Minor patch

lib/core/common.py

@@ -2244,7 +2244,10 @@ def logHTTPTraffic(requestLogMsg, responseLogMsg):
         dataToTrafficFile("%s%s%s%s" % (os.linesep, 76 * '#', os.linesep, os.linesep))
 
 def getPageTemplate(payload, place):  # Cross-linked function
-    pass
+    raise NotImplementedError
+
+def setHTTPProxy():  # Cross-linked function
+    raise NotImplementedError
 
 def getPublicTypeMembers(type_, onlyValues=False):
     """

lib/core/convert.py

@@ -133,7 +133,7 @@ def htmlunescape(value):
     return retVal
 
 def singleTimeWarnMessage(message):  # Cross-linked function
-    pass
+    raise NotImplementedError
 
 def stdoutencode(data):
     retVal = None

lib/core/option.py

@@ -149,7 +149,7 @@ from xml.etree.ElementTree import ElementTree
 authHandler = urllib2.BaseHandler()
 httpsHandler = HTTPSHandler()
 keepAliveHandler = keepalive.HTTPHandler()
-proxyHandler = urllib2.BaseHandler()
+proxyHandler = urllib2.ProxyHandler()
 redirectHandler = SmartRedirectHandler()
 rangeHandler = HTTPRangeHandler()
 
@@ -981,21 +981,23 @@ def _setHTTPProxy():
     Check and set the HTTP/SOCKS proxy for all HTTP requests.
     """
 
-    global proxyHandler
-
     if not conf.proxy:
-        if conf.hostname in ('localhost', '127.0.0.1') or conf.ignoreProxy:
+        if conf.proxyList:
-            proxyHandler = urllib2.ProxyHandler({})
+            conf.proxy = conf.proxyList[0]
+            conf.proxyList = conf.proxyList[1:] + conf.proxyList[:1]
+        else:
+            if conf.hostname in ('localhost', '127.0.0.1') or conf.ignoreProxy:
+                proxyHandler.proxies = {}
 
-        return
+            return
 
     debugMsg = "setting the HTTP/SOCKS proxy for all HTTP requests"
     logger.debug(debugMsg)
 
-    proxySplit = urlparse.urlsplit(conf.proxy)
+    _ = urlparse.urlsplit(conf.proxy)
-    hostnamePort = proxySplit.netloc.split(":")
+    hostnamePort = _.netloc.split(":")
 
-    scheme = proxySplit.scheme.upper()
+    scheme = _.scheme.upper()
     hostname = hostnamePort[0]
     port = None
     username = None
@@ -1022,9 +1024,13 @@ def _setHTTPProxy():
             password = _.group(2)
 
     if scheme in (PROXY_TYPE.SOCKS4, PROXY_TYPE.SOCKS5):
+        proxyHandler.proxies = {}
+
         socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password)
         socks.wrapmodule(urllib2)
     else:
+        socks.unwrapmodule(urllib2)
+
         if conf.proxyCred:
             # Reference: http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection
             proxyString = "%s@" % conf.proxyCred
@@ -1032,7 +1038,9 @@ def _setHTTPProxy():
             proxyString = ""
 
         proxyString += "%s:%d" % (hostname, port)
-        proxyHandler = urllib2.ProxyHandler({"http": proxyString, "https": proxyString})
+        proxyHandler.proxies = {"http": proxyString, "https": proxyString}
+
+    proxyHandler.__init__(proxyHandler.proxies)
 
 def _setSafeUrl():
     """
@@ -1540,6 +1548,7 @@ def _setConfAttributes():
     conf.parameters = {}
     conf.path = None
     conf.port = None
+    conf.proxyList = []
     conf.resultsFilename = None
     conf.resultsFP = None
     conf.scheme = None
@@ -1908,6 +1917,12 @@ def _setDNSServer():
         errMsg += "for incoming address resolution attempts"
         raise SqlmapMissingPrivileges(errMsg)
 
+def _setProxyList():
+    if not conf.proxyFile:
+        return
+
+    conf.proxyList = getFileItems(conf.proxyFile)
+
 def _setTorProxySettings():
     if not conf.tor:
         return
@@ -2154,8 +2169,11 @@ def _basicOptionValidation():
             raise SqlmapFilePathException(errMsg)
 
 def _resolveCrossReferences():
+    import pdb
+    pdb.set_trace()
     lib.core.threads.readInput = readInput
     lib.core.common.getPageTemplate = getPageTemplate
+    lib.core.common.setHTTPProxy = _setHTTPProxy
     lib.core.convert.singleTimeWarnMessage = singleTimeWarnMessage
 
 def initOptions(inputOptions=AttribDict(), overrideOptions=False):
@@ -2180,6 +2198,7 @@ def init():
     _purgeOutput()
     _checkDependencies()
     _basicOptionValidation()
+    _setProxyList()
     _setTorProxySettings()
     _setDNSServer()
     _adjustLoggingFormatter()

lib/request/connect.py

@@ -37,6 +37,7 @@ from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import removeReflectiveValues
+from lib.core.common import setHTTPProxy
 from lib.core.common import singleTimeLogMessage
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import stdev
@@ -107,6 +108,14 @@ class Connect(object):
         threadData = getCurrentThreadData()
         threadData.retriesCount += 1
 
+        if threadData.retriesCount >= conf.retries:
+            warnMsg = "changing proxy"
+            logger.warn(warnMsg)
+
+            conf.proxy = conf.proxyList[0]
+            conf.proxyList = conf.proxyList[1:] + conf.proxyList[:1]
+            setHTTPProxy()
+
         if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME:
             # timed based payloads can cause web server unresponsiveness
             # if the injectable piece of code is some kind of JOIN-like query

plugins/dbms/oracle/connector.py

@@ -42,10 +42,10 @@ class Connector(GenericConnector):
         try:
             self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, mode=cx_Oracle.SYSDBA)
             logger.info("successfully connected as SYSDBA")
-        except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError):
+        except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError):
             try:
                 self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)
-            except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg:
+            except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError), msg:
                 raise SqlmapConnectionException(msg)
 
         self.initCursor()