Patch for an Issue #1434

This commit is contained in:
Miroslav Stampar 2015-09-27 15:59:17 +02:00
parent 38541b021a
commit 5ed106ecea
6 changed files with 15 additions and 13 deletions

View File

@ -223,6 +223,7 @@ DEPRECATED_OPTIONS = {
"--replicate": "use '--dump-format=SQLITE' instead", "--replicate": "use '--dump-format=SQLITE' instead",
"--no-unescape": "use '--no-escape' instead", "--no-unescape": "use '--no-escape' instead",
"--binary": "use '--binary-fields' instead", "--binary": "use '--binary-fields' instead",
"--auth-private": "use '--auth-file' instead",
"--check-payload": None, "--check-payload": None,
"--check-waf": None, "--check-waf": None,
} }

View File

@ -1264,13 +1264,13 @@ def _setHTTPAuthentication():
global authHandler global authHandler
if not conf.authType and not conf.authCred and not conf.authPrivate: if not conf.authType and not conf.authCred and not conf.authFile:
return return
if conf.authPrivate and not conf.authType: if conf.authFile and not conf.authType:
conf.authType = AUTH_TYPE.PKI conf.authType = AUTH_TYPE.PKI
elif conf.authType and not conf.authCred and not conf.authPrivate: elif conf.authType and not conf.authCred and not conf.authFile:
errMsg = "you specified the HTTP authentication type, but " errMsg = "you specified the HTTP authentication type, but "
errMsg += "did not provide the credentials" errMsg += "did not provide the credentials"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
@ -1285,7 +1285,7 @@ def _setHTTPAuthentication():
errMsg += "Basic, Digest, NTLM or PKI" errMsg += "Basic, Digest, NTLM or PKI"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
if not conf.authPrivate: if not conf.authFile:
debugMsg = "setting the HTTP authentication type and credentials" debugMsg = "setting the HTTP authentication type and credentials"
logger.debug(debugMsg) logger.debug(debugMsg)
@ -1336,7 +1336,7 @@ def _setHTTPAuthentication():
debugMsg = "setting the HTTP(s) authentication PEM private key" debugMsg = "setting the HTTP(s) authentication PEM private key"
logger.debug(debugMsg) logger.debug(debugMsg)
_ = safeExpandUser(conf.authPrivate) _ = safeExpandUser(conf.authFile)
checkFile(_) checkFile(_)
authHandler = HTTPSPKIAuthHandler(_) authHandler = HTTPSPKIAuthHandler(_)

View File

@ -37,7 +37,7 @@ optDict = {
"headers": "string", "headers": "string",
"authType": "string", "authType": "string",
"authCred": "string", "authCred": "string",
"authPrivate": "string", "authFile": "string",
"proxy": "string", "proxy": "string",
"proxyCred": "string", "proxyCred": "string",
"proxyFile": "string", "proxyFile": "string",

View File

@ -144,8 +144,8 @@ def cmdLineParser(argv=None):
help="HTTP authentication credentials " help="HTTP authentication credentials "
"(name:password)") "(name:password)")
request.add_option("--auth-private", dest="authPrivate", request.add_option("--auth-file", dest="authFile",
help="HTTP authentication PEM private key file") help="HTTP authentication PEM cert/private key file")
request.add_option("--ignore-401", dest="ignore401", action="store_true", request.add_option("--ignore-401", dest="ignore401", action="store_true",
help="Ignore HTTP Error 401 (Unauthorized)") help="Ignore HTTP Error 401 (Unauthorized)")

View File

@ -11,12 +11,13 @@ import urllib2
from lib.core.data import conf from lib.core.data import conf
class HTTPSPKIAuthHandler(urllib2.HTTPSHandler): class HTTPSPKIAuthHandler(urllib2.HTTPSHandler):
def __init__(self, key_file): def __init__(self, auth_file):
urllib2.HTTPSHandler.__init__(self) urllib2.HTTPSHandler.__init__(self)
self.key_file = key_file self.auth_file = auth_file
def https_open(self, req): def https_open(self, req):
return self.do_open(self.getConnection, req) return self.do_open(self.getConnection, req)
def getConnection(self, host, timeout=None): def getConnection(self, host, timeout=None):
return httplib.HTTPSConnection(host, key_file=self.key_file, timeout=conf.timeout) # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain
return httplib.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout)

View File

@ -93,10 +93,10 @@ authType =
# Syntax: username:password # Syntax: username:password
authCred = authCred =
# HTTP Authentication PEM private key. Useful only if the target URL requires # HTTP Authentication PEM private/cert key file. Useful only if the target URL requires
# PKI authentication and you have such data. # PKI authentication and you have such data.
# Syntax: key_file # Syntax: key_file
authPrivate = authFile =
# Use a proxy to connect to the target URL. # Use a proxy to connect to the target URL.
# Syntax: (http|https|socks4|socks5)://address:port # Syntax: (http|https|socks4|socks5)://address:port