mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Implementation for an Issue #2505
This commit is contained in:
parent
ee5b5cdcbc
commit
d3a08a2d22
|
@ -65,6 +65,8 @@ from lib.core.exception import SqlmapNoneDataException
|
|||
from lib.core.exception import SqlmapSilentQuitException
|
||||
from lib.core.exception import SqlmapUserQuitException
|
||||
from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH
|
||||
from lib.core.settings import CHECK_INTERNET_ADDRESS
|
||||
from lib.core.settings import CHECK_INTERNET_VALUE
|
||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||
from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
|
||||
from lib.core.settings import FI_ERROR_REGEX
|
||||
|
@ -1501,6 +1503,10 @@ def checkConnection(suppressOutput=False):
|
|||
|
||||
return True
|
||||
|
||||
def checkInternet():
|
||||
content = Request.getPage(url=CHECK_INTERNET_ADDRESS, checking=True)[0]
|
||||
return CHECK_INTERNET_VALUE in (content or "")
|
||||
|
||||
def setVerbosity(): # Cross-linked function
|
||||
raise NotImplementedError
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
import os
|
||||
import re
|
||||
import time
|
||||
|
||||
from lib.controller.action import action
|
||||
from lib.controller.checks import checkSqlInjection
|
||||
|
@ -15,6 +16,7 @@ from lib.controller.checks import checkStability
|
|||
from lib.controller.checks import checkString
|
||||
from lib.controller.checks import checkRegexp
|
||||
from lib.controller.checks import checkConnection
|
||||
from lib.controller.checks import checkInternet
|
||||
from lib.controller.checks import checkNullConnection
|
||||
from lib.controller.checks import checkWaf
|
||||
from lib.controller.checks import heuristicCheckSqlInjection
|
||||
|
@ -276,6 +278,21 @@ def start():
|
|||
|
||||
for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
|
||||
try:
|
||||
|
||||
if conf.checkInternet:
|
||||
infoMsg = "[INFO] checking for Internet connection"
|
||||
logger.info(infoMsg)
|
||||
|
||||
if not checkInternet():
|
||||
warnMsg = "[%s] [WARNING] no connection detected" % time.strftime("%X")
|
||||
dataToStdout(warnMsg)
|
||||
|
||||
while not checkInternet():
|
||||
dataToStdout('.')
|
||||
time.sleep(5)
|
||||
|
||||
dataToStdout("\n")
|
||||
|
||||
conf.url = targetUrl
|
||||
conf.method = targetMethod.upper() if targetMethod else targetMethod
|
||||
conf.data = targetData
|
||||
|
|
|
@ -196,6 +196,7 @@ optDict = {
|
|||
"batch": "boolean",
|
||||
"binaryFields": "string",
|
||||
"charset": "string",
|
||||
"checkInternet": "boolean",
|
||||
"crawlDepth": "integer",
|
||||
"crawlExclude": "string",
|
||||
"csvDel": "string",
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.1.5.4"
|
||||
VERSION = "1.1.5.5"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
@ -490,6 +490,12 @@ IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")
|
|||
# Data inside shellcodeexec to be filled with random string
|
||||
SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
|
||||
# Generic address for checking the Internet connection while using switch --check-internet
|
||||
CHECK_INTERNET_ADDRESS = "http://ipinfo.io/"
|
||||
|
||||
# Value to look for in response to CHECK_INTERNET_ADDRESS
|
||||
CHECK_INTERNET_VALUE = "IP Address Details"
|
||||
|
||||
# Vectors used for provoking specific WAF/IPS/IDS behavior(s)
|
||||
WAF_ATTACK_VECTORS = (
|
||||
"", # NIL
|
||||
|
|
|
@ -637,6 +637,10 @@ def cmdLineParser(argv=None):
|
|||
general.add_option("--charset", dest="charset",
|
||||
help="Force character encoding used for data retrieval")
|
||||
|
||||
general.add_option("--check-internet", dest="checkInternet",
|
||||
action="store_true",
|
||||
help="Check Internet connection before assessing the target")
|
||||
|
||||
general.add_option("--crawl", dest="crawlDepth", type="int",
|
||||
help="Crawl the website starting from the target URL")
|
||||
|
||||
|
|
|
@ -257,6 +257,7 @@ class Connect(object):
|
|||
refreshing = kwargs.get("refreshing", False)
|
||||
retrying = kwargs.get("retrying", False)
|
||||
crawling = kwargs.get("crawling", False)
|
||||
checking = kwargs.get("checking", False)
|
||||
skipRead = kwargs.get("skipRead", False)
|
||||
|
||||
if multipart:
|
||||
|
@ -284,7 +285,7 @@ class Connect(object):
|
|||
|
||||
_ = urlparse.urlsplit(url)
|
||||
requestMsg = u"HTTP request [#%d]:\n%s " % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET))
|
||||
requestMsg += ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else "")) if not any((refreshing, crawling)) else url
|
||||
