sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

Automating even more switch --tor

Browse Source
This commit is contained in:
Miroslav Stampar 2016-10-10 14:19:44 +02:00
parent 4c05307357
commit 7eab1bcbf9
4 changed files with 49 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/core/common.py
View File

@ -119,6 +119,7 @@ from lib.core.settings import IP_ADDRESS_REGEX
from lib.core.settings import ISSUES_PAGE from lib.core.settings import ISSUES_PAGE
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
from lib.core.settings import LARGE_OUTPUT_THRESHOLD from lib.core.settings import LARGE_OUTPUT_THRESHOLD
from lib.core.settings import LOCALHOST
from lib.core.settings import MIN_ENCODED_LEN_CHECK from lib.core.settings import MIN_ENCODED_LEN_CHECK
from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import MIN_VALID_DELAYED_RESPONSE from lib.core.settings import MIN_VALID_DELAYED_RESPONSE
@ -2400,6 +2401,29 @@ def extractErrorMessage(page):
return retVal return retVal
def findLocalPort(ports):
"""
Find the first opened localhost port from a given list of ports (e.g. for Tor port checks)
"""
retVal = None
for port in ports:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((LOCALHOST, port))
retVal = port
break
except socket.error:
pass
finally:
try:
s.close()
except socket.error:
pass
return retVal
def findMultipartPostBoundary(post): def findMultipartPostBoundary(post):
""" """
Finds value for a boundary parameter in given multipart POST body Finds value for a boundary parameter in given multipart POST body

40
lib/core/option.py
View File

@ -38,6 +38,7 @@ from lib.core.common import getPublicTypeMembers
from lib.core.common import getSafeExString from lib.core.common import getSafeExString
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import filterStringValue from lib.core.common import filterStringValue
from lib.core.common import findLocalPort
from lib.core.common import findPageForms from lib.core.common import findPageForms
from lib.core.common import getConsoleWidth from lib.core.common import getConsoleWidth
from lib.core.common import getFileItems from lib.core.common import getFileItems
@ -108,7 +109,7 @@ from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import DBMS_ALIASES from lib.core.settings import DBMS_ALIASES
from lib.core.settings import DEFAULT_PAGE_ENCODING from lib.core.settings import DEFAULT_PAGE_ENCODING
from lib.core.settings import DEFAULT_TOR_HTTP_PORTS from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
from lib.core.settings import DEFAULT_TOR_SOCKS_PORT from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS
from lib.core.settings import DUMMY_URL from lib.core.settings import DUMMY_URL
from lib.core.settings import IGNORE_SAVE_OPTIONS from lib.core.settings import IGNORE_SAVE_OPTIONS
from lib.core.settings import INJECT_HERE_MARK from lib.core.settings import INJECT_HERE_MARK
@ -2307,28 +2308,14 @@ def _setTorHttpProxySettings():
infoMsg = "setting Tor HTTP proxy settings" infoMsg = "setting Tor HTTP proxy settings"
logger.info(infoMsg) logger.info(infoMsg)
s = None port = findLocalPort(DEFAULT_TOR_HTTP_PORTS if not conf.torPort else (conf.torPort,))
found = None
for port in (DEFAULT_TOR_HTTP_PORTS if not conf.torPort else (conf.torPort,)): if port:
try: conf.proxy = "http://%s:%d" % (LOCALHOST, port)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((LOCALHOST, port))
found = port
break
except socket.error:
pass
if s:
s.close()
if found:
conf.proxy = "http://%s:%d" % (LOCALHOST, found)
else: else:
errMsg = "can't establish connection with the Tor HTTP proxy. " errMsg = "can't establish connection with the Tor HTTP proxy. "
errMsg += "Please make sure that you have Vidalia, Privoxy or " errMsg += "Please make sure that you have Tor (bundle) installed and setup "
errMsg += "Polipo bundle installed for you to be able to " errMsg += "so you could be able to successfully use switch '--tor' "
errMsg += "successfully use switch '--tor' "
raise SqlmapConnectionException(errMsg) raise SqlmapConnectionException(errMsg)
@ -2344,8 +2331,17 @@ def _setTorSocksProxySettings():
infoMsg = "setting Tor SOCKS proxy settings" infoMsg = "setting Tor SOCKS proxy settings"
logger.info(infoMsg) logger.info(infoMsg)
# Has to be SOCKS5 to prevent DNS leaks (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29) port = findLocalPort(DEFAULT_TOR_SOCKS_PORTS if not conf.torPort else (conf.torPort,))
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, conf.torPort or DEFAULT_TOR_SOCKS_PORT)
if not port:
errMsg = "can't establish connection with the Tor SOCKS proxy. "
errMsg += "Please make sure that you have Tor service installed and setup "
errMsg += "so you could be able to successfully use switch '--tor' "
raise SqlmapConnectionException(errMsg)
# SOCKS5 to prevent DNS leaks (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29)
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, port)
socks.wrapmodule(urllib2) socks.wrapmodule(urllib2)
def _checkWebSocket(): def _checkWebSocket():

