From d058cc820de9a83250934abe673d9b982bf3f52d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 20 Feb 2025 23:32:58 +0100 Subject: [PATCH 1/4] Minor fixes for --http2 (#4402) --- data/txt/sha256sums.txt | 6 +++--- lib/core/option.py | 3 ++- lib/core/settings.py | 2 +- lib/request/connect.py | 9 +++++++-- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 9f8158a85..d617a4be4 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -181,14 +181,14 @@ ec8d94fb704c0a40c88f5f283624cda025e2ea0e8b68722fe156c2b5676f53ac lib/core/dicts 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/core/__init__.py 53499dc202a036289e3b2b9699d19568e794d077e16fd3a5c91771983de45451 lib/core/log.py bcb54f1813b3757fe717d7b4f3429fbcd08ff416af1100b716708955702e66d6 lib/core/optiondict.py -ceea031ce1a49a20af689d750d33d057e38a7c631f008872b04f380e2de39bb9 lib/core/option.py +2f007b088aad979f75c4d864603dfc685da5be219ae116f2bb0d6445d2db4f83 lib/core/option.py 81275fdbd463d89a2bfd8c00417a17a872aad74f34c18e44be79c0503e67dfa5 lib/core/patch.py e79df3790f16f67988e46f94b0a516d7ee725967f7698c8e17f210e4052203a7 lib/core/profiling.py c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readlineng.py 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -2511201edc299a8efca0f9f5b55423503ef5e5982c16c4938ec4b0be842abb6f lib/core/settings.py +c031ca6d1fbf0edc82217fb8879e7abc4a8072b06b89e0f02f799e7f81859974 lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py @@ -211,7 +211,7 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d lib/parse/site 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8 lib/request/basic.py 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1 lib/request/chunkedhandler.py ad661a075c6df0624747722d77ca3b1f69f36e54708e33673a33cfdef1ed5075 lib/request/comparison.py -40543c462d261c8cec1ec1f68033bd3d7b4e72688aa9eb564b2c474947a449da lib/request/connect.py +b4069953848b81a59e6ce4817ac4705a2f6d2471d1c828a504766db48cf66651 lib/request/connect.py 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e lib/request/direct.py 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d lib/request/dns.py 2dd88e1f75c0ee54c335d5d0d9199216194aa299bd8ce99dca333c2e4f9ea38b lib/request/httpshandler.py diff --git a/lib/core/option.py b/lib/core/option.py index ce120ad72..a530bd158 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1175,7 +1175,7 @@ def _setHTTPHandlers(): proxyString = "" proxyString += "%s:%d" % (hostname, port) - proxyHandler.proxies = {"http": proxyString, "https": proxyString} + proxyHandler.proxies = kb.proxies = {"http": proxyString, "https": proxyString} proxyHandler.__init__(proxyHandler.proxies) @@ -2151,6 +2151,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.previousMethod = None kb.processNonCustom = None kb.processUserMarks = None + kb.proxies = None kb.proxyAuthHeader = None kb.queryCounter = 0 kb.randomPool = {} diff --git a/lib/core/settings.py b/lib/core/settings.py index eb8bc70a3..c3a98fb06 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.2.10" +VERSION = "1.9.2.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index bbe3ecb16..02b485b8c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -615,10 +615,15 @@ class Connect(object): if conf.http2: try: import httpx - with httpx.Client(verify=False, http2=True, timeout=timeout, follow_redirects=True, cookies=conf.cj) as client: - conn = client.request(method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET), url, headers=headers, data=post) except ImportError: raise SqlmapMissingDependence("httpx[http2] not available (e.g. 