From 7ce5b3a1d7f4ea10af4282ee5083e8d66a272100 Mon Sep 17 00:00:00 2001 From: 3xp10it <3xp10it@users.noreply.github.com> Date: Sun, 20 Aug 2017 16:34:35 +0800 Subject: [PATCH 1/4] code=404 handle modify --- lib/request/connect.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/request/connect.py b/lib/request/connect.py index aa2a1cc55..f4341fbb3 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- """ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) @@ -596,8 +597,11 @@ class Connect(object): raise SqlmapConnectionException(errMsg) elif ex.code == httplib.NOT_FOUND: if raise404: - errMsg = "page not found (%d)" % code - raise SqlmapConnectionException(errMsg) + if re.search(r"(not found)|(404)|(页面不存在)",page,re.I): + # If both code=404 and page content has 404's features,then url is 404 url + # If not as upon,only code=404 can not determin the url is 404 url,because waf always return 404 code + errMsg = "page not found (%d)" % code + raise SqlmapConnectionException(errMsg) else: debugMsg = "page not found (%d)" % code singleTimeLogMessage(debugMsg, logging.DEBUG) From 20daabdfc808e4bb5103be98e7ad975142772dca Mon Sep 17 00:00:00 2001 From: 3xp10it <3xp10it@users.noreply.github.com> Date: Mon, 21 Aug 2017 10:08:29 +0800 Subject: [PATCH 2/4] Update connect.py --- lib/request/connect.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/request/connect.py b/lib/request/connect.py index f4341fbb3..5f6c95d85 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -597,7 +597,7 @@ class Connect(object): raise SqlmapConnectionException(errMsg) elif ex.code == httplib.NOT_FOUND: if raise404: - if re.search(r"(not found)|(404)|(页面不存在)",page,re.I): + if re.search(r"(not found)|(404)|(页面不存在)|(未找到页面)",page,re.I): # If both code=404 and page content has 404's features,then url is 404 url # If not as upon,only code=404 can not determin the url is 404 url,because waf always return 404 code errMsg = "page not found (%d)" % code From 76cc25d4708ab4266f8944fd847880d01fcb9147 Mon Sep 17 00:00:00 2001 From: 3xp10it Date: Wed, 23 Aug 2017 14:15:02 +0800 Subject: [PATCH 3/4] up --- lib/core/option.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/core/option.py b/lib/core/option.py index 567e12ef9..de968e993 100755 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -331,7 +331,12 @@ def _feedTargetsDict(reqFile, addedTargetUrls): elif not scheme and port == "443": scheme = "https" - if conf.forceSSL: + hostPattern=host.replace(".","\.") + if (conf.forceSSL or re.search(r"host:[^\n\r]*%s:%s[\s\S]*referer:[^\n\r]*https://%s:%s.*" % + (hostPattern, port, hostPattern, port), request, re.I) + or (port != 80 + and re.search(r"host:[^\n\r]*%s:%s[\s\S]*referer:[^\n\r]*https://.*cdn.*" % + (hostPattern, port), request, re.I))): scheme = "https" port = port or "443" From 68f44078c5a77120209d74dca45c4ffab52a2c9e Mon Sep 17 00:00:00 2001 From: 3xp10it <3xp10it@users.noreply.github.com> Date: Wed, 23 Aug 2017 15:52:24 +0800 Subject: [PATCH 4/4] Update option.py --- lib/core/option.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/option.py b/lib/core/option.py index de968e993..815fa0d02 100755 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -334,7 +334,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls): hostPattern=host.replace(".","\.") if (conf.forceSSL or re.search(r"host:[^\n\r]*%s:%s[\s\S]*referer:[^\n\r]*https://%s:%s.*" % (hostPattern, port, hostPattern, port), request, re.I) - or (port != 80 + or (port != "80" and re.search(r"host:[^\n\r]*%s:%s[\s\S]*referer:[^\n\r]*https://.*cdn.*" % (hostPattern, port), request, re.I))): scheme = "https"