mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 19:43:48 +03:00
269 lines
8.3 KiB
Python
269 lines
8.3 KiB
Python
#!/usr/bin/env python
|
|
|
|
"""
|
|
$Id$
|
|
|
|
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
|
|
|
|
Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
|
and Daniele Bellucci <daniele.bellucci@gmail.com>
|
|
|
|
sqlmap is free software; you can redistribute it and/or modify it under
|
|
the terms of the GNU General Public License as published by the Free
|
|
Software Foundation version 2 of the License.
|
|
|
|
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
|
details.
|
|
|
|
You should have received a copy of the GNU General Public License along
|
|
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
|
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
"""
|
|
|
|
|
|
|
|
import httplib
|
|
import md5
|
|
import re
|
|
import socket
|
|
import time
|
|
import urllib2
|
|
import urlparse
|
|
|
|
from lib.contrib import multipartpost
|
|
from lib.core.convert import urlencode
|
|
from lib.core.data import conf
|
|
from lib.core.data import kb
|
|
from lib.core.data import logger
|
|
from lib.core.exception import sqlmapConnectionException
|
|
from lib.request.basic import forgeHeaders
|
|
from lib.request.basic import parseResponse
|
|
|
|
|
|
|
|
class Connect:
|
|
"""
|
|
This class defines methods used to perform HTTP requests
|
|
"""
|
|
|
|
@staticmethod
|
|
def getPage(**kwargs):
|
|
"""
|
|
This method connects to the target url or proxy and returns
|
|
the target url page content
|
|
"""
|
|
|
|
url = kwargs.get('url', conf.url).replace(" ", "%20")
|
|
get = kwargs.get('get', None)
|
|
post = kwargs.get('post', None)
|
|
cookie = kwargs.get('cookie', None)
|
|
ua = kwargs.get('ua', None)
|
|
direct = kwargs.get('direct', False)
|
|
multipart = kwargs.get('multipart', False)
|
|
|
|
cookieStr = ""
|
|
requestMsg = "HTTP request:\n%s " % conf.method
|
|
responseMsg = "HTTP response "
|
|
requestHeaders = ""
|
|
responseHeaders = ""
|
|
|
|
if re.search("http[s]*://%s" % conf.hostname, url, re.I):
|
|
requestMsg += "%s" % conf.path or "/"
|
|
else:
|
|
requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/"
|
|
|
|
if direct:
|
|
if "?" in url:
|
|
url, params = url.split("?")
|
|
params = urlencode(params).replace("%%", "%")
|
|
url = "%s?%s" % (url, params)
|
|
requestMsg += "?%s" % params
|
|
|
|
elif multipart:
|
|
multipartOpener = urllib2.build_opener(multipartpost.MultipartPostHandler)
|
|
conn = multipartOpener.open(url, multipart)
|
|
page = conn.read()
|
|
return page
|
|
|
|
else:
|
|
if conf.parameters.has_key("GET") and not get:
|
|
get = conf.parameters["GET"]
|
|
|
|
if get:
|
|
get = urlencode(get).replace("%%", "%")
|
|
url = "%s?%s" % (url, get)
|
|
requestMsg += "?%s" % get
|
|
|
|
if conf.method == "POST":
|
|
if conf.parameters.has_key("POST") and not post:
|
|
post = conf.parameters["POST"]
|
|
|
|
post = urlencode(post).replace("%%", "%")
|
|
|
|
requestMsg += " HTTP/1.1"
|
|
|
|
if cookie:
