few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")

2025-12-06 20:51:31 +00:00 · 2011-07-06 05:44:47 +00:00
parent b8ffcf9495
commit 93b296e02c
12 changed files with 146 additions and 61 deletions
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -45,6 +45,7 @@ from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
+from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
 from lib.core.settings import HTTP_SILENT_TIMEOUT
 from lib.core.settings import META_REFRESH_REGEX
 from lib.core.settings import IS_WIN
@@ -224,6 +225,8 @@ class Connect:
            if kb.proxyAuthHeader:
                headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader

+            headers[HTTPHEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
+
            headers[HTTPHEADER.HOST] = urlparse.urlparse(url).netloc

            if any(map(lambda x: headers[HTTPHEADER.HOST].endswith(':%d' % x), [80, 443])):
@@ -498,10 +501,11 @@ class Connect:
        page = None
        pageLength = None
        uri = None
-        raise404 = place != PLACE.URI if raise404 is None else raise404

        if not place:
-            place = kb.injection.place
+            place = kb.injection.place or PLACE.GET
+
+        raise404 = place != PLACE.URI if raise404 is None else raise404

        payload = agent.extractPayload(value)
        threadData = getCurrentThreadData()