Merge 68f44078c5 into e42b63f51c

lib/core/option.py

@@ -331,7 +331,12 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                 elif not scheme and port == "443":
                     scheme = "https"
 
-                if conf.forceSSL:
+                hostPattern=host.replace(".","\.")
+                if (conf.forceSSL or re.search(r"host:[^\n\r]*%s:%s[\s\S]*referer:[^\n\r]*https://%s:%s.*" %
+                                              (hostPattern, port, hostPattern, port), request, re.I)
+                or (port != "80"
+                    and re.search(r"host:[^\n\r]*%s:%s[\s\S]*referer:[^\n\r]*https://.*cdn.*" %
+                                  (hostPattern, port), request, re.I))):
                     scheme = "https"
                     port = port or "443"
 

lib/request/connect.py

@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+# -*- coding: utf-8 -*-
 
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
@@ -596,8 +597,11 @@ class Connect(object):
                 raise SqlmapConnectionException(errMsg)
             elif ex.code == httplib.NOT_FOUND:
                 if raise404:
-                    errMsg = "page not found (%d)" % code
+                    if re.search(r"(not found)|(404)|(页面不存在)|(未找到页面)",page,re.I):
-                    raise SqlmapConnectionException(errMsg)
+                        # If both code=404 and page content has 404's features,then url is 404 url
+                        # If not as upon,only code=404 can not determin the url is 404 url,because waf always return 404 code
+                        errMsg = "page not found (%d)" % code
+                        raise SqlmapConnectionException(errMsg)
                 else:
                     debugMsg = "page not found (%d)" % code
                     singleTimeLogMessage(debugMsg, logging.DEBUG)