|
|
# TODO: sure about encoding the cookie?
|
|
#cookie = urlencode(cookie).replace("%%", "%")
|
|
cookie = cookie.replace("%%", "%")
|
|
|
|
try:
|
|
# Perform HTTP request
|
|
headers = forgeHeaders(cookie, ua)
|
|
req = urllib2.Request(url, post, headers)
|
|
conn = urllib2.urlopen(req)
|
|
|
|
if not req.has_header("Accept-Encoding"):
|
|
requestHeaders += "\nAccept-Encoding: identity"
|
|
|
|
requestHeaders = "\n".join(["%s: %s" % (header, value) for header, value in req.header_items()])
|
|
|
|
for _, cookie in enumerate(conf.cj):
|
|
if not cookieStr:
|
|
cookieStr = "Cookie: "
|
|
|
|
cookie = str(cookie)
|
|
index = cookie.index(" for ")
|
|
|
|
cookieStr += "%s; " % cookie[8:index]
|
|
|
|
if not req.has_header("Cookie") and cookieStr:
|
|
requestHeaders += "\n%s" % cookieStr[:-2]
|
|
|
|
if not req.has_header("Connection"):
|
|
requestHeaders += "\nConnection: close"
|
|
|
|
requestMsg += "\n%s" % requestHeaders
|
|
|
|
if post:
|
|
requestMsg += "\n%s" % post
|
|
|
|
requestMsg += "\n"
|
|
|
|
logger.log(9, requestMsg)
|
|
|
|
# Get HTTP response
|
|
page = conn.read()
|
|
code = conn.code
|
|
status = conn.msg
|
|
responseHeaders = conn.info()
|
|
|
|
except urllib2.HTTPError, e:
|
|
if e.code == 401:
|
|
exceptionMsg = "not authorized, try to provide right HTTP "
|
|
exceptionMsg += "authentication type and valid credentials"
|
|
raise sqlmapConnectionException, exceptionMsg
|
|
else:
|
|
page = e.read()
|
|
code = e.code
|
|
status = e.msg
|
|
responseHeaders = e.info()
|
|
|
|
except (urllib2.URLError, socket.error), _:
|
|
warnMsg = "unable to connect to the target url"
|
|
|
|
if conf.multipleTargets:
|
|
warnMsg += ", skipping to next url"
|
|
logger.warn(warnMsg)
|
|
|
|
return None
|
|
else:
|
|
warnMsg += " or proxy"
|
|
raise sqlmapConnectionException, warnMsg
|
|
|
|
except socket.timeout, _:
|
|
warnMsg = "connection timed out to the target url"
|
|
|
|
if conf.multipleTargets:
|
|
warnMsg += ", skipping to next url"
|
|
logger.warn(warnMsg)
|
|
|
|
return None
|
|
else:
|
|
warnMsg += " or proxy"
|
|
raise sqlmapConnectionException, warnMsg
|
|
|
|
except httplib.BadStatusLine, _:
|
|
warnMsg = "the target url responded with an unknown HTTP "
|
|
warnMsg += "status code, try to force the HTTP User-Agent "
|
|
warnMsg += "header with option --user-agent or -a"
|
|
|
|
if conf.multipleTargets:
|
|
warnMsg += ", skipping to next url"
|
|
logger.warn(warnMsg)
|
|
|
|
return None
|
|
else:
|
|
raise sqlmapConnectionException, warnMsg
|
|
|
|
parseResponse(page, responseHeaders)
|
|
responseMsg += "(%s - %d):\n" % (status, code)
|
|
|
|
if conf.verbose <= 4:
|
|
responseMsg += str(responseHeaders)
|
|
elif conf.verbose > 4:
|
|
responseMsg += "%s\n%s\n" % (responseHeaders, page)
|
|
|
|
logger.log(8, responseMsg)
|
|
|
|
if conf.delay != None and isinstance(conf.delay, (int, float)) and conf.delay > 0:
|
|
time.sleep(conf.delay)
|
|
|
|
return page
|
|
|
|
|
|
@staticmethod
|
|
def queryPage(value=None, place=None, content=False):
|
|
"""
|
|
This method calls a function to get the target url page content
|
|
and returns its page MD5 hash or a boolean value in case of
|
|
string match check ('--string' command line parameter)
|
|
"""
|
|
|
|
get = None
|
|
post = None
|
|
cookie = None
|
|
ua = None
|
|
|
|
if not place:
|
|
place = kb.injPlace
|
|
|
|
if conf.parameters.has_key("GET"):
|
|
if place == "GET" and value:
|
|
get = value
|
|
else:
|
|
get = conf.parameters["GET"]
|
|
|
|
if conf.parameters.has_key("POST"):
|
|
if place == "POST" and value:
|
|
post = value
|
|
else:
|
|
post = conf.parameters["POST"]
|
|
|
|
if conf.parameters.has_key("Cookie"):
|
|
if place == "Cookie" and value:
|
|
cookie = value
|
|
else:
|
|
cookie = conf.parameters["Cookie"]
|
|
|
|
if conf.parameters.has_key("User-Agent"):
|
|
if place == "User-Agent" and value:
|
|
ua = value
|
|
else:
|
|
ua = conf.parameters["User-Agent"]
|
|
|
|
page = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua)
|
|
|
|
# TODO: create a comparison library and move these checks there
|
|
if content:
|
|
return page
|
|
elif conf.string:
|
|
if conf.string in page:
|
|
return True
|
|
else:
|
|
return False
|
|
else:
|
|
return md5.new(page).hexdigest()
|