mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 21:13:51 +03:00
Merge branch 'RicterZ-master'
This commit is contained in:
commit
c8aac19f75
|
@ -1248,7 +1248,8 @@ def parseTargetUrl():
|
||||||
errMsg += "on this platform"
|
errMsg += "on this platform"
|
||||||
raise SqlmapGenericException(errMsg)
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
if not re.search("^http[s]*://", conf.url, re.I):
|
if not re.search("^http[s]*://", conf.url, re.I) and \
|
||||||
|
not re.search("^ws[s]*://", conf.url, re.I):
|
||||||
if ":443/" in conf.url:
|
if ":443/" in conf.url:
|
||||||
conf.url = "https://" + conf.url
|
conf.url = "https://" + conf.url
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -2180,6 +2180,16 @@ def _setTorSocksProxySettings():
|
||||||
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, conf.torPort or DEFAULT_TOR_SOCKS_PORT)
|
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, conf.torPort or DEFAULT_TOR_SOCKS_PORT)
|
||||||
socks.wrapmodule(urllib2)
|
socks.wrapmodule(urllib2)
|
||||||
|
|
||||||
|
def _checkWebSocket():
|
||||||
|
infoMsg = "checking URL is WebSocket or not"
|
||||||
|
logger.debug(infoMsg)
|
||||||
|
if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")):
|
||||||
|
try:
|
||||||
|
from websocket import ABNF
|
||||||
|
except ImportError:
|
||||||
|
errMsg = "it seems that python 'websocket-client' third-party library not be installed. "
|
||||||
|
raise SqlmapMissingDependence(errMsg)
|
||||||
|
|
||||||
def _checkTor():
|
def _checkTor():
|
||||||
if not conf.checkTor:
|
if not conf.checkTor:
|
||||||
return
|
return
|
||||||
|
@ -2449,6 +2459,7 @@ def init():
|
||||||
_setWafFunctions()
|
_setWafFunctions()
|
||||||
_setTrafficOutputFP()
|
_setTrafficOutputFP()
|
||||||
_resolveCrossReferences()
|
_resolveCrossReferences()
|
||||||
|
_checkWebSocket()
|
||||||
|
|
||||||
parseTargetUrl()
|
parseTargetUrl()
|
||||||
parseTargetDirect()
|
parseTargetDirect()
|
||||||
|
|
|
@ -211,7 +211,7 @@ def _setRequestParams():
|
||||||
|
|
||||||
kb.processUserMarks = True if (kb.postHint and CUSTOM_INJECTION_MARK_CHAR in conf.data) else kb.processUserMarks
|
kb.processUserMarks = True if (kb.postHint and CUSTOM_INJECTION_MARK_CHAR in conf.data) else kb.processUserMarks
|
||||||
|
|
||||||
if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not CUSTOM_INJECTION_MARK_CHAR in (conf.data or ""):
|
if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not CUSTOM_INJECTION_MARK_CHAR in (conf.data or "") and conf.url.startswith("http"):
|
||||||
warnMsg = "you've provided target URL without any GET "
|
warnMsg = "you've provided target URL without any GET "
|
||||||
warnMsg += "parameters (e.g. www.site.com/article.php?id=1) "
|
warnMsg += "parameters (e.g. www.site.com/article.php?id=1) "
|
||||||
warnMsg += "and without providing any POST parameters "
|
warnMsg += "and without providing any POST parameters "
|
||||||
|
|
|
@ -19,6 +19,13 @@ import traceback
|
||||||
import urllib2
|
import urllib2
|
||||||
import urlparse
|
import urlparse
|
||||||
|
|
||||||
|
try:
|
||||||
|
import websocket
|
||||||
|
from websocket import WebSocketException
|
||||||
|
except ImportError:
|
||||||
|
class WebSocketException(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
from extra.safe2bin.safe2bin import safecharencode
|
from extra.safe2bin.safe2bin import safecharencode
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import asciifyUrl
|
from lib.core.common import asciifyUrl
|
||||||
|
@ -232,6 +239,7 @@ class Connect(object):
|
||||||
retrying = kwargs.get("retrying", False)
|
retrying = kwargs.get("retrying", False)
|
||||||
crawling = kwargs.get("crawling", False)
|
crawling = kwargs.get("crawling", False)
|
||||||
skipRead = kwargs.get("skipRead", False)
|
skipRead = kwargs.get("skipRead", False)
|
||||||
|
is_websocket = conf.url.startswith("ws")
|
||||||
|
|
||||||
if not urlparse.urlsplit(url).netloc:
|
if not urlparse.urlsplit(url).netloc:
|
||||||
url = urlparse.urljoin(conf.url, url)
