sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

improved redirection mechanism

Browse Source
This commit is contained in:
Miroslav Stampar 2011-05-23 23:20:03 +00:00
parent 128a012121
commit a536bf210f
3 changed files with 19 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/option.py
View File

@ -1301,7 +1301,6 @@ def __setConfAttributes():
conf.parameters = {} conf.parameters = {}
conf.path = None conf.path = None
conf.port = None conf.port = None
conf.redirectHandled = False
conf.resultsFilename = None conf.resultsFilename = None
conf.resultsFP = None conf.resultsFP = None
conf.scheme = None conf.scheme = None
@ -1322,6 +1321,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.absFilePaths = set() kb.absFilePaths = set()
kb.adjustTimeDelay = False kb.adjustTimeDelay = False
kb.alwaysRedirect = None
kb.arch = None kb.arch = None
kb.authHeader = None kb.authHeader = None
kb.bannerFp = advancedDict() kb.bannerFp = advancedDict()

35
lib/request/connect.py
View File

@ -92,7 +92,6 @@ class Connect:
method = kwargs.get('method', None) method = kwargs.get('method', None)
cookie = kwargs.get('cookie', None) cookie = kwargs.get('cookie', None)
ua = kwargs.get('ua', None) ua = kwargs.get('ua', None)
host = kwargs.get('host', None)
referer = kwargs.get('referer', None) referer = kwargs.get('referer', None)
direct = kwargs.get('direct', False) direct = kwargs.get('direct', False)
multipart = kwargs.get('multipart', False) multipart = kwargs.get('multipart', False)
@ -103,6 +102,7 @@ class Connect:
ignoreTimeout = kwargs.get('ignoreTimeout', kb.ignoreTimeout) ignoreTimeout = kwargs.get('ignoreTimeout', kb.ignoreTimeout)
refreshing = kwargs.get('refreshing', False) refreshing = kwargs.get('refreshing', False)
retrying = kwargs.get('retrying', False) retrying = kwargs.get('retrying', False)
redirecting = kwargs.get('redirecting', False)
# flag to know if we are dealing with the same target host # flag to know if we are dealing with the same target host
target = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], [url, conf.url])) target = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], [url, conf.url]))
@ -192,7 +192,7 @@ class Connect:
if kb.proxyAuthHeader: if kb.proxyAuthHeader:
headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader
headers[HTTPHEADER.HOST] = host or urlparse.urlparse(url).netloc.split(':')[0] headers[HTTPHEADER.HOST] = urlparse.urlparse(url).netloc.split(':')[0]
if auxHeaders: if auxHeaders:
for key, item in auxHeaders.items(): for key, item in auxHeaders.items():
@ -251,29 +251,20 @@ class Connect:
if hasattr(conn, "setcookie"): if hasattr(conn, "setcookie"):
kb.redirectSetCookie = conn.setcookie kb.redirectSetCookie = conn.setcookie
if hasattr(conn, "redurl") and hasattr(conn, "redcode") and target and not conf.redirectHandled and not conf.realTest: if hasattr(conn, "redurl") and hasattr(conn, "redcode") and target\
msg = "sqlmap got a %d redirect to " % conn.redcode and not redirecting and not conf.realTest:
msg += "%s - What target address do you " % conn.redurl
msg += "want to use from now on? %s " % conf.url
msg += "(default) or provide another target address based "
msg += "also on the redirection got from the application\n"
while True: if kb.alwaysRedirect is None:
choice = readInput(msg, default=None) msg = "sqlmap got a %d redirect to " % conn.redcode
msg += "'%s'. do you want to follow redirects " % conn.redurl
msg += "from now on (or stay on the original page)? [Y/n]"
choice = readInput(msg, default="Y")
if not choice: kb.alwaysRedirect = choice in ("n", "N")
pass
else:
conf.url = choice
try:
parseTargetUrl()
return Connect.__getPageProxy(**kwargs)
except sqlmapSyntaxException:
continue
break kwargs['url'] = conn.redurl if kb.alwaysRedirect else conf.url
kwargs['redirecting'] = True
conf.redirectHandled = True return Connect.__getPageProxy(**kwargs)
# Return response object # Return response object
if response: if response:

5
lib/request/redirecthandler.py
View File

@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
""" """
import urllib2 import urllib2
import urlparse
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
@ -52,6 +53,10 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
elif "uri" in headers: elif "uri" in headers:
result.redurl = headers.getheaders("uri")[0].split("?")[0] result.redurl = headers.getheaders("uri")[0].split("?")[0]
if hasattr(result, 'redurl'):
if result.redurl.startswith('.') or result.redurl.startswith('/'):
result.redurl = urlparse.urljoin(conf.url, result.redurl)
if "set-cookie" in headers: if "set-cookie" in headers:
result.setcookie = headers["set-cookie"].split("; path")[0] result.setcookie = headers["set-cookie"].split("; path")[0]