From 8b0c50f25d64c027c9a7d6c903fb0eff7864e83d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 23 Aug 2017 13:17:37 +0200 Subject: [PATCH] Update related to the #2663 --- lib/controller/checks.py | 7 +++--- lib/core/dicts.py | 1 + lib/core/optiondict.py | 2 +- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 4 +-- lib/request/connect.py | 53 ++++++++++++++++++++-------------------- sqlmap.conf | 6 ++--- txt/checksum.md5 | 12 ++++----- 8 files changed, 45 insertions(+), 42 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index d42e7b192..1359389b1 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1504,9 +1504,10 @@ def checkConnection(suppressOutput=False): warnMsg += "which could interfere with the results of the tests" logger.warn(warnMsg) elif wasLastResponseHTTPError(): - warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError() - warnMsg += "which could interfere with the results of the tests" - logger.warn(warnMsg) + if getLastRequestHTTPError() != conf.ignoreCode: + warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError() + warnMsg += "which could interfere with the results of the tests" + logger.warn(warnMsg) else: kb.errorIsNone = True diff --git a/lib/core/dicts.py b/lib/core/dicts.py index dd681a09a..3d8897643 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -272,6 +272,7 @@ DEPRECATED_OPTIONS = { "--no-unescape": "use '--no-escape' instead", "--binary": "use '--binary-fields' instead", "--auth-private": "use '--auth-file' instead", + "--ignore-401": "use '--ignore-code' instead", "--check-payload": None, "--check-waf": None, "--pickled-options": "use '--api -c ...' instead", diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index e17937c46..5dfaecb9f 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -38,7 +38,7 @@ optDict = { "authType": "string", "authCred": "string", "authFile": "string", - "ignore401": "boolean", + "ignoreCode": "integer", "ignoreProxy": "boolean", "ignoreRedirects": "boolean", "ignoreTimeouts": "boolean", diff --git a/lib/core/settings.py b/lib/core/settings.py index 9e13e0961..8aaa1138a 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.1.8.8" +VERSION = "1.1.8.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 8bf8badba..061cedad5 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -149,8 +149,8 @@ def cmdLineParser(argv=None): request.add_option("--auth-file", dest="authFile", help="HTTP authentication PEM cert/private key file") - request.add_option("--ignore-401", dest="ignore401", action="store_true", - help="Ignore HTTP Error 401 (Unauthorized)") + request.add_option("--ignore-code", dest="ignoreCode", type="int", + help="Ignore HTTP error code (e.g. 401)") request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true", help="Ignore system default proxy settings") diff --git a/lib/request/connect.py b/lib/request/connect.py index a11be105f..9bfc0dfbf 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -590,34 +590,35 @@ class Connect(object): if not multipart: logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) - if ex.code == httplib.UNAUTHORIZED and not conf.ignore401: - errMsg = "not authorized, try to provide right HTTP " - errMsg += "authentication type and valid credentials (%d)" % code - raise SqlmapConnectionException(errMsg) - elif ex.code == httplib.NOT_FOUND: - if raise404: - errMsg = "page not found (%d)" % code + if ex.code != conf.ignoreCode: + if ex.code == httplib.UNAUTHORIZED: + errMsg = "not authorized, try to provide right HTTP " + errMsg += "authentication type and valid credentials (%d)" % code raise SqlmapConnectionException(errMsg) - else: - debugMsg = "page not found (%d)" % code - singleTimeLogMessage(debugMsg, logging.DEBUG) - elif ex.code == httplib.GATEWAY_TIMEOUT: - if ignoreTimeout: - return None if not conf.ignoreTimeouts else "", None, None - else: - warnMsg = "unable to connect to the target URL (%d - %s)" % (ex.code, httplib.responses[ex.code]) - if threadData.retriesCount < conf.retries and not kb.threadException: - warnMsg += ". sqlmap is going to retry the request" - logger.critical(warnMsg) - return Connect._retryProxy(**kwargs) - elif kb.testMode: - logger.critical(warnMsg) - return None, None, None + elif ex.code == httplib.NOT_FOUND: + if raise404: + errMsg = "page not found (%d)" % code + raise SqlmapConnectionException(errMsg) else: - raise SqlmapConnectionException(warnMsg) - else: - debugMsg = "got HTTP error code: %d (%s)" % (code, status) - logger.debug(debugMsg) + debugMsg = "page not found (%d)" % code + singleTimeLogMessage(debugMsg, logging.DEBUG) + elif ex.code == httplib.GATEWAY_TIMEOUT: + if ignoreTimeout: + return None if not conf.ignoreTimeouts else "", None, None + else: + warnMsg = "unable to connect to the target URL (%d - %s)" % (ex.code, httplib.responses[ex.code]) + if threadData.retriesCount < conf.retries and not kb.threadException: + warnMsg += ". sqlmap is going to retry the request" + logger.critical(warnMsg) + return Connect._retryProxy(**kwargs) + elif kb.testMode: + logger.critical(warnMsg) + return None, None, None + else: + raise SqlmapConnectionException(warnMsg) + else: + debugMsg = "got HTTP error code: %d (%s)" % (code, status) + logger.debug(debugMsg) except (urllib2.URLError, socket.error, socket.timeout, httplib.HTTPException, struct.error, binascii.Error, ProxyError, SqlmapCompressionException, WebSocketException, TypeError, ValueError): tbMsg = traceback.format_exc() diff --git a/sqlmap.conf b/sqlmap.conf index 9386ace16..faae80a98 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -98,9 +98,9 @@ authCred = # Syntax: key_file authFile = -# Ignore HTTP Error 401 (Unauthorized). -# Valid: True or False -ignore401 = False +# Ignore HTTP error code (e.g. 401). +# Valid: integer +ignoreCode = # Ignore system default proxy settings. # Valid: True or False diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b73456cec..7aae361a9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32. 310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py 7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py 7afe836fd97271ccba67b4c0da2482ff lib/controller/action.py -5adb0a4ebf766a3cb9c3b1810b3e4b87 lib/controller/checks.py +979909f798bfcd346d72089d72234b74 lib/controller/checks.py a66093c734c7f94ecdf94d882c2d8b89 lib/controller/controller.py 35843d3e6dc4ea6c2462d48d2554ad10 lib/controller/handler.py 310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py @@ -33,20 +33,20 @@ a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py 7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py 36c85e9ef109c5b4af3ca9bb1065ef1f lib/core/decorators.py 94b06df2dfd9f6c7a2ad3f04a846b686 lib/core/defaults.py -7309cf449b009723d1a4655fcf1a96d7 lib/core/dicts.py +fa0cc2588d9e3fe215d4519879a0678f lib/core/dicts.py 65b9187de3d8c9c28ddab53ef2b399bc lib/core/dump.py c8553b821a2089cb8ddd39ae661f25fc lib/core/enums.py a44d7a4cc6c9a67a72d6af2f25f4ddac lib/core/exception.py 310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py 9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py -5a34a1be62eab520cacc197b5eacda39 lib/core/optiondict.py +9d7069d81e4a520ed3fbcac584c1e86e lib/core/optiondict.py 467a77eb68d193467a3a91d7b378501d lib/core/option.py 5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py 40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py -81979aaadc3002c17e2b50b0094f6bc7 lib/core/settings.py +7c0e6e555f7e65310d8111d7ae9b5ca3 lib/core/settings.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py 4a6ecdd8a6e44bb4737bd9bc7f9b5743 lib/core/target.py @@ -57,7 +57,7 @@ ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py 4d13ed693401a498b6d073a2a494bd83 lib/core/wordlist.py 310efc965c862cfbd7b0da5150a5ad36 lib/__init__.py 8c4b04062db2245d9e190b413985202a lib/parse/banner.py -457a8bd6e651f3db523e4c2c1207b447 lib/parse/cmdline.py +18a64eb1c9a3c0f0896bcfc6a23d76da lib/parse/cmdline.py 3a31657bc38f277d0016ff6d50bde61f lib/parse/configfile.py 14539f1be714d4f1ed042067d63bc50a lib/parse/handler.py 64e5bb3ecbdd75144500588b437ba8da lib/parse/headers.py @@ -68,7 +68,7 @@ ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py 403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py a06eddbdb529d4253c57250decb8e960 lib/request/basic.py ef48de622b0a6b4a71df64b0d2785ef8 lib/request/comparison.py -e9aa99ead32887dcfe935044c15aa9bc lib/request/connect.py +a84f039f50af8a002941b74c36da9b02 lib/request/connect.py fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py 5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py