c575ab35f472d50b8d52dd6fc5e1b4d6c86a06ac06365650fec321 lib/utils/har.py
e6376fb0c3d001b6be0ef0f23e99a47734cfe3a3d271521dbe6d624d32f19953 lib/utils/hashdb.py e6376fb0c3d001b6be0ef0f23e99a47734cfe3a3d271521dbe6d624d32f19953 lib/utils/hashdb.py
@ -476,7 +476,7 @@ b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294 plugins/generi
5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c README.md 5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c README.md
8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30 sqlmapapi.py 8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30 sqlmapapi.py
168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml
6da15963699aa8916118f92c8838013bc02c84e4d7b9f33d971324c2ff348728 sqlmap.conf 4037f1c78180550c1896543581c0c2423e970086bae46f175397f2b4c54b7323 sqlmap.conf
3795c6d03bc341a0e3aef3d7990ea8c272d91a4c307e1498e850594375af39f7 sqlmap.py 3795c6d03bc341a0e3aef3d7990ea8c272d91a4c307e1498e850594375af39f7 sqlmap.py
9d408612a6780f7f50a7f7887f923ff3f40be5bfa09a951c6dc273ded05b56c0 tamper/0eunion.py 9d408612a6780f7f50a7f7887f923ff3f40be5bfa09a951c6dc273ded05b56c0 tamper/0eunion.py
c1c2eaa7df016cc7786ccee0ae4f4f363b1dce139c61fb3e658937cb0d18fc54 tamper/apostrophemask.py c1c2eaa7df016cc7786ccee0ae4f4f363b1dce139c61fb3e658937cb0d18fc54 tamper/apostrophemask.py

1
lib/core/optiondict.py
View File

@ -30,6 +30,7 @@ optDict = {
"liveCookies": "string", "liveCookies": "string",
"loadCookies": "string", "loadCookies": "string",
"dropSetCookie": "boolean", "dropSetCookie": "boolean",
"http2": "boolean",
"agent": "string", "agent": "string",
"mobile": "boolean", "mobile": "boolean",
"randomAgent": "boolean", "randomAgent": "boolean",

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import OS
from thirdparty import six from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.9.2.9" VERSION = "1.9.2.10"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

3
lib/parse/cmdline.py
View File

@ -177,6 +177,9 @@ def cmdLineParser(argv=None):
request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true", request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true",
help="Ignore Set-Cookie header from response") help="Ignore Set-Cookie header from response")
request.add_argument("--http2", dest="http2", action="store_true",
help="Use HTTP version 2 (experimental)")
request.add_argument("--mobile", dest="mobile", action="store_true", request.add_argument("--mobile", dest="mobile", action="store_true",
help="Imitate smartphone through HTTP User-Agent header") help="Imitate smartphone through HTTP User-Agent header")

49
lib/request/connect.py
View File

@ -90,6 +90,7 @@ from lib.core.enums import WEB_PLATFORM
from lib.core.exception import SqlmapCompressionException from lib.core.exception import SqlmapCompressionException
from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import SqlmapGenericException from lib.core.exception import SqlmapGenericException
from lib.core.exception import SqlmapMissingDependence
from lib.core.exception import SqlmapSkipTargetException from lib.core.exception import SqlmapSkipTargetException
from lib.core.exception import SqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from lib.core.exception import SqlmapTokenException from lib.core.exception import SqlmapTokenException
@ -603,11 +604,6 @@ class Connect(object):
if not chunked: if not chunked:
requestMsg += "\r\n" requestMsg += "\r\n"
if not multipart:
threadData.lastRequestMsg = requestMsg
logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
if conf.cj: if conf.cj:
for cookie in conf.cj: for cookie in conf.cj:
if cookie.value is None: if cookie.value is None:
@ -616,7 +612,46 @@ class Connect(object):
for char in (r"\r", r"\n"): for char in (r"\r", r"\n"):
cookie.value = re.sub(r"(%s)([^ \t])" % char, r"\g<1>\t\g<2>", cookie.value) cookie.value = re.sub(r"(%s)([^ \t])" % char, r"\g<1>\t\g<2>", cookie.value)
conn = _urllib.request.urlopen(req) if conf.http2:
try:
import httpx
with httpx.Client(verify=False, http2=True, timeout=timeout, follow_redirects=True, cookies=conf.cj) as client:
conn = client.request(method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET), url, headers=headers, data=post)
except ImportError:
raise SqlmapMissingDependence("httpx[http2] not available (e.g. 'pip%s install httpx[http2]')" % ('3' if six.PY3 else ""))
else:
conn.code = conn.status_code
conn.msg = conn.reason_phrase
conn.info = lambda c=conn: c.headers
conn._read_buffer = conn.read()
conn._read_offset = 0
requestMsg = re.sub(" HTTP/[0-9.]+\r\n", " %s\r\n" % conn.http_version, requestMsg, count=1)
if not multipart:
threadData.lastRequestMsg = requestMsg
logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
def _read(count=None):
offset = conn._read_offset
if count is None:
result = conn._read_buffer[offset:]
conn._read_offset = len(conn._read_buffer)
else:
result = conn._read_buffer[offset: offset + count]
conn._read_offset += len(result)
return result
conn.read = _read
else:
if not multipart:
threadData.lastRequestMsg = requestMsg
logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
conn = _urllib.request.urlopen(req)
if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and (conf.authType or "").lower() == AUTH_TYPE.BASIC.lower(): if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and (conf.authType or "").lower() == AUTH_TYPE.BASIC.lower():
kb.authHeader = getUnicode(getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)) kb.authHeader = getUnicode(getRequestHeader(req, HTTP_HEADER.AUTHORIZATION))
@ -699,7 +734,7 @@ class Connect(object):
# Explicit closing of connection object # Explicit closing of connection object
if conn and not conf.keepAlive: if conn and not conf.keepAlive:
try: try:
if hasattr(conn.fp, '_sock'): if hasattr(conn, "fp") and hasattr(conn.fp, '_sock'):
conn.fp._sock.close() conn.fp._sock.close()
conn.close() conn.close()
except Exception as ex: except Exception as ex:

10
lib/utils/deps.py
View File

@ -94,6 +94,16 @@ def checkDependencies():
logger.warning(warnMsg) logger.warning(warnMsg)
missing_libraries.add('python-ntlm') missing_libraries.add('python-ntlm')
try:
__import__("httpx")
debugMsg = "'httpx[http2]' third-party library is found"
logger.debug(debugMsg)
except ImportError:
warnMsg = "sqlmap requires 'httpx[http2]' third-party library "
warnMsg += "if you plan to use HTTP version 2"
logger.warning(warnMsg)
missing_libraries.add('httpx[http2]')
try: try:
__import__("websocket._abnf") __import__("websocket._abnf")
debugMsg = "'websocket-client' library is found" debugMsg = "'websocket-client' library is found"

4
sqlmap.conf
View File

@ -61,6 +61,10 @@ loadCookies =
# Valid: True or False # Valid: True or False
dropSetCookie = False dropSetCookie = False
# Use HTTP version 2 (experimental).
# Valid: True or False
http2 = False
# HTTP User-Agent header value. Useful to fake the HTTP User-Agent header value # HTTP User-Agent header value. Useful to fake the HTTP User-Agent header value
# at each HTTP request. # at each HTTP request.
# sqlmap will also test for SQL injection on the HTTP User-Agent value. # sqlmap will also test for SQL injection on the HTTP User-Agent value.