diff --git a/lib/core/common.py b/lib/core/common.py index c5c55aa24..1faef14ac 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1248,7 +1248,8 @@ def parseTargetUrl(): errMsg += "on this platform" raise SqlmapGenericException(errMsg) - if not re.search("^http[s]*://", conf.url, re.I): + if not re.search("^http[s]*://", conf.url, re.I) and \ + not re.search("^ws[s]*://", conf.url, re.I): if ":443/" in conf.url: conf.url = "https://" + conf.url else: diff --git a/lib/core/option.py b/lib/core/option.py index a2778d60b..64c2641b6 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2180,6 +2180,16 @@ def _setTorSocksProxySettings(): socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, conf.torPort or DEFAULT_TOR_SOCKS_PORT) socks.wrapmodule(urllib2) +def _checkWebSocket(): + infoMsg = "checking URL is WebSocket or not" + logger.debug(infoMsg) + if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")): + try: + from websocket import ABNF + except ImportError: + errMsg = "it seems that python 'websocket-client' third-party library not be installed. " + raise SqlmapMissingDependence(errMsg) + def _checkTor(): if not conf.checkTor: return @@ -2449,6 +2459,7 @@ def init(): _setWafFunctions() _setTrafficOutputFP() _resolveCrossReferences() + _checkWebSocket() parseTargetUrl() parseTargetDirect() diff --git a/lib/core/target.py b/lib/core/target.py index bd6379e14..90d2a68bd 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -211,7 +211,7 @@ def _setRequestParams(): kb.processUserMarks = True if (kb.postHint and CUSTOM_INJECTION_MARK_CHAR in conf.data) else kb.processUserMarks - if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not CUSTOM_INJECTION_MARK_CHAR in (conf.data or ""): + if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not CUSTOM_INJECTION_MARK_CHAR in (conf.data or "") and conf.url.startswith("http"): warnMsg = "you've provided target URL without any GET " warnMsg += "parameters (e.g. www.site.com/article.php?id=1) " warnMsg += "and without providing any POST parameters " diff --git a/lib/request/connect.py b/lib/request/connect.py index 71f50e16a..549a261fb 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -19,6 +19,13 @@ import traceback import urllib2 import urlparse +try: + import websocket + from websocket import WebSocketException +except ImportError: + class WebSocketException(Exception): + pass + from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.common import asciifyUrl @@ -232,6 +239,7 @@ class Connect(object): retrying = kwargs.get("retrying", False) crawling = kwargs.get("crawling", False) skipRead = kwargs.get("skipRead", False) + is_websocket = conf.url.startswith("ws") if not urlparse.urlsplit(url).netloc: url = urlparse.urljoin(conf.url, url) @@ -364,7 +372,18 @@ class Connect(object): url = unicodeencode(url) post = unicodeencode(post, kb.pageEncoding) - if method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST): + if is_websocket: + # WebSocket will add Host field of headers automatically + disallowed_headers = ['Host'] + ws = websocket.WebSocket() + ws.connect(url, header=["%s: %s" % _ for _ in headers.items() if _[0] not in disallowed_headers], cookie=cookie) + ws.send(urldecode(post) if post else '') + response = ws.recv() + ws.close() + # WebSocket class does not have response headers + return response, {}, 101 + + elif method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST): method = unicodeencode(method) req = MethodRequest(url, post, headers) req.set_method(method) @@ -538,13 +557,13 @@ class Connect(object): debugMsg = "got HTTP error code: %d (%s)" % (code, status) logger.debug(debugMsg) - except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, httplib.ResponseNotReady, struct.error, ProxyError, SqlmapCompressionException), e: + except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, httplib.ResponseNotReady, struct.error, ProxyError, SqlmapCompressionException, WebSocketException), e: tbMsg = traceback.format_exc() if "no host given" in tbMsg: warnMsg = "invalid URL address used (%s)" % repr(url) raise SqlmapSyntaxException(warnMsg) - elif "forcibly closed" in tbMsg: + elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg: warnMsg = "connection was forcibly closed by the target URL" elif "timed out" in tbMsg: if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED): @@ -563,6 +582,10 @@ class Connect(object): elif "IncompleteRead" in tbMsg: warnMsg = "there was an incomplete read error while retrieving data " warnMsg += "from the target URL" + elif "Handshake status" in tbMsg: + status = re.search("Handshake status ([\d]{3})", tbMsg) + errMsg = "websocket handshake status %s" % status.group(1) if status else 'unknown' + raise SqlmapConnectionException(errMsg) else: warnMsg = "unable to connect to the target URL" diff --git a/lib/utils/deps.py b/lib/utils/deps.py index ea2f661e9..d25c8ea94 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -78,6 +78,17 @@ def checkDependencies(): logger.warn(warnMsg) missing_libraries.add('python-ntlm') + try: + from websocket import ABNF + debugMsg = "'python websocket-client' library is found" + logger.debug(debugMsg) + except ImportError: + warnMsg = "sqlmap requires 'python websocket-client' third-party library for " + warnMsg += "if you plan to attack a web application behind websocket. " + warnMsg += "Download from https://pypi.python.org/pypi/websocket-client/" + logger.warn(warnMsg) + missing_libraries.add('websocket-client') + if IS_WIN: try: import pyreadline