mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Minor cleanup and initial work for #58
This commit is contained in:
parent
4beef0900d
commit
a711c9ed36
|
@ -2768,7 +2768,7 @@ def maskSensitiveData(msg):
|
|||
|
||||
retVal = msg
|
||||
|
||||
for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "aCred", "pCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
|
||||
for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
|
||||
regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", item)
|
||||
while extractRegexResult(regex, retVal):
|
||||
value = extractRegexResult(regex, retVal)
|
||||
|
|
|
@ -180,7 +180,7 @@ def _urllib2Opener():
|
|||
if conf.proxy:
|
||||
warnMsg += "with HTTP(s) proxy"
|
||||
logger.warn(warnMsg)
|
||||
elif conf.aType:
|
||||
elif conf.authType:
|
||||
warnMsg += "with authentication methods"
|
||||
logger.warn(warnMsg)
|
||||
else:
|
||||
|
@ -1011,8 +1011,8 @@ def _setHTTPProxy():
|
|||
errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
if conf.pCred:
|
||||
_ = re.search("^(.*?):(.*?)$", conf.pCred)
|
||||
if conf.proxyCred:
|
||||
_ = re.search("^(.*?):(.*?)$", conf.proxyCred)
|
||||
if not _:
|
||||
errMsg = "Proxy authentication credentials "
|
||||
errMsg += "value must be in format username:password"
|
||||
|
@ -1025,9 +1025,9 @@ def _setHTTPProxy():
|
|||
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password)
|
||||
socks.wrapmodule(urllib2)
|
||||
else:
|
||||
if conf.pCred:
|
||||
if conf.proxyCred:
|
||||
# Reference: http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection
|
||||
proxyString = "%s@" % conf.pCred
|
||||
proxyString = "%s@" % conf.proxyCred
|
||||
else:
|
||||
proxyString = ""
|
||||
|
||||
|
@ -1097,24 +1097,24 @@ def _setHTTPAuthentication():
|
|||
|
||||
global authHandler
|
||||
|
||||
if not conf.aType and not conf.aCred and not conf.aCert:
|
||||
if not conf.authType and not conf.authCred and not conf.authCert:
|
||||
return
|
||||
|
||||
elif conf.aType and not conf.aCred and not conf.aCert:
|
||||
elif conf.authType and not conf.authCred and not conf.authCert:
|
||||
errMsg = "you specified the HTTP authentication type, but "
|
||||
errMsg += "did not provide the credentials"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
elif not conf.aType and conf.aCred:
|
||||
elif not conf.authType and conf.authCred:
|
||||
errMsg = "you specified the HTTP authentication credentials, "
|
||||
errMsg += "but did not provide the type"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
if not conf.aCert:
|
||||
if not conf.authCert:
|
||||
debugMsg = "setting the HTTP authentication type and credentials"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
aTypeLower = conf.aType.lower()
|
||||
aTypeLower = conf.authType.lower()
|
||||
|
||||
if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.CERT):
|
||||
errMsg = "HTTP authentication type value must be "
|
||||
|
@ -1133,7 +1133,7 @@ def _setHTTPAuthentication():
|
|||
errMsg += "usage of option `--auth-cert`"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
aCredRegExp = re.search(regExp, conf.aCred)
|
||||
aCredRegExp = re.search(regExp, conf.authCred)
|
||||
|
||||
if not aCredRegExp:
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
@ -1165,7 +1165,7 @@ def _setHTTPAuthentication():
|
|||
debugMsg = "setting the HTTP(s) authentication certificate"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
|
||||
aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.authCert)
|
||||
|
||||
if not aCertRegExp:
|
||||
errMsg = "HTTP authentication certificate option "
|
||||
|
|
|
@ -33,11 +33,12 @@ optDict = {
|
|||
"host": "string",
|
||||
"referer": "string",
|
||||
"headers": "string",
|
||||
"aType": "string",
|
||||
"aCred": "string",
|
||||
"aCert": "string",
|
||||
"authType": "string",
|
||||
"authCred": "string",
|
||||
"authCert": "string",
|
||||
"proxy": "string",
|
||||
"pCred": "string",
|
||||
"proxyCred": "string",
|
||||
"proxyFile": "string",
|
||||
"ignoreProxy": "boolean",
|
||||
"tor": "boolean",
|
||||
"torPort": "integer",
|
||||
|
|
