diff --git a/lib/core/option.py b/lib/core/option.py index 652f6ea09..4dbe37ac1 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -155,6 +155,7 @@ from lib.utils.deps import checkDependencies from lib.utils.search import search from lib.utils.purge import purge from thirdparty.keepalive import keepalive +from thirdparty.multipart import multipartpost from thirdparty.oset.pyoset import oset from thirdparty.socks import socks from xml.etree.ElementTree import ElementTree @@ -165,6 +166,7 @@ keepAliveHandler = keepalive.HTTPHandler() proxyHandler = urllib2.ProxyHandler() redirectHandler = SmartRedirectHandler() rangeHandler = HTTPRangeHandler() +multipartPostHandler = multipartpost.MultipartPostHandler() def _feedTargetsDict(reqFile, addedTargetUrls): """ @@ -1164,7 +1166,7 @@ def _setHTTPHandlers(): debugMsg = "creating HTTP requests opener object" logger.debug(debugMsg) - handlers = filter(None, [proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, httpsHandler]) + handlers = filter(None, [multipartPostHandler, proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, httpsHandler]) if not conf.dropSetCookie: if not conf.loadCookies: diff --git a/lib/core/settings.py b/lib/core/settings.py index a24c60088..0610966d7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.8.24" +VERSION = "1.0.9.0" REVISION = getRevisionNumber() TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} diff --git a/lib/request/connect.py b/lib/request/connect.py index e64b6b281..91b852f15 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -110,7 +110,6 @@ from lib.request.basic import processResponse from lib.request.direct import direct from lib.request.comparison import comparison from lib.request.methodrequest import MethodRequest -from thirdparty.multipart import multipartpost from thirdparty.odict.odict import OrderedDict from thirdparty.socks.socks import ProxyError @@ -242,7 +241,7 @@ class Connect(object): referer = kwargs.get("referer", None) or conf.referer host = kwargs.get("host", None) or conf.host direct_ = kwargs.get("direct", False) - multipart = kwargs.get("multipart", False) + multipart = kwargs.get("multipart", None) silent = kwargs.get("silent", False) raise404 = kwargs.get("raise404", True) timeout = kwargs.get("timeout", None) or conf.timeout @@ -254,6 +253,9 @@ class Connect(object): crawling = kwargs.get("crawling", False) skipRead = kwargs.get("skipRead", False) + if multipart: + post = multipart + websocket_ = url.lower().startswith("ws") if not urlparse.urlsplit(url).netloc: @@ -298,20 +300,6 @@ class Connect(object): params = urlencode(params) url = "%s?%s" % (url, params) - elif multipart: - # Needed in this form because of potential circle dependency - # problem (option -> update -> connect -> option) - from lib.core.option import proxyHandler - - multipartOpener = urllib2.build_opener(proxyHandler, multipartpost.MultipartPostHandler) - conn = multipartOpener.open(unicodeencode(url), multipart) - page = Connect._connReadProxy(conn) if not skipRead else None - responseHeaders = conn.info() - responseHeaders[URI_HTTP_HEADER] = conn.geturl() - page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE)) - - return page - elif any((refreshing, crawling)): pass @@ -364,7 +352,7 @@ class Connect(object): if not getHeader(headers, HTTP_HEADER.ACCEPT_ENCODING): headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity" - if post is not None and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE): + if post is not None and not multipart and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE): headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE) if headers.get(HTTP_HEADER.CONTENT_TYPE) == POST_HINT_CONTENT_TYPES[POST_HINT.MULTIPART]: @@ -455,9 +443,10 @@ class Connect(object): requestMsg += "\n" - threadData.lastRequestMsg = requestMsg + if not multipart: + threadData.lastRequestMsg = requestMsg - logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg) + logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg) if conf.cj: for cookie in conf.cj: @@ -578,7 +567,8 @@ class Connect(object): elif conf.verbose > 5: responseMsg += "%s\n\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]) - logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) + if not multipart: + logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) if ex.code == httplib.UNAUTHORIZED and not conf.ignore401: errMsg = "not authorized, try to provide right HTTP " @@ -711,7 +701,8 @@ class Connect(object): elif conf.verbose > 5: responseMsg += "%s\n\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]) - logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) + if not multipart: + logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) return page, responseHeaders, code diff --git a/thirdparty/multipart/multipartpost.py b/thirdparty/multipart/multipartpost.py index 07a6e4e71..6d8eb87d6 100644 --- a/thirdparty/multipart/multipartpost.py +++ b/thirdparty/multipart/multipartpost.py @@ -47,13 +47,13 @@ class MultipartPostHandler(urllib2.BaseHandler): def http_request(self, request): data = request.get_data() - if data is not None and type(data) != str: + if isinstance(data, dict): v_files = [] v_vars = [] try: for(key, value) in data.items(): - if isinstance(value, file) or hasattr(value, 'file') or isinstance(value, StringIO.StringIO): + if isinstance(value, file) or hasattr(value, "file") or isinstance(value, StringIO.StringIO): v_files.append((key, value)) else: v_vars.append((key, value)) @@ -65,10 +65,10 @@ class MultipartPostHandler(urllib2.BaseHandler): data = urllib.urlencode(v_vars, doseq) else: boundary, data = self.multipart_encode(v_vars, v_files) - contenttype = 'multipart/form-data; boundary=%s' % boundary - #if (request.has_header('Content-Type') and request.get_header('Content-Type').find('multipart/form-data') != 0): - # print "Replacing %s with %s" % (request.get_header('content-type'), 'multipart/form-data') - request.add_unredirected_header('Content-Type', contenttype) + contenttype = "multipart/form-data; boundary=%s" % boundary + #if (request.has_header("Content-Type") and request.get_header("Content-Type").find("multipart/form-data") != 0): + # print "Replacing %s with %s" % (request.get_header("content-type"), "multipart/form-data") + request.add_unredirected_header("Content-Type", contenttype) request.add_data(data) return request @@ -78,32 +78,32 @@ class MultipartPostHandler(urllib2.BaseHandler): boundary = mimetools.choose_boundary() if buf is None: - buf = '' + buf = "" for (key, value) in vars: if key is not None and value is not None: - buf += '--%s\r\n' % boundary - buf += 'Content-Disposition: form-data; name="%s"' % key - buf += '\r\n\r\n' + value + '\r\n' + buf += "--%s\r\n" % boundary + buf += "Content-Disposition: form-data; name=\"%s\"" % key + buf += "\r\n\r\n" + value + "\r\n" for (key, fd) in files: file_size = os.fstat(fd.fileno())[stat.ST_SIZE] if isinstance(fd, file) else fd.len - filename = fd.name.split('/')[-1] if '/' in fd.name else fd.name.split('\\')[-1] + filename = fd.name.split("/")[-1] if "/" in fd.name else fd.name.split("\\")[-1] try: - contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream' + contenttype = mimetypes.guess_type(filename)[0] or "application/octet-stream" except: # Reference: http://bugs.python.org/issue9291 - contenttype = 'application/octet-stream' - buf += '--%s\r\n' % boundary - buf += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename) - buf += 'Content-Type: %s\r\n' % contenttype - # buf += 'Content-Length: %s\r\n' % file_size + contenttype = "application/octet-stream" + buf += "--%s\r\n" % boundary + buf += "Content-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\n" % (key, filename) + buf += "Content-Type: %s\r\n" % contenttype + # buf += "Content-Length: %s\r\n" % file_size fd.seek(0) buf = str(buf) if not isinstance(buf, unicode) else buf.encode("utf8") - buf += '\r\n%s\r\n' % fd.read() + buf += "\r\n%s\r\n" % fd.read() - buf += '--%s--\r\n\r\n' % boundary + buf += "--%s--\r\n\r\n" % boundary return boundary, buf diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 302bfb152..589a5ebd2 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -39,13 +39,13 @@ e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py 91c514013daa796e2cdd940389354eac lib/core/log.py b9779615206791e6ebbaa84947842b49 lib/core/optiondict.py -85b144015724e1961e6c9ea1a42b329a lib/core/option.py +57109386dcff87507201f14a5821fd41 lib/core/option.py 1e8948dddbd12def5c2af52530738059 lib/core/profiling.py e60456db5380840a586654344003d4e6 lib/core/readlineng.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py -c523de8745fb88545bbbbd7cee1d0b2f lib/core/settings.py +dd9d9aa60d7b2ba844189b90285c45cd lib/core/settings.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py 0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py @@ -68,7 +68,7 @@ b40a4c5d91770d347df36d3065b63798 lib/parse/sitemap.py 9299f21804033f099681525bb9bf51c0 lib/request/basicauthhandler.py a3e83cfe7e6825fb1b70951ad290d2ae lib/request/basic.py 97fb6323bfb5f941b27cbdb00f9078e1 lib/request/comparison.py -72a0e7bb1010bb39c6538dbc77eae180 lib/request/connect.py +8bc040159a145a1dfdf8a3fe76a0adbc lib/request/connect.py 49b4c583af68689de5f9acb162de2939 lib/request/direct.py 1a46f7bb26b23ec0c0d9d9c95828241b lib/request/dns.py 70ceefe39980611494d4f99afb96f652 lib/request/httpshandler.py @@ -329,7 +329,7 @@ e0c6a936506bffeed53ce106ec15942d thirdparty/keepalive/keepalive.py d41d8cd98f00b204e9800998ecf8427e thirdparty/magic/__init__.py 49f0d123e044dd32a452e2fe51f1a9c3 thirdparty/magic/magic.py d41d8cd98f00b204e9800998ecf8427e thirdparty/multipart/__init__.py -fd52df5770ee286a7c186fdd2ccc4e0c thirdparty/multipart/multipartpost.py +03c8abc17b228e59bcfda1f11a9137e0 thirdparty/multipart/multipartpost.py 3e502b04f3849afbb7f0e13b5fd2b5c1 thirdparty/odict/__init__.py 127fe54fdb9b13fdac93c8fc9c9cad5e thirdparty/odict/odict.py 08801ea0ba9ae22885275ef65d3ee9dc thirdparty/oset/_abc.py