diff --git a/lib/core/enums.py b/lib/core/enums.py index c3686f793..d7cc34810 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -64,9 +64,17 @@ class HASH: SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z' class HTTPHEADER: - RANGE = "Range" - CONTENT_LENGTH = "Content-Length" - CONTENT_RANGE = "Content-Range" + RANGE = "Range" + CONTENT_LENGTH = "Content-Length" + CONTENT_RANGE = "Content-Range" + CONTENT_ENCODING = "Content-Encoding" + CONTENT_TYPE = "Content-Type" + AUTHORIZATION = "Authorization" + PROXY_AUTHORIZATION = "Proxy-authorization" + COOKIE = "Cookie" + CONNECTION = "Connection" + ACCEPT_ENCODING = "Accept-Encoding" + REFERER = "Referer" class EXPECTED: BOOL = "bool" diff --git a/lib/request/connect.py b/lib/request/connect.py index c31eb1009..999243cfe 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -127,7 +127,7 @@ class Connect: page = conn.read() responseHeaders = conn.info() responseHeaders[URI_HTTP_HEADER] = conn.geturl() - page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type")) + page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) return page @@ -149,13 +149,13 @@ class Connect: headers = forgeHeaders(cookie, ua, referer) if conf.realTest: - headers["Referer"] = "%s://%s" % (conf.scheme, conf.hostname) + headers[HTTPHEADER.REFERER] = "%s://%s" % (conf.scheme, conf.hostname) if kb.authHeader: - headers["Authorization"] = kb.authHeader + headers[HTTPHEADER.AUTHORIZATION] = kb.authHeader if kb.proxyAuthHeader: - headers["Proxy-authorization"] = kb.proxyAuthHeader + headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader if auxHeaders: for key, item in auxHeaders.items(): @@ -183,16 +183,16 @@ class Connect: cookieStr += "%s; " % cookie[8:index] - if not req.has_header("Accept-Encoding"): - requestHeaders += "Accept-Encoding: identity\n" + if not req.has_header(HTTPHEADER.ACCEPT_ENCODING): + requestHeaders += "%s: identity\n" % HTTPHEADER.ACCEPT_ENCODING requestHeaders += "\n".join(["%s: %s" % (header, value) for header, value in req.header_items()]) - if not req.has_header("Cookie") and cookieStr: + if not req.has_header(HTTPHEADER.COOKIE) and cookieStr: requestHeaders += "\n%s" % cookieStr[:-2] - if not req.has_header("Connection"): - requestHeaders += "\nConnection: close" + if not req.has_header(HTTPHEADER.CONNECTION): + requestHeaders += "\n%s: close" % HTTPHEADER.CONNECTION requestMsg += "\n%s" % requestHeaders @@ -205,11 +205,11 @@ class Connect: conn = urllib2.urlopen(req) - if not kb.authHeader and req.has_header("Authorization"): - kb.authHeader = req.get_header("Authorization") + if not kb.authHeader and req.has_header(HTTPHEADER.AUTHORIZATION): + kb.authHeader = req.get_header(HTTPHEADER.AUTHORIZATION) - if not kb.proxyAuthHeader and req.has_header("Proxy-authorization"): - kb.proxyAuthHeader = req.get_header("Proxy-authorization") + if not kb.proxyAuthHeader and req.has_header(HTTPHEADER.PROXY_AUTHORIZATION): + kb.proxyAuthHeader = req.get_header(HTTPHEADER.PROXY_AUTHORIZATION) if hasattr(conn, "setcookie"): kb.redirectSetCookie = conn.setcookie @@ -250,7 +250,7 @@ class Connect: code = conn.code responseHeaders = conn.info() responseHeaders[URI_HTTP_HEADER] = conn.geturl() - page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type")) + page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) status = getUnicode(conn.msg) # Explicit closing of connection object @@ -270,7 +270,7 @@ class Connect: page = e.read() responseHeaders = e.info() responseHeaders[URI_HTTP_HEADER] = e.geturl() - page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type")) + page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) except socket.timeout: warnMsg = "connection timed out while trying " warnMsg += "to get error page information (%d)" % e.code diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 8f0454dcd..e16d0b185 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -12,8 +12,10 @@ import urllib2 from lib.core.data import conf from lib.core.data import logger from lib.core.common import getUnicode +from lib.core.enums import HTTPHEADER from lib.core.exception import sqlmapConnectionException from lib.core.threads import getCurrentThreadData +from lib.request.basic import decodePage class SmartRedirectHandler(urllib2.HTTPRedirectHandler): # maximum number of redirections to any single URL @@ -25,6 +27,8 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler): max_redirections = 10 def common_http_redirect(self, result, headers, code, content, msg): + content = decodePage(content, headers.get(HTTPHEADER.CONTENT_ENCODING), headers.get(HTTPHEADER.CONTENT_TYPE)) + threadData = getCurrentThreadData() threadData.lastRedirectMsg = (threadData.lastRequestUID, content)