2019-03-21 14:00:09 +01:00
|
|
|
#!/usr/bin/env python2
|
2012-06-04 19:46:28 +00:00
|
|
|
|
|
|
|
|
"""
|
2019-01-05 21:38:52 +01:00
|
|
|
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
2017-10-11 14:50:46 +02:00
|
|
|
See the file 'LICENSE' for copying permission
|
2012-06-04 19:46:28 +00:00
|
|
|
"""
|
|
|
|
|
|
2015-12-18 17:15:59 +01:00
|
|
|
import distutils.version
|
2016-11-04 15:04:38 +01:00
|
|
|
import re
|
2012-06-04 19:46:28 +00:00
|
|
|
import socket
|
|
|
|
|
|
2019-03-29 02:28:16 +01:00
|
|
|
from lib.core.common import filterNone
|
2015-09-10 15:51:33 +02:00
|
|
|
from lib.core.common import getSafeExString
|
2018-06-08 15:13:50 +02:00
|
|
|
from lib.core.data import conf
|
2015-06-01 10:45:16 +02:00
|
|
|
from lib.core.data import kb
|
2012-06-04 19:46:28 +00:00
|
|
|
from lib.core.data import logger
|
2012-12-06 14:14:19 +01:00
|
|
|
from lib.core.exception import SqlmapConnectionException
|
2015-12-18 17:15:59 +01:00
|
|
|
from lib.core.settings import PYVERSION
|
2019-03-27 13:33:46 +01:00
|
|
|
from thirdparty.six.moves import http_client as _http_client
|
|
|
|
|
from thirdparty.six.moves import urllib as _urllib
|
2012-06-04 19:46:28 +00:00
|
|
|
|
|
|
|
|
ssl = None
|
|
|
|
|
try:
|
|
|
|
|
import ssl as _ssl
|
|
|
|
|
ssl = _ssl
|
|
|
|
|
except ImportError:
|
|
|
|
|
pass
|
|
|
|
|
|
2019-03-29 02:28:16 +01:00
|
|
|
_protocols = filterNone(getattr(ssl, _, None) for _ in ("PROTOCOL_TLSv1_2", "PROTOCOL_TLSv1_1", "PROTOCOL_TLSv1", "PROTOCOL_SSLv3", "PROTOCOL_SSLv23", "PROTOCOL_SSLv2"))
|
2012-06-04 19:46:28 +00:00
|
|
|
|
2019-03-27 13:33:46 +01:00
|
|
|
class HTTPSConnection(_http_client.HTTPSConnection):
|
2012-06-04 19:46:28 +00:00
|
|
|
"""
|
|
|
|
|
Connection class that enables usage of newer SSL protocols.
|
|
|
|
|
|
|
|
|
|
Reference: http://bugs.python.org/msg128686
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def __init__(self, *args, **kwargs):
|
2019-03-27 13:33:46 +01:00
|
|
|
_http_client.HTTPSConnection.__init__(self, *args, **kwargs)
|
2012-06-04 19:46:28 +00:00
|
|
|
|
|
|
|
|
def connect(self):
|
|
|
|
|
def create_sock():
|
|
|
|
|
sock = socket.create_connection((self.host, self.port), self.timeout)
|
|
|
|
|
if getattr(self, "_tunnel_host", None):
|
|
|
|
|
self.sock = sock
|
|
|
|
|
self._tunnel()
|
|
|
|
|
return sock
|
|
|
|
|
|
|
|
|
|
success = False
|
2012-06-04 19:52:51 +00:00
|
|
|
|
2015-11-25 13:04:34 +01:00
|
|
|
# Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
|
|
|
|
|
# https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
|
2018-06-08 15:13:50 +02:00
|
|
|
if re.search(r"\A[\d.]+\Z", self.host) is None and kb.tlsSNI.get(self.host) is not False and not any((conf.proxy, conf.tor)) and hasattr(ssl, "SSLContext"):
|
2019-05-03 01:20:10 +02:00
|
|
|
for protocol in [_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1]:
|
2015-06-01 10:45:16 +02:00
|
|
|
try:
|
|
|
|
|
sock = create_sock()
|
2015-11-25 13:04:34 +01:00
|
|
|
context = ssl.SSLContext(protocol)
|
2015-12-06 23:49:22 +01:00
|
|
|
_ = context.wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host)
|
2015-06-01 10:45:16 +02:00
|
|
|
if _:
|
|
|
|
|
success = True
|
|
|
|
|
self.sock = _
|
|
|
|
|
_protocols.remove(protocol)
|
|
|
|
|
_protocols.insert(0, protocol)
|
|
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
sock.close()
|
2019-03-27 13:33:46 +01:00
|
|
|
except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:
|
2015-06-01 10:45:16 +02:00
|
|
|
self._tunnel_host = None
|
2015-09-10 15:51:33 +02:00
|
|
|
logger.debug("SSL connection error occurred ('%s')" % getSafeExString(ex))
|
2015-06-01 10:45:16 +02:00
|
|
|
|
2015-12-06 23:49:22 +01:00
|
|
|
if kb.tlsSNI.get(self.host) is None:
|
|
|
|
|
kb.tlsSNI[self.host] = success
|
2015-11-25 13:04:34 +01:00
|
|
|
|
|
|
|
|
if not success:
|
|
|
|
|
for protocol in _protocols:
|
2015-06-01 10:45:16 +02:00
|
|
|
try:
|
|
|
|
|
sock = create_sock()
|
2015-11-25 13:04:34 +01:00
|
|
|
_ = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=protocol)
|
2015-06-01 10:45:16 +02:00
|
|
|
if _:
|
2015-11-25 13:04:34 +01:00
|
|
|
success = True
|
2015-06-01 10:45:16 +02:00
|
|
|
self.sock = _
|
|
|
|
|
_protocols.remove(protocol)
|
|
|
|
|
_protocols.insert(0, protocol)
|
|
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
sock.close()
|
2019-03-27 13:33:46 +01:00
|
|
|
except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:
|
2015-06-01 10:45:16 +02:00
|
|
|
self._tunnel_host = None
|
2015-09-10 15:51:33 +02:00
|
|
|
logger.debug("SSL connection error occurred ('%s')" % getSafeExString(ex))
|
2012-06-04 19:46:28 +00:00
|
|
|
|
|
|
|
|
if not success:
|
2015-12-18 17:15:59 +01:00
|
|
|
errMsg = "can't establish SSL connection"
|
2016-08-02 12:38:57 +02:00
|
|
|
# Reference: https://docs.python.org/2/library/ssl.html
|
|
|
|
|
if distutils.version.LooseVersion(PYVERSION) < distutils.version.LooseVersion("2.7.9"):
|
|
|
|
|
errMsg += " (please retry with Python >= 2.7.9)"
|
2015-12-18 17:15:59 +01:00
|
|
|
raise SqlmapConnectionException(errMsg)
|
2012-06-04 19:46:28 +00:00
|
|
|
|
2019-03-27 13:33:46 +01:00
|
|
|
class HTTPSHandler(_urllib.request.HTTPSHandler):
|
2012-06-04 19:46:28 +00:00
|
|
|
def https_open(self, req):
|
2019-03-27 13:33:46 +01:00
|
|
|
return self.do_open(HTTPSConnection if ssl else _http_client.HTTPSConnection, req)
|
