mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Update regarding #4142 (--auth-type bearer)
This commit is contained in:
parent
40e4422bbd
commit
38c341076d
|
@ -402,6 +402,7 @@ class CONTENT_STATUS(object):
|
||||||
class AUTH_TYPE(object):
|
class AUTH_TYPE(object):
|
||||||
BASIC = "basic"
|
BASIC = "basic"
|
||||||
DIGEST = "digest"
|
DIGEST = "digest"
|
||||||
|
BEARER = "bearer"
|
||||||
NTLM = "ntlm"
|
NTLM = "ntlm"
|
||||||
PKI = "pki"
|
PKI = "pki"
|
||||||
|
|
||||||
|
|
|
@ -1310,7 +1310,7 @@ def _setAuthCred():
|
||||||
|
|
||||||
def _setHTTPAuthentication():
|
def _setHTTPAuthentication():
|
||||||
"""
|
"""
|
||||||
Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or PKI),
|
Check and set the HTTP(s) authentication method (Basic, Digest, Bearer, NTLM or PKI),
|
||||||
username and password for first three methods, or PEM private key file for
|
username and password for first three methods, or PEM private key file for
|
||||||
PKI authentication
|
PKI authentication
|
||||||
"""
|
"""
|
||||||
|
@ -1333,9 +1333,9 @@ def _setHTTPAuthentication():
|
||||||
errMsg += "but did not provide the type (e.g. --auth-type=\"basic\")"
|
errMsg += "but did not provide the type (e.g. --auth-type=\"basic\")"
|
||||||
raise SqlmapSyntaxException(errMsg)
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
|
elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.BEARER, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
|
||||||
errMsg = "HTTP authentication type value must be "
|
errMsg = "HTTP authentication type value must be "
|
||||||
errMsg += "Basic, Digest, NTLM or PKI"
|
errMsg += "Basic, Digest, Bearer, NTLM or PKI"
|
||||||
raise SqlmapSyntaxException(errMsg)
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if not conf.authFile:
|
if not conf.authFile:
|
||||||
|
@ -1348,6 +1348,9 @@ def _setHTTPAuthentication():
|
||||||
regExp = "^(.*?):(.*?)$"
|
regExp = "^(.*?):(.*?)$"
|
||||||
errMsg = "HTTP %s authentication credentials " % authType
|
errMsg = "HTTP %s authentication credentials " % authType
|
||||||
errMsg += "value must be in format 'username:password'"
|
errMsg += "value must be in format 'username:password'"
|
||||||
|
elif authType == AUTH_TYPE.BEARER:
|
||||||
|
conf.httpHeaders.append((HTTP_HEADER.AUTHORIZATION, "Bearer %s" % conf.authCred.strip()))
|
||||||
|
return
|
||||||
elif authType == AUTH_TYPE.NTLM:
|
elif authType == AUTH_TYPE.NTLM:
|
||||||
regExp = "^(.*\\\\.*):(.*?)$"
|
regExp = "^(.*\\\\.*):(.*?)$"
|
||||||
errMsg = "HTTP NTLM authentication credentials value must "
|
errMsg = "HTTP NTLM authentication credentials value must "
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.5.3.12"
|
VERSION = "1.5.3.13"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -193,7 +193,7 @@ def cmdLineParser(argv=None):
|
||||||
help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
|
help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
|
||||||
|
|
||||||
request.add_argument("--auth-type", dest="authType",
|
request.add_argument("--auth-type", dest="authType",
|
||||||
help="HTTP authentication type (Basic, Digest, NTLM or PKI)")
|
help="HTTP authentication type (Basic, Digest, Bearer, ...)")
|
||||||
|
|
||||||
request.add_argument("--auth-cred", dest="authCred",
|
request.add_argument("--auth-cred", dest="authCred",
|
||||||
help="HTTP authentication credentials (name:password)")
|
help="HTTP authentication credentials (name:password)")
|
||||||
|
@ -976,6 +976,8 @@ def cmdLineParser(argv=None):
|
||||||
argv[i] = ""
|
argv[i] = ""
|
||||||
elif argv[i].startswith("--data-raw"):
|
elif argv[i].startswith("--data-raw"):
|
||||||
argv[i] = argv[i].replace("--data-raw", "--data", 1)
|
argv[i] = argv[i].replace("--data-raw", "--data", 1)
|
||||||
|
elif argv[i].startswith("--auth-creds"):
|
||||||
|
argv[i] = argv[i].replace("--auth-creds", "--auth-cred", 1)
|
||||||
elif argv[i].startswith("--drop-cookie"):
|
elif argv[i].startswith("--drop-cookie"):
|
||||||
argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1)
|
argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1)
|
||||||
elif any(argv[i].startswith(_) for _ in ("--tamper", "--ignore-code", "--skip")):
|
elif any(argv[i].startswith(_) for _ in ("--tamper", "--ignore-code", "--skip")):
|
||||||
|
|
|
@ -87,12 +87,12 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
|
||||||
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
|
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
|
||||||
|
|
||||||
# HTTP Authentication type. Useful only if the target URL requires
|
# HTTP Authentication type. Useful only if the target URL requires
|
||||||
# HTTP Basic, Digest or NTLM authentication and you have such data.
|
# HTTP Basic, Digest, Bearer or NTLM authentication and you have such data.
|
||||||
# Valid: Basic, Digest, NTLM or PKI
|
# Valid: Basic, Digest, Bearer, NTLM or PKI
|
||||||
authType =
|
authType =
|
||||||
|
|
||||||
# HTTP authentication credentials. Useful only if the target URL requires
|
# HTTP authentication credentials. Useful only if the target URL requires
|
||||||
# HTTP Basic, Digest or NTLM authentication and you have such data.
|
# HTTP Basic, Digest, Token or NTLM authentication and you have such data.
|
||||||
# Syntax: username:password
|
# Syntax: username:password
|
||||||
authCred =
|
authCred =
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user