From 557da5dee44f3703d007a4d97d950c1210a72b5c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 27 Mar 2019 15:16:23 +0100 Subject: [PATCH] Bug fix (SOCKS4 patch) --- lib/core/option.py | 4 ++++ lib/core/settings.py | 2 +- thirdparty/socks/socks.py | 6 +++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index d1abc9142..3c331d3d6 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1089,6 +1089,10 @@ def _setHTTPHandlers(): if scheme in (PROXY_TYPE.SOCKS4, PROXY_TYPE.SOCKS5): proxyHandler.proxies = {} + if scheme == PROXY_TYPE.SOCKS4: + warnMsg = "SOCKS4 does not support resolving (DNS) names (i.e. causing DNS leakage)" + singleTimeWarnMessage(warnMsg) + socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password) socks.wrapmodule(_http_client) else: diff --git a/lib/core/settings.py b/lib/core/settings.py index 5d9f5fc48..7f16089a8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.3.57" +VERSION = "1.3.3.58" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/socks/socks.py b/thirdparty/socks/socks.py index 5924aaae8..ac6569dc9 100644 --- a/thirdparty/socks/socks.py +++ b/thirdparty/socks/socks.py @@ -109,7 +109,11 @@ def wrapmodule(module): """ if _defaultproxy != None: module.socket.socket = socksocket - module.socket.create_connection = create_connection + if _defaultproxy[0] == PROXY_TYPE_SOCKS4: + # Note: unable to prevent DNS leakage in SOCKS4 (Reference: https://security.stackexchange.com/a/171280) + pass + else: + module.socket.create_connection = create_connection else: raise GeneralProxyError((4, "no proxy specified"))