From 466df89c4a6fe4ad5c71e67f8a374cf0891206be Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Tue, 16 Mar 2010 14:30:57 +0000 Subject: [PATCH] Fixes #178 and #179 - proper handling of custom redirects --- lib/controller/controller.py | 3 +-- lib/core/option.py | 1 + lib/request/connect.py | 23 ++++++++++++++++++----- lib/request/redirecthandler.py | 18 ++++++++---------- 4 files changed, 28 insertions(+), 17 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index cca867e7e..6e59f5f38 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -237,7 +237,6 @@ def start(): else: raise sqlmapNotVulnerableException, "all parameters are not injectable" - return if injDataSelected == "Quit": return @@ -246,7 +245,7 @@ def start(): kb.injPlace, kb.injParameter, kb.injType = injDataSelected setInjection() - elif kb.injPlace and kb.injParameter and kb.injType: + if kb.injPlace and kb.injParameter and kb.injType: if conf.multipleTargets: message = "do you want to exploit this SQL injection? [Y/n] " exploit = readInput(message, default="Y") diff --git a/lib/core/option.py b/lib/core/option.py index f3182cdb9..694a2154c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -957,6 +957,7 @@ def __setConfAttributes(): conf.path = None conf.port = None conf.progressWidth = 54 + conf.redirectHandled = False conf.retriesCount = 0 conf.scheme = None #conf.seqMatcher = difflib.SequenceMatcher(lambda x: x in " \t") diff --git a/lib/request/connect.py b/lib/request/connect.py index 3742bf521..efe549579 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -31,6 +31,7 @@ import urlparse import traceback from lib.contrib import multipartpost +from lib.core.common import readInput from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb @@ -125,12 +126,24 @@ class Connect: req = urllib2.Request(url, post, headers) conn = urllib2.urlopen(req) - if hasattr(conn, "redurl"): - infoMsg = "connection redirected, going to use " - infoMsg += "%s as target address" % conn.redurl - logger.info(infoMsg) + if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled: + msg = "sqlmap got a %d redirect to " % conn.redcode + msg += "%s - What target address do you " % conn.redurl + msg += "want to use from now on? %s " % conf.url + msg += "(default) or provide another target address based " + msg += "also on the redirection got from the application\n" - conf.url = conn.redurl + while True: + choice = readInput(msg, default="1") + + if not choice or choice == "1": + pass + else: + conf.url = choice + + break + + conf.redirectHandled = True return Connect.__getPageProxy(**kwargs) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index e775b58f0..c0ba766f0 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -25,22 +25,20 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import urllib2 class SmartRedirectHandler(urllib2.HTTPRedirectHandler): - def http_error_301(self, req, fp, code, msg, headers): - result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers) - + def common_http_redirect(self, result, headers, code): if "location" in headers: result.redurl = headers.getheaders("location")[0].split("?")[0] elif "uri" in headers: result.redurl = headers.getheaders("uri")[0].split("?")[0] + result.redcode = code + return result + def http_error_301(self, req, fp, code, msg, headers): + result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers) + return self.common_http_redirect(result, headers, code) + def http_error_302(self, req, fp, code, msg, headers): result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers) - - if "location" in headers: - result.redurl = headers.getheaders("location")[0].split("?")[0] - elif "uri" in headers: - result.redurl = headers.getheaders("uri")[0].split("?")[0] - - return result + return self.common_http_redirect(result, headers, code)