8
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.10.23" VERSION = "1.0.10.24"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -430,10 +430,10 @@ IGNORE_SAVE_OPTIONS = ("saveConfig",)
# IP address of the localhost # IP address of the localhost
LOCALHOST = "127.0.0.1" LOCALHOST = "127.0.0.1"
# Default port used by Tor # Default SOCKS ports used by Tor
DEFAULT_TOR_SOCKS_PORT = 9050 DEFAULT_TOR_SOCKS_PORTS = (9050, 9150)
# Default ports used in Tor proxy bundles # Default HTTP ports used by Tor
DEFAULT_TOR_HTTP_PORTS = (8123, 8118) DEFAULT_TOR_HTTP_PORTS = (8123, 8118)
# Percentage below which comparison engine could have problems # Percentage below which comparison engine could have problems

6
txt/checksum.md5
View File

@ -26,7 +26,7 @@ f15544a4c9c365ae8f2f8fa2e3a69aa5 lib/controller/checks.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py
04f16204c899438dc7599a9a8426bfee lib/core/agent.py 04f16204c899438dc7599a9a8426bfee lib/core/agent.py
eb0bd28b0bd9fbf67dcc3119116df377 lib/core/bigarray.py eb0bd28b0bd9fbf67dcc3119116df377 lib/core/bigarray.py
c5aebf5a8a28af6290c45d403f4a1ac8 lib/core/common.py 8bf4949483128163a34334207f1b78a7 lib/core/common.py
5680d0c446a3bed5c0f2a0402d031557 lib/core/convert.py 5680d0c446a3bed5c0f2a0402d031557 lib/core/convert.py
e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py
1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py 1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py
@ -39,13 +39,13 @@ e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py
91c514013daa796e2cdd940389354eac lib/core/log.py 91c514013daa796e2cdd940389354eac lib/core/log.py
5b079749c50240602ea92637e268ed31 lib/core/optiondict.py 5b079749c50240602ea92637e268ed31 lib/core/optiondict.py
e430ec19a22443205bba6cd811990bf3 lib/core/option.py b6f8d72812531ae010fc5b9ce4faba51 lib/core/option.py
7af487340c138f7b5dbd443161cbb428 lib/core/profiling.py 7af487340c138f7b5dbd443161cbb428 lib/core/profiling.py
e60456db5380840a586654344003d4e6 lib/core/readlineng.py e60456db5380840a586654344003d4e6 lib/core/readlineng.py
5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py
99a2b496b9d5b546b335653ca801153f lib/core/revision.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
9af61d6fa1333a6635084ce02ea14643 lib/core/settings.py a226f17fafb974d0bc88f0a47171353b lib/core/settings.py
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
c3ace7874a536d801f308cf1fd03df99 lib/core/target.py c3ace7874a536d801f308cf1fd03df99 lib/core/target.py