sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update regarding #4142 (--auth-type bearer)

Browse Source
This commit is contained in:
Miroslav Stampar 2021-03-11 20:41:05 +01:00
parent 40e4422bbd
commit 38c341076d
5 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/enums.py
View File

@ -402,6 +402,7 @@ class CONTENT_STATUS(object):
class AUTH_TYPE(object): class AUTH_TYPE(object):
BASIC = "basic" BASIC = "basic"
DIGEST = "digest" DIGEST = "digest"
BEARER = "bearer"
NTLM = "ntlm" NTLM = "ntlm"
PKI = "pki" PKI = "pki"

9
lib/core/option.py
View File

@ -1310,7 +1310,7 @@ def _setAuthCred():
def _setHTTPAuthentication(): def _setHTTPAuthentication():
""" """
Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or PKI), Check and set the HTTP(s) authentication method (Basic, Digest, Bearer, NTLM or PKI),
username and password for first three methods, or PEM private key file for username and password for first three methods, or PEM private key file for
PKI authentication PKI authentication
""" """
@ -1333,9 +1333,9 @@ def _setHTTPAuthentication():
errMsg += "but did not provide the type (e.g. --auth-type=\"basic\")" errMsg += "but did not provide the type (e.g. --auth-type=\"basic\")"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.PKI): elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.BEARER, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
errMsg = "HTTP authentication type value must be " errMsg = "HTTP authentication type value must be "
errMsg += "Basic, Digest, NTLM or PKI" errMsg += "Basic, Digest, Bearer, NTLM or PKI"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
if not conf.authFile: if not conf.authFile:
@ -1348,6 +1348,9 @@ def _setHTTPAuthentication():
regExp = "^(.*?):(.*?)$" regExp = "^(.*?):(.*?)$"
errMsg = "HTTP %s authentication credentials " % authType errMsg = "HTTP %s authentication credentials " % authType
errMsg += "value must be in format 'username:password'" errMsg += "value must be in format 'username:password'"
elif authType == AUTH_TYPE.BEARER:
conf.httpHeaders.append((HTTP_HEADER.AUTHORIZATION, "Bearer %s" % conf.authCred.strip()))
return
elif authType == AUTH_TYPE.NTLM: elif authType == AUTH_TYPE.NTLM:
regExp = "^(.*\\\\.*):(.*?)$" regExp = "^(.*\\\\.*):(.*?)$"
errMsg = "HTTP NTLM authentication credentials value must " errMsg = "HTTP NTLM authentication credentials value must "

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.5.3.12" VERSION = "1.5.3.13"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

4
lib/parse/cmdline.py
View File

@ -193,7 +193,7 @@ def cmdLineParser(argv=None):
help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")") help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
request.add_argument("--auth-type", dest="authType", request.add_argument("--auth-type", dest="authType",
help="HTTP authentication type (Basic, Digest, NTLM or PKI)") help="HTTP authentication type (Basic, Digest, Bearer, ...)")
request.add_argument("--auth-cred", dest="authCred", request.add_argument("--auth-cred", dest="authCred",
help="HTTP authentication credentials (name:password)") help="HTTP authentication credentials (name:password)")
@ -976,6 +976,8 @@ def cmdLineParser(argv=None):
argv[i] = "" argv[i] = ""
elif argv[i].startswith("--data-raw"): elif argv[i].startswith("--data-raw"):
argv[i] = argv[i].replace("--data-raw", "--data", 1) argv[i] = argv[i].replace("--data-raw", "--data", 1)
elif argv[i].startswith("--auth-creds"):
argv[i] = argv[i].replace("--auth-creds", "--auth-cred", 1)
elif argv[i].startswith("--drop-cookie"): elif argv[i].startswith("--drop-cookie"):
argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1) argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1)
elif any(argv[i].startswith(_) for _ in ("--tamper", "--ignore-code", "--skip")): elif any(argv[i].startswith(_) for _ in ("--tamper", "--ignore-code", "--skip")):

6
sqlmap.conf
View File

@ -87,12 +87,12 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
# HTTP Authentication type. Useful only if the target URL requires # HTTP Authentication type. Useful only if the target URL requires
# HTTP Basic, Digest or NTLM authentication and you have such data. # HTTP Basic, Digest, Bearer or NTLM authentication and you have such data.
# Valid: Basic, Digest, NTLM or PKI # Valid: Basic, Digest, Bearer, NTLM or PKI
authType = authType =
# HTTP authentication credentials. Useful only if the target URL requires # HTTP authentication credentials. Useful only if the target URL requires
# HTTP Basic, Digest or NTLM authentication and you have such data. # HTTP Basic, Digest, Token or NTLM authentication and you have such data.
# Syntax: username:password # Syntax: username:password
authCred = authCred =