diff --git a/lib/core/enums.py b/lib/core/enums.py index e693b6e31..5a4af4fcc 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -402,6 +402,7 @@ class CONTENT_STATUS(object): class AUTH_TYPE(object): BASIC = "basic" DIGEST = "digest" + BEARER = "bearer" NTLM = "ntlm" PKI = "pki" diff --git a/lib/core/option.py b/lib/core/option.py index 364dd7717..00fe8cfbb 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1310,7 +1310,7 @@ def _setAuthCred(): def _setHTTPAuthentication(): """ - Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or PKI), + Check and set the HTTP(s) authentication method (Basic, Digest, Bearer, NTLM or PKI), username and password for first three methods, or PEM private key file for PKI authentication """ @@ -1333,9 +1333,9 @@ def _setHTTPAuthentication(): errMsg += "but did not provide the type (e.g. --auth-type=\"basic\")" raise SqlmapSyntaxException(errMsg) - elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.PKI): + elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.BEARER, AUTH_TYPE.NTLM, AUTH_TYPE.PKI): errMsg = "HTTP authentication type value must be " - errMsg += "Basic, Digest, NTLM or PKI" + errMsg += "Basic, Digest, Bearer, NTLM or PKI" raise SqlmapSyntaxException(errMsg) if not conf.authFile: @@ -1348,6 +1348,9 @@ def _setHTTPAuthentication(): regExp = "^(.*?):(.*?)$" errMsg = "HTTP %s authentication credentials " % authType errMsg += "value must be in format 'username:password'" + elif authType == AUTH_TYPE.BEARER: + conf.httpHeaders.append((HTTP_HEADER.AUTHORIZATION, "Bearer %s" % conf.authCred.strip())) + return elif authType == AUTH_TYPE.NTLM: regExp = "^(.*\\\\.*):(.*?)$" errMsg = "HTTP NTLM authentication credentials value must " diff --git a/lib/core/settings.py b/lib/core/settings.py index ab28533ac..1441f451c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.3.12" +VERSION = "1.5.3.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 026cc8abe..020753de4 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -193,7 +193,7 @@ def cmdLineParser(argv=None): help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")") request.add_argument("--auth-type", dest="authType", - help="HTTP authentication type (Basic, Digest, NTLM or PKI)") + help="HTTP authentication type (Basic, Digest, Bearer, ...)") request.add_argument("--auth-cred", dest="authCred", help="HTTP authentication credentials (name:password)") @@ -976,6 +976,8 @@ def cmdLineParser(argv=None): argv[i] = "" elif argv[i].startswith("--data-raw"): argv[i] = argv[i].replace("--data-raw", "--data", 1) + elif argv[i].startswith("--auth-creds"): + argv[i] = argv[i].replace("--auth-creds", "--auth-cred", 1) elif argv[i].startswith("--drop-cookie"): argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1) elif any(argv[i].startswith(_) for _ in ("--tamper", "--ignore-code", "--skip")): diff --git a/sqlmap.conf b/sqlmap.conf index 7c28acb96..a771a4e79 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -87,12 +87,12 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 # HTTP Authentication type. Useful only if the target URL requires -# HTTP Basic, Digest or NTLM authentication and you have such data. -# Valid: Basic, Digest, NTLM or PKI +# HTTP Basic, Digest, Bearer or NTLM authentication and you have such data. +# Valid: Basic, Digest, Bearer, NTLM or PKI authType = # HTTP authentication credentials. Useful only if the target URL requires -# HTTP Basic, Digest or NTLM authentication and you have such data. +# HTTP Basic, Digest, Token or NTLM authentication and you have such data. # Syntax: username:password authCred =