|
url = urlparse.urljoin(conf.url, url)
|
||||||
|
@ -364,7 +372,18 @@ class Connect(object):
|
||||||
url = unicodeencode(url)
|
url = unicodeencode(url)
|
||||||
post = unicodeencode(post, kb.pageEncoding)
|
post = unicodeencode(post, kb.pageEncoding)
|
||||||
|
|
||||||
if method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
|
if is_websocket:
|
||||||
|
# WebSocket will add Host field of headers automatically
|
||||||
|
disallowed_headers = ['Host']
|
||||||
|
ws = websocket.WebSocket()
|
||||||
|
ws.connect(url, header=["%s: %s" % _ for _ in headers.items() if _[0] not in disallowed_headers], cookie=cookie)
|
||||||
|
ws.send(urldecode(post) if post else '')
|
||||||
|
response = ws.recv()
|
||||||
|
ws.close()
|
||||||
|
# WebSocket class does not have response headers
|
||||||
|
return response, {}, 101
|
||||||
|
|
||||||
|
elif method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
|
||||||
method = unicodeencode(method)
|
method = unicodeencode(method)
|
||||||
req = MethodRequest(url, post, headers)
|
req = MethodRequest(url, post, headers)
|
||||||
req.set_method(method)
|
req.set_method(method)
|
||||||
|
@ -538,13 +557,13 @@ class Connect(object):
|
||||||
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
|
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, httplib.ResponseNotReady, struct.error, ProxyError, SqlmapCompressionException), e:
|
except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, httplib.ResponseNotReady, struct.error, ProxyError, SqlmapCompressionException, WebSocketException), e:
|
||||||
tbMsg = traceback.format_exc()
|
tbMsg = traceback.format_exc()
|
||||||
|
|
||||||
if "no host given" in tbMsg:
|
if "no host given" in tbMsg:
|
||||||
warnMsg = "invalid URL address used (%s)" % repr(url)
|
warnMsg = "invalid URL address used (%s)" % repr(url)
|
||||||
raise SqlmapSyntaxException(warnMsg)
|
raise SqlmapSyntaxException(warnMsg)
|
||||||
elif "forcibly closed" in tbMsg:
|
elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg:
|
||||||
warnMsg = "connection was forcibly closed by the target URL"
|
warnMsg = "connection was forcibly closed by the target URL"
|
||||||
elif "timed out" in tbMsg:
|
elif "timed out" in tbMsg:
|
||||||
if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
|
if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
|
||||||
|
@ -563,6 +582,10 @@ class Connect(object):
|
||||||
elif "IncompleteRead" in tbMsg:
|
elif "IncompleteRead" in tbMsg:
|
||||||
warnMsg = "there was an incomplete read error while retrieving data "
|
warnMsg = "there was an incomplete read error while retrieving data "
|
||||||
warnMsg += "from the target URL"
|
warnMsg += "from the target URL"
|
||||||
|
elif "Handshake status" in tbMsg:
|
||||||
|
status = re.search("Handshake status ([\d]{3})", tbMsg)
|
||||||
|
errMsg = "websocket handshake status %s" % status.group(1) if status else 'unknown'
|
||||||
|
raise SqlmapConnectionException(errMsg)
|
||||||
else:
|
else:
|
||||||
warnMsg = "unable to connect to the target URL"
|
warnMsg = "unable to connect to the target URL"
|
||||||
|
|
||||||
|
|
|
@ -78,6 +78,17 @@ def checkDependencies():
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
missing_libraries.add('python-ntlm')
|
missing_libraries.add('python-ntlm')
|
||||||
|
|
||||||
|
try:
|
||||||
|
from websocket import ABNF
|
||||||
|
debugMsg = "'python websocket-client' library is found"
|
||||||
|
logger.debug(debugMsg)
|
||||||
|
except ImportError:
|
||||||
|
warnMsg = "sqlmap requires 'python websocket-client' third-party library for "
|
||||||
|
warnMsg += "if you plan to attack a web application behind websocket. "
|
||||||
|
warnMsg += "Download from https://pypi.python.org/pypi/websocket-client/"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
missing_libraries.add('websocket-client')
|
||||||
|
|
||||||
if IS_WIN:
|
if IS_WIN:
|
||||||
try:
|
try:
|
||||||
import pyreadline
|
import pyreadline
|
||||||
|
|
Loading…
Reference in New Issue
Block a user