sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Patch for an Issue #1434

Browse Source
This commit is contained in:
Miroslav Stampar 2015-09-27 15:59:17 +02:00
parent 38541b021a
commit 5ed106ecea
6 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/dicts.py
View File

@ -223,6 +223,7 @@ DEPRECATED_OPTIONS = {
"--replicate": "use '--dump-format=SQLITE' instead",
"--no-unescape": "use '--no-escape' instead",
"--binary": "use '--binary-fields' instead",
"--auth-private": "use '--auth-file' instead",
"--check-payload": None,
"--check-waf": None,
}

10
lib/core/option.py
View File

@ -1264,13 +1264,13 @@ def _setHTTPAuthentication():
global authHandler
if not conf.authType and not conf.authCred and not conf.authPrivate:
if not conf.authType and not conf.authCred and not conf.authFile:
return
if conf.authPrivate and not conf.authType:
if conf.authFile and not conf.authType:
conf.authType = AUTH_TYPE.PKI
elif conf.authType and not conf.authCred and not conf.authPrivate:
elif conf.authType and not conf.authCred and not conf.authFile:
errMsg = "you specified the HTTP authentication type, but "
errMsg += "did not provide the credentials"
raise SqlmapSyntaxException(errMsg)
@ -1285,7 +1285,7 @@ def _setHTTPAuthentication():
errMsg += "Basic, Digest, NTLM or PKI"
raise SqlmapSyntaxException(errMsg)
if not conf.authPrivate:
if not conf.authFile:
debugMsg = "setting the HTTP authentication type and credentials"
logger.debug(debugMsg)
@ -1336,7 +1336,7 @@ def _setHTTPAuthentication():
debugMsg = "setting the HTTP(s) authentication PEM private key"
logger.debug(debugMsg)
_ = safeExpandUser(conf.authPrivate)
_ = safeExpandUser(conf.authFile)
checkFile(_)
authHandler = HTTPSPKIAuthHandler(_)

2
lib/core/optiondict.py
View File

@ -37,7 +37,7 @@ optDict = {
"headers": "string",
"authType": "string",
"authCred": "string",
"authPrivate": "string",
"authFile": "string",
"proxy": "string",
"proxyCred": "string",
"proxyFile": "string",

4
lib/parse/cmdline.py
View File

@ -144,8 +144,8 @@ def cmdLineParser(argv=None):
help="HTTP authentication credentials "
"(name:password)")
request.add_option("--auth-private", dest="authPrivate",
help="HTTP authentication PEM private key file")
request.add_option("--auth-file", dest="authFile",
help="HTTP authentication PEM cert/private key file")
request.add_option("--ignore-401", dest="ignore401", action="store_true",
help="Ignore HTTP Error 401 (Unauthorized)")

7
lib/request/pkihandler.py
View File

@ -11,12 +11,13 @@ import urllib2
from lib.core.data import conf
class HTTPSPKIAuthHandler(urllib2.HTTPSHandler):
def __init__(self, key_file):
def __init__(self, auth_file):
urllib2.HTTPSHandler.__init__(self)
self.key_file = key_file
self.auth_file = auth_file
def https_open(self, req):
return self.do_open(self.getConnection, req)
def getConnection(self, host, timeout=None):
return httplib.HTTPSConnection(host, key_file=self.key_file, timeout=conf.timeout)
# Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain
return httplib.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout)

4
sqlmap.conf
View File

@ -93,10 +93,10 @@ authType =
# Syntax: username:password
authCred =
# HTTP Authentication PEM private key. Useful only if the target URL requires
# HTTP Authentication PEM private/cert key file. Useful only if the target URL requires
# PKI authentication and you have such data.
# Syntax: key_file
authPrivate =
authFile =
# Use a proxy to connect to the target URL.
# Syntax: (http|https|socks4|socks5)://address:port