diff --git a/lib/core/option.py b/lib/core/option.py index 567e12ef9..815fa0d02 100755 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -331,7 +331,12 @@ def _feedTargetsDict(reqFile, addedTargetUrls): elif not scheme and port == "443": scheme = "https" - if conf.forceSSL: + hostPattern=host.replace(".","\.") + if (conf.forceSSL or re.search(r"host:[^\n\r]*%s:%s[\s\S]*referer:[^\n\r]*https://%s:%s.*" % + (hostPattern, port, hostPattern, port), request, re.I) + or (port != "80" + and re.search(r"host:[^\n\r]*%s:%s[\s\S]*referer:[^\n\r]*https://.*cdn.*" % + (hostPattern, port), request, re.I))): scheme = "https" port = port or "443" diff --git a/lib/request/connect.py b/lib/request/connect.py index a11be105f..e63a1c82a 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- """ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) @@ -596,8 +597,11 @@ class Connect(object): raise SqlmapConnectionException(errMsg) elif ex.code == httplib.NOT_FOUND: if raise404: - errMsg = "page not found (%d)" % code - raise SqlmapConnectionException(errMsg) + if re.search(r"(not found)|(404)|(页面不存在)|(未找到页面)",page,re.I): + # If both code=404 and page content has 404's features,then url is 404 url + # If not as upon,only code=404 can not determin the url is 404 url,because waf always return 404 code + errMsg = "page not found (%d)" % code + raise SqlmapConnectionException(errMsg) else: debugMsg = "page not found (%d)" % code singleTimeLogMessage(debugMsg, logging.DEBUG)