'pip%s install httpx[http2]')" % ('3' if six.PY3 else "")) + + try: + proxy_mounts = dict(("%s://" % key, httpx.HTTPTransport(proxy="%s%s" % ("http://" if not "://" in kb.proxies[key] else "", kb.proxies[key]))) for key in kb.proxies) if kb.proxies else None + with httpx.Client(verify=False, http2=True, timeout=timeout, follow_redirects=True, cookies=conf.cj, mounts=proxy_mounts) as client: + conn = client.request(method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET), url, headers=headers, data=post) + except httpx.ConnectError as ex: + raise _http_client.HTTPException(getSafeExString(ex)) else: conn.code = conn.status_code conn.msg = conn.reason_phrase From ab5d5b3401ade84c90730b7ce12ff314d76961a3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 20 Feb 2025 23:50:20 +0100 Subject: [PATCH 2/4] Minor update (adding support for silent mode) --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 5 ++++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index d617a4be4..563a00eab 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -c031ca6d1fbf0edc82217fb8879e7abc4a8072b06b89e0f02f799e7f81859974 lib/core/settings.py +10e31751611c9eacabdd2c2514fafc887e00f33969393c4f87145feae32c53cc lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py @@ -199,7 +199,7 @@ b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625 lib/core/testi 12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30 lib/core/wordlist.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/__init__.py a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2 lib/parse/banner.py -f8d1701df33a31920e2ebf9a23fa7b6f4ccd2aff22b4ae1e14b495e51e5939fe lib/parse/cmdline.py +2838467a296a05c6c94ddef1f42f1e7cddee3a9e755143bcb70129233056abad lib/parse/cmdline.py 3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac lib/parse/configfile.py ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64 lib/parse/handler.py 3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c lib/parse/headers.py diff --git a/lib/core/settings.py b/lib/core/settings.py index c3a98fb06..34f579c5b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.2.11" +VERSION = "1.9.2.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 298e94c6c..30951855b 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -1010,6 +1010,10 @@ def cmdLineParser(argv=None): argv[i] = "" elif argv[i] in DEPRECATED_OPTIONS: argv[i] = "" + elif argv[i] in ("-s", "--silent"): + if i + 1 < len(argv) and argv[i + 1].startswith('-') or i + 1 == len(argv): + argv[i] = "" + conf.verbose = 0 elif argv[i].startswith("--data-raw"): argv[i] = argv[i].replace("--data-raw", "--data", 1) elif argv[i].startswith("--auth-creds"): @@ -1018,7 +1022,6 @@ def cmdLineParser(argv=None): argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1) elif re.search(r"\A--tamper[^=\s]", argv[i]): argv[i] = "" - continue elif re.search(r"\A(--(tamper|ignore-code|skip))(?!-)", argv[i]): key = re.search(r"\-?\-(\w+)\b", argv[i]).group(1) index = auxIndexes.get(key, None) From c0ad1092cb7e9c9649d94019c5ce8291690314bb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 20 Feb 2025 23:57:13 +0100 Subject: [PATCH 3/4] Minor patch --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 563a00eab..1587ff0a8 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -10e31751611c9eacabdd2c2514fafc887e00f33969393c4f87145feae32c53cc lib/core/settings.py +62bc4931b48279f8965809bbde1139d9294d86bb3b4b4ded50fab600130bc72c lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py @@ -211,7 +211,7 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d lib/parse/site 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8 lib/request/basic.py 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1 lib/request/chunkedhandler.py ad661a075c6df0624747722d77ca3b1f69f36e54708e33673a33cfdef1ed5075 lib/request/comparison.py -b4069953848b81a59e6ce4817ac4705a2f6d2471d1c828a504766db48cf66651 lib/request/connect.py +7345c12a0a1d4c583766b46ba38263cbc4603a85aa4216deddd62958d4e5d596 lib/request/connect.py 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e lib/request/direct.py 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d lib/request/dns.py 2dd88e1f75c0ee54c335d5d0d9199216194aa299bd8ce99dca333c2e4f9ea38b lib/request/httpshandler.