This commit is contained in:
Miroslav Stampar 2022-11-01 23:26:15 +01:00
parent c382321134
commit eda669e10b
4 changed files with 9 additions and 10 deletions

View File

@ -278,6 +278,7 @@ else:
buffer = buffer buffer = buffer
try: try:
from pkg_resources import parse_version as LooseVersion from packaging import version
LooseVersion = version.parse
except ImportError: except ImportError:
from distutils.version import LooseVersion from distutils.version import LooseVersion

View File

@ -2166,7 +2166,6 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.testType = None kb.testType = None
kb.threadContinue = True kb.threadContinue = True
kb.threadException = False kb.threadException = False
kb.tlsSNI = {}
kb.uChar = NULL kb.uChar = NULL
kb.udfFail = False kb.udfFail = False
kb.unionDuplicates = False kb.unionDuplicates = False

View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.6.10.8" VERSION = "1.6.11.2"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -63,19 +63,21 @@ class HTTPSConnection(_http_client.HTTPSConnection):
# Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
# https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni # https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
if re.search(r"\A[\d.]+\Z", self.host or "") is None and kb.tlsSNI.get(self.host) is not False and hasattr(ssl, "SSLContext"): if hasattr(ssl, "SSLContext"):
for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1): for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1):
try: try:
sock = create_sock() sock = create_sock()
if protocol not in _contexts: if protocol not in _contexts:
_contexts[protocol] = ssl.SSLContext(protocol) _contexts[protocol] = ssl.SSLContext(protocol)
if self.cert_file and self.key_file:
_contexts[protocol].load_cert_chain(certfile=self.cert_file, keyfile=self.key_file)
try: try:
# Reference(s): https://askubuntu.com/a/1263098 # Reference(s): https://askubuntu.com/a/1263098
# https://askubuntu.com/a/1250807 # https://askubuntu.com/a/1250807
_contexts[protocol].set_ciphers("DEFAULT@SECLEVEL=1") _contexts[protocol].set_ciphers("DEFAULT@SECLEVEL=1")
except ssl.SSLError: except ssl.SSLError:
pass pass
result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host) result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host if re.search(r"\A[\d.]+\Z", self.host or "") is None else None)
if result: if result:
success = True success = True
self.sock = result self.sock = result
@ -88,14 +90,11 @@ class HTTPSConnection(_http_client.HTTPSConnection):
self._tunnel_host = None self._tunnel_host = None
logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex))) logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
if kb.tlsSNI.get(self.host) is None: elif hasattr(ssl, "wrap_socket"):
kb.tlsSNI[self.host] = success
if not success:
for protocol in _protocols: for protocol in _protocols:
try: try:
sock = create_sock() sock = create_sock()
_ = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=protocol) _ = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=protocol)
if _: if _:
success = True success = True
self.sock = _ self.sock = _