added null connection check

lib/controller/checks.py

@@ -437,6 +437,29 @@ def checkRegexp():
 
         return False
 
+def checkNullConnection():
+    infoMsg = "testing NULL connection to the target url"
+    logger.info(infoMsg)
+
+    try:
+        page, headers = Request.getPage(method="HEAD")
+        if not page and 'Content-Length' in headers:
+            kb.nullConnection = "HEAD"
+        else:
+            page, headers = Request.getPage(auxHeaders={"Range":"bytes=-1"})
+            if page and len(page) == 1 and 'Content-Range' in headers:
+                kb.nullConnection = "Range"
+
+    except sqlmapConnectionException, errMsg:
+        errMsg = getUnicode(errMsg)
+        raise sqlmapConnectionException, errMsg
+
+    if kb.nullConnection:
+        infoMsg = "method '%s' seems to be working" % kb.nullConnection
+        logger.info(infoMsg)
+
+    return kb.nullConnection is not None
+
 def checkConnection():
     try:
         socket.gethostbyname(conf.hostname)

lib/controller/controller.py

@@ -29,6 +29,7 @@ from lib.controller.checks import checkStability
 from lib.controller.checks import checkString
 from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
+from lib.controller.checks import checkNullConnection
 from lib.core.common import getUnicode
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
@@ -165,6 +166,8 @@ def start():
             if not checkConnection() or not checkString() or not checkRegexp():
                 continue
 
+            checkNullConnection()
+
             if not conf.dropSetCookie:
                 for _, cookie in enumerate(conf.cj):
                     cookie = getUnicode(cookie)

lib/core/option.py

@@ -1010,6 +1010,7 @@ def __setKnowledgeBaseAttributes():
     kb.injPlace       = None
     kb.injType        = None
     kb.hintValue      = None
+    kb.nullConnection = None
 
     # Back-end DBMS underlying operating system fingerprint via banner (-b)
     # parsing

lib/request/connect.py

@@ -69,16 +69,17 @@ class Connect:
             delay = 0.00001 * (conf.cpuThrottle ** 2)
             time.sleep(delay)
 
-        url       = kwargs.get('url',       conf.url).replace(" ", "%20")
+        url             = kwargs.get('url',       conf.url).replace(" ", "%20")
-        get       = kwargs.get('get',       None)
+        get             = kwargs.get('get',       None)
-        post      = kwargs.get('post',      None)
+        post            = kwargs.get('post',      None)
-        method    = kwargs.get('method',    None)
+        method          = kwargs.get('method',    None)
-        cookie    = kwargs.get('cookie',    None)
+        cookie          = kwargs.get('cookie',    None)
-        ua        = kwargs.get('ua',        None)
+        ua              = kwargs.get('ua',        None)
-        direct    = kwargs.get('direct',    False)
+        direct          = kwargs.get('direct',    False)
-        multipart = kwargs.get('multipart', False)
+        multipart       = kwargs.get('multipart', False)
-        silent    = kwargs.get('silent',    False)
+        silent          = kwargs.get('silent',    False)
-        raise404  = kwargs.get('raise404',  True)
+        raise404        = kwargs.get('raise404',  True)
+        auxHeaders      = kwargs.get('auxHeaders',    None)
 
         page            = ""
         cookieStr       = ""
@@ -130,6 +131,10 @@ class Connect:
             # Perform HTTP request
             headers = forgeHeaders(cookie, ua)
 
+            if auxHeaders:
+                for key, item in auxHeaders.items():
+                    headers[key] = item
+
             if method:
                 req = MethodRequest(url, post, headers)
                 req.set_method(method)
@@ -272,7 +277,7 @@ class Connect:
         return page, responseHeaders
 
     @staticmethod
-    def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None):
+    def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=dict()):
         """
         This method calls a function to get the target url page content
         and returns its page MD5 hash or a boolean value in case of
@@ -305,7 +310,7 @@ class Connect:
         if conf.safUrl and conf.saFreq > 0:
             kb.queryCounter += 1
             if kb.queryCounter % conf.saFreq == 0:
-                Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua)
+                Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua, auxHeaders=auxHeaders)
 
         page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method)