|
@ -108,25 +108,28 @@ def cmdLineParser():
|
|||
request.add_option("--headers", dest="headers",
|
||||
help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
|
||||
|
||||
request.add_option("--auth-type", dest="aType",
|
||||
request.add_option("--auth-type", dest="authType",
|
||||
help="HTTP authentication type "
|
||||
"(Basic, Digest, NTLM or Cert)")
|
||||
|
||||
request.add_option("--auth-cred", dest="aCred",
|
||||
request.add_option("--auth-cred", dest="authCred",
|
||||
help="HTTP authentication credentials "
|
||||
"(name:password)")
|
||||
|
||||
request.add_option("--auth-cert", dest="aCert",
|
||||
request.add_option("--auth-cert", dest="authCert",
|
||||
help="HTTP authentication certificate ("
|
||||
"key_file,cert_file)")
|
||||
|
||||
request.add_option("--proxy", dest="proxy",
|
||||
help="Use a proxy to connect to the target URL")
|
||||
|
||||
request.add_option("--proxy-cred", dest="pCred",
|
||||
request.add_option("--proxy-cred", dest="proxyCred",
|
||||
help="Proxy authentication credentials "
|
||||
"(name:password)")
|
||||
|
||||
request.add_option("--proxy-file", dest="proxyFile",
|
||||
help="Load proxy list from a file")
|
||||
|
||||
request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
|
||||
help="Ignore system default proxy settings")
|
||||
|
||||
|
|
|
@ -372,7 +372,7 @@ class Connect(object):
|
|||
|
||||
conn = urllib2.urlopen(req)
|
||||
|
||||
if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.aType == AUTH_TYPE.BASIC:
|
||||
if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.authType == AUTH_TYPE.BASIC:
|
||||
kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)
|
||||
|
||||
if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):
|
||||
|
|
14
sqlmap.conf
14
sqlmap.conf
|
@ -18,6 +18,9 @@ url =
|
|||
# 'conversations/' folder path
|
||||
logFile =
|
||||
|
||||
# Scan multiple targets enlisted in a given textual file
|
||||
bulkFile =
|
||||
|
||||
# Load HTTP request from a file
|
||||
# Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
|
||||
requestFile =
|
||||
|
@ -76,17 +79,17 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
|
|||
# HTTP Authentication type. Useful only if the target URL requires
|
||||
# HTTP Basic, Digest or NTLM authentication and you have such data.
|
||||
# Valid: Basic, Digest, NTLM or Cert
|
||||
aType =
|
||||
authType =
|
||||
|
||||
# HTTP authentication credentials. Useful only if the target URL requires
|
||||
# HTTP Basic, Digest or NTLM authentication and you have such data.
|
||||
# Syntax: username:password
|
||||
aCred =
|
||||
authCred =
|
||||
|
||||
# HTTP Authentication certificate. Useful only if the target URL requires
|
||||
# logon certificate and you have such data.
|
||||
# Syntax: key_file,cert_file
|
||||
aCert =
|
||||
authCert =
|
||||
|
||||
# Use a proxy to connect to the target URL.
|
||||
# Syntax: http://address:port
|
||||
|
@ -95,7 +98,10 @@ proxy =
|
|||
# Proxy authentication credentials. Useful only if the proxy requires
|
||||
# Basic or Digest authentication and you have such data.
|
||||
# Syntax: username:password
|
||||
pCred =
|
||||
proxyCred =
|
||||
|
||||
# Load proxy list from a file
|
||||
proxyFile =
|
||||
|
||||
# Ignore system default proxy settings.
|
||||
# Valid: True or False
|
||||
|
|
|
@ -3423,8 +3423,8 @@
|
|||
<switches>
|
||||
<url value="http://debiandev/sqlmap/mysql/basic/get_int.php?id=1"/>
|
||||
<tech value="E"/>
|
||||
<aType value="Basic"/>
|
||||
<aCred value="testuser:testpass"/>
|
||||
<authType value="Basic"/>
|
||||
<authCred value="testuser:testpass"/>
|
||||
<getBanner value="True"/>
|
||||
</switches>
|
||||
<parse>
|
||||
|
@ -3435,8 +3435,8 @@
|
|||
<switches>
|
||||
<url value="http://debiandev/sqlmap/mysql/digest/get_int.php?id=1"/>
|
||||
<tech value="E"/>
|
||||
<aType value="Digest"/>
|
||||
<aCred value="testuser:testpass"/>
|
||||
<authType value="Digest"/>
|
||||
<authCred value="testuser:testpass"/>
|
||||
<getBanner value="True"/>
|
||||
</switches>
|
||||
<parse>
|
||||
|
|
Loading…
Reference in New Issue
Block a user