mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Patch for an Issue #1434
This commit is contained in:
parent
38541b021a
commit
5ed106ecea
|
@ -223,6 +223,7 @@ DEPRECATED_OPTIONS = {
|
|||
"--replicate": "use '--dump-format=SQLITE' instead",
|
||||
"--no-unescape": "use '--no-escape' instead",
|
||||
"--binary": "use '--binary-fields' instead",
|
||||
"--auth-private": "use '--auth-file' instead",
|
||||
"--check-payload": None,
|
||||
"--check-waf": None,
|
||||
}
|
||||
|
|
|
@ -1264,13 +1264,13 @@ def _setHTTPAuthentication():
|
|||
|
||||
global authHandler
|
||||
|
||||
if not conf.authType and not conf.authCred and not conf.authPrivate:
|
||||
if not conf.authType and not conf.authCred and not conf.authFile:
|
||||
return
|
||||
|
||||
if conf.authPrivate and not conf.authType:
|
||||
if conf.authFile and not conf.authType:
|
||||
conf.authType = AUTH_TYPE.PKI
|
||||
|
||||
elif conf.authType and not conf.authCred and not conf.authPrivate:
|
||||
elif conf.authType and not conf.authCred and not conf.authFile:
|
||||
errMsg = "you specified the HTTP authentication type, but "
|
||||
errMsg += "did not provide the credentials"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
@ -1285,7 +1285,7 @@ def _setHTTPAuthentication():
|
|||
errMsg += "Basic, Digest, NTLM or PKI"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
if not conf.authPrivate:
|
||||
if not conf.authFile:
|
||||
debugMsg = "setting the HTTP authentication type and credentials"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
|
@ -1336,7 +1336,7 @@ def _setHTTPAuthentication():
|
|||
debugMsg = "setting the HTTP(s) authentication PEM private key"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
_ = safeExpandUser(conf.authPrivate)
|
||||
_ = safeExpandUser(conf.authFile)
|
||||
checkFile(_)
|
||||
authHandler = HTTPSPKIAuthHandler(_)
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@ optDict = {
|
|||
"headers": "string",
|
||||
"authType": "string",
|
||||
"authCred": "string",
|
||||
"authPrivate": "string",
|
||||
"authFile": "string",
|
||||
"proxy": "string",
|
||||
"proxyCred": "string",
|
||||
"proxyFile": "string",
|
||||
|
|
|
@ -144,8 +144,8 @@ def cmdLineParser(argv=None):
|
|||
help="HTTP authentication credentials "
|
||||
"(name:password)")
|
||||
|
||||
request.add_option("--auth-private", dest="authPrivate",
|
||||
help="HTTP authentication PEM private key file")
|
||||
request.add_option("--auth-file", dest="authFile",
|
||||
help="HTTP authentication PEM cert/private key file")
|
||||
|
||||
request.add_option("--ignore-401", dest="ignore401", action="store_true",
|
||||
help="Ignore HTTP Error 401 (Unauthorized)")
|
||||
|
|
|
@ -11,12 +11,13 @@ import urllib2
|
|||
from lib.core.data import conf
|
||||
|
||||
class HTTPSPKIAuthHandler(urllib2.HTTPSHandler):
|
||||
def __init__(self, key_file):
|
||||
def __init__(self, auth_file):
|
||||
urllib2.HTTPSHandler.__init__(self)
|
||||
self.key_file = key_file
|
||||
self.auth_file = auth_file
|
||||
|
||||
def https_open(self, req):
|
||||
return self.do_open(self.getConnection, req)
|
||||
|
||||
def getConnection(self, host, timeout=None):
|
||||
return httplib.HTTPSConnection(host, key_file=self.key_file, timeout=conf.timeout)
|
||||
# Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain
|
||||
return httplib.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout)
|
||||
|
|
|
@ -93,10 +93,10 @@ authType =
|
|||
# Syntax: username:password
|
||||
authCred =
|
||||
|
||||
# HTTP Authentication PEM private key. Useful only if the target URL requires
|
||||
# HTTP Authentication PEM private/cert key file. Useful only if the target URL requires
|
||||
# PKI authentication and you have such data.
|
||||
# Syntax: key_file
|
||||
authPrivate =
|
||||
authFile =
|
||||
|
||||
# Use a proxy to connect to the target URL.
|
||||
# Syntax: (http|https|socks4|socks5)://address:port
|
||||
|
|
Loading…
Reference in New Issue
Block a user