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 34f579c5b..52a3dc7e5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.2.12" +VERSION = "1.9.2.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 02b485b8c..0fce5106e 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -622,7 +622,7 @@ class Connect(object): proxy_mounts = dict(("%s://" % key, httpx.HTTPTransport(proxy="%s%s" % ("http://" if not "://" in kb.proxies[key] else "", kb.proxies[key]))) for key in kb.proxies) if kb.proxies else None with httpx.Client(verify=False, http2=True, timeout=timeout, follow_redirects=True, cookies=conf.cj, mounts=proxy_mounts) as client: conn = client.request(method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET), url, headers=headers, data=post) - except httpx.ConnectError as ex: + except (httpx.HTTPError, httpx.InvalidURL, httpx.CookieConflict, httpx.StreamError) as ex: raise _http_client.HTTPException(getSafeExString(ex)) else: conn.code = conn.status_code From a1fc4da3eb0ca5441630c88a8f9dea658f05d305 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 21 Feb 2025 12:13:05 +0100 Subject: [PATCH 4/4] Update of six third-party library --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- thirdparty/six/__init__.py | 13 +++++++++---- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 1587ff0a8..cf3f3a9b3 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -62bc4931b48279f8965809bbde1139d9294d86bb3b4b4ded50fab600130bc72c lib/core/settings.py +1266dca805f171c1f364e43abc30b849842c23504be7f7581a3a4028e3b1e16d lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py @@ -620,7 +620,7 @@ ef70b88cc969a3e259868f163ad822832f846196e3f7d7eccb84958c80b7f696 thirdparty/odi 8df6e8c60eac4c83b1bf8c4e0e0276a4caa3c5f0ca57bc6a2116f31f19d3c33f thirdparty/prettyprint/prettyprint.py 3739db672154ad4dfa05c9ac298b0440f3f1500c6a3697c2b8ac759479426b84 thirdparty/pydes/__init__.py d1d54fc08f80148a4e2ac5eee84c8475617e8c18bfbde0dfe6894c0f868e4659 thirdparty/pydes/pyDes.py -1c61d71502a80f642ff34726aa287ac40c1edd8f9239ce2e094f6fded00d00d4 thirdparty/six/__init__.py +c51c91f703d3d4b3696c923cb5fec213e05e75d9215393befac7f2fa6a3904df thirdparty/six/__init__.py e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/socks/__init__.py 7027e214e014eb78b7adcc1ceda5aca713a79fc4f6a0c52c9da5b3e707e6ffe9 thirdparty/socks/LICENSE 543217f63a4f0a7e7b4f9063058d2173099d54d010a6a4432e15a97f76456520 thirdparty/socks/socks.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 52a3dc7e5..2c5e66ec3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.2.13" +VERSION = "1.9.2.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/six/__init__.py b/thirdparty/six/__init__.py index d4fe9849f..3de5969b1 100644 --- a/thirdparty/six/__init__.py +++ b/thirdparty/six/__init__.py @@ -1,4 +1,4 @@ -# Copyright (c) 2010-2020 Benjamin Peterson +# Copyright (c) 2010-2024 Benjamin Peterson # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ import sys import types __author__ = "Benjamin Peterson " -__version__ = "1.16.0" +__version__ = "1.17.0" # Useful for very coarse version differentiation. @@ -435,12 +435,17 @@ _urllib_request_moved_attributes = [ MovedAttribute("HTTPErrorProcessor", "urllib2", "urllib.request"), MovedAttribute("urlretrieve", "urllib", "urllib.request"), MovedAttribute("urlcleanup", "urllib", "urllib.request"), - MovedAttribute("URLopener", "urllib", "urllib.request"), - MovedAttribute("FancyURLopener", "urllib", "urllib.request"), MovedAttribute("proxy_bypass", "urllib", "urllib.request"), MovedAttribute("parse_http_list", "urllib2", "urllib.request"), MovedAttribute("parse_keqv_list", "urllib2", "urllib.request"), ] +if sys.version_info[:2] < (3, 14): + _urllib_request_moved_attributes.extend( + [ + MovedAttribute("URLopener", "urllib", "urllib.request"), + MovedAttribute("FancyURLopener", "urllib", "urllib.request"), + ] + ) for attr in _urllib_request_moved_attributes: setattr(Module_six_moves_urllib_request, attr.name, attr) del attr