requestMsg += ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else "")) if not any((refreshing, crawling, checking)) else url
|
||||
responseMsg = u"HTTP response "
|
||||
requestHeaders = u""
|
||||
responseHeaders = None
|
||||
|
@ -306,7 +307,7 @@ class Connect(object):
|
|||
params = urlencode(params)
|
||||
url = "%s?%s" % (url, params)
|
||||
|
||||
elif any((refreshing, crawling)):
|
||||
elif any((refreshing, crawling, checking)):
|
||||
pass
|
||||
|
||||
elif target:
|
||||
|
@ -544,6 +545,9 @@ class Connect(object):
|
|||
page = None
|
||||
responseHeaders = None
|
||||
|
||||
if checking:
|
||||
return None, None, None
|
||||
|
||||
try:
|
||||
page = ex.read() if not skipRead else None
|
||||
responseHeaders = ex.info()
|
||||
|
@ -618,7 +622,9 @@ class Connect(object):
|
|||
except (urllib2.URLError, socket.error, socket.timeout, httplib.HTTPException, struct.error, binascii.Error, ProxyError, SqlmapCompressionException, WebSocketException, TypeError):
|
||||
tbMsg = traceback.format_exc()
|
||||
|
||||
if "no host given" in tbMsg:
|
||||
if checking:
|
||||
return None, None, None
|
||||
elif "no host given" in tbMsg:
|
||||
warnMsg = "invalid URL address used (%s)" % repr(url)
|
||||
raise SqlmapSyntaxException(warnMsg)
|
||||
elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg:
|
||||
|
|
|
@ -674,6 +674,9 @@ binaryFields =
|
|||
# Force character encoding used for data retrieval.
|
||||
charset =
|
||||
|
||||
# Check Internet connection before assessing the target.
|
||||
checkInternet = False
|
||||
|
||||
# Crawl the website starting from the target URL.
|
||||
# Valid: integer
|
||||
# Default: 0
|
||||
|
|
|
@ -21,8 +21,8 @@ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.
|
|||
310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py
|
||||
7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py
|
||||
7afe836fd97271ccba67b4c0da2482ff lib/controller/action.py
|
||||
95fda7f284e0a882634cf5e94cbb73e1 lib/controller/checks.py
|
||||
df647d57cf02cc0e4bda6b8ccc9d8138 lib/controller/controller.py
|
||||
4ea6e0c35aedbdce88bbdff7c8786ae5 lib/controller/checks.py
|
||||
130d1c16708668b8d89605b6b5b38bf5 lib/controller/controller.py
|
||||
52a3969f57170e935e3fc0156335bf2c lib/controller/handler.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
|
||||
60599fbb43b7d5e658b84371d3ad0b42 lib/core/agent.py
|
||||
|
@ -39,14 +39,14 @@ b9ff4e622c416116bee6024c0f050349 lib/core/enums.py
|
|||
9381a0c7e8bc19986299e84f4edda1a0 lib/core/exception.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py
|
||||
9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py
|
||||
ebb778c2d26eba8b34d7d8658e4105a6 lib/core/optiondict.py
|
||||
edcfce0850771e6454acef244d5c5760 lib/core/optiondict.py
|
||||
636485a22f158bec137d63c73aeace5c lib/core/option.py
|
||||
5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py
|
||||
40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py
|
||||
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
|
||||
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
|
||||
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
|
||||
9724eef5ffad3ea233a9340f05210cdb lib/core/settings.py
|
||||
aacedcb97c903d5e754a883f1a7617aa lib/core/settings.py
|
||||
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
|
||||
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
|
||||
155e2d3fda87b2e3ffa4f7a770513946 lib/core/target.py
|
||||
|
@ -57,7 +57,7 @@ ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py
|
|||
4d13ed693401a498b6d073a2a494bd83 lib/core/wordlist.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/__init__.py
|
||||
8c4b04062db2245d9e190b413985202a lib/parse/banner.py
|
||||
aa89ea0c7c44eb74eaaeeccaddc94d39 lib/parse/cmdline.py
|
||||
4185a1ed8fbec400dd297474ac89c357 lib/parse/cmdline.py
|
||||
3a31657bc38f277d0016ff6d50bde61f lib/parse/configfile.py
|
||||
14539f1be714d4f1ed042067d63bc50a lib/parse/handler.py
|
||||
64e5bb3ecbdd75144500588b437ba8da lib/parse/headers.py
|
||||
|
@ -68,7 +68,7 @@ aa89ea0c7c44eb74eaaeeccaddc94d39 lib/parse/cmdline.py
|
|||
403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py
|
||||
aa8abda6eab79646b1759c0653925328 lib/request/basic.py
|
||||
ef48de622b0a6b4a71df64b0d2785ef8 lib/request/comparison.py
|
||||
e5d14d0b8c07e082fb819b515f5b1dfb lib/request/connect.py
|
||||
108ca3607d42bd4923277019a8d6db7d lib/request/connect.py
|
||||
fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py
|
||||
cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py
|
||||
5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user