From 59844b1929fd90f1045f8a097f0a9ed6351a6490 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 18 Aug 2025 11:53:30 +0200 Subject: [PATCH 1/2] Adding switch --http1.0 --- data/txt/sha256sums.txt | 8 ++++---- lib/core/option.py | 10 ++++++---- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 3 +++ sqlmap.conf | 4 ++++ 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index a7e4acc2c7d..a93be373d73 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -181,14 +181,14 @@ c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd lib/core/dump. 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/core/__init__.py 3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35 lib/core/log.py 2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3 lib/core/optiondict.py -3ca1a6759c196aa104130af0ed47826cd01009beaa3fa836a25faabfec7dd18e lib/core/option.py +b244a96aa96ad8da96a60b1cb17a8483c84578523e122834e0bfa40e76ac19f9 lib/core/option.py fd449fe2c707ce06c929fc164cbabb3342f3e4e2b86c06f3efc1fc09ac98a25a lib/core/patch.py 85f10c6195a3a675892d914328173a6fb6a8393120417a2f10071c6e77bfa47d lib/core/profiling.py c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readlineng.py d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -0185f5068de7619c00f423e80026f3c9cbd707f585f62bee7ae1900b086b37d0 lib/core/settings.py +5287d1abed7f2e71a610f9563ec32f71e5177cd5886eefee003d2716cca61dc3 lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py @@ -199,7 +199,7 @@ f7245b99c17ef88cd9a626ca09c0882a5e172bb10a38a5dec9d08da6c8e2d076 lib/core/updat cba481f8c79f4a75bd147b9eb5a1e6e61d70422fceadd12494b1dbaa4f1d27f4 lib/core/wordlist.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/__init__.py 7d1d3e07a1f088428d155c0e1b28e67ecbf5f62775bdeeeb11b4388369dce0f7 lib/parse/banner.py -d361e472853d18f5bf760efc8fb63285354971f77ce97518b8bb17be63e534f1 lib/parse/cmdline.py +c6d1527a26014b58b8a78afb851485227b86798e36551e9ac347522ef89d7a99 lib/parse/cmdline.py f1ad73b6368730b8b8bc2e28b3305445d2b954041717619bede421ccc4381625 lib/parse/configfile.py a96b7093f30b3bf774f5cc7a622867472d64a2ae8b374b43786d155cf6203093 lib/parse/handler.py cfd4857ce17e0a2da312c18dcff28aefaa411f419b4e383b202601c42de40eec lib/parse/headers.py @@ -476,7 +476,7 @@ ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e plugins/generi f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697 README.md 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc sqlmapapi.py 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml -c43cc0dd5b4026083ad420c04705a031504aa503cc99ab2236010c4cbd472d39 sqlmap.conf +a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9 sqlmap.conf 822b706e791eba9b994b08e7600a3adfc3843d360437edfa0bfd588a1f58a13c sqlmap.py 82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a tamper/0eunion.py bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460 tamper/apostrophemask.py diff --git a/lib/core/option.py b/lib/core/option.py index e5fb2a80c0d..e2b20736366 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2517,7 +2517,7 @@ def _setTorSocksProxySettings(): socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, port) socks.wrapmodule(_http_client) -def _setHttpChunked(): +def _setHttpOptions(): if conf.chunked and conf.data: if hasattr(_http_client.HTTPConnection, "_set_content_length"): _http_client.HTTPConnection._set_content_length = lambda self, *args, **kwargs: None @@ -2531,7 +2531,10 @@ def putheader(self, header, *values): _http_client.HTTPConnection.putheader = putheader -def _checkWebSocket(): + if conf.http10: + _http_client.HTTPConnection._http_vsn = 10 + _http_client.HTTPConnection._http_vsn_str = 'HTTP/1.0' + if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")): try: from websocket import ABNF @@ -2918,8 +2921,7 @@ def init(): _setPostprocessFunctions() _setTrafficOutputFP() _setupHTTPCollector() - _setHttpChunked() - _checkWebSocket() + _setHttpOptions() parseTargetDirect() diff --git a/lib/core/settings.py b/lib/core/settings.py index de0c2b2b827..db1d6fbf1ac 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.9.8.5" +VERSION = "1.9.8.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 84dd7d35905..b4d4df7ea9f 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -177,6 +177,9 @@ def cmdLineParser(argv=None): request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true", help="Ignore Set-Cookie header from response") + request.add_argument("--http1.0", dest="http10", action="store_true", + help="Use HTTP version 1.0 (old)") + request.add_argument("--http2", dest="http2", action="store_true", help="Use HTTP version 2 (experimental)") diff --git a/sqlmap.conf b/sqlmap.conf index e40961e180a..9d0ca92db03 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -61,6 +61,10 @@ loadCookies = # Valid: True or False dropSetCookie = False +# Use HTTP version 1.0 (old). +# Valid: True or False +http10 = False + # Use HTTP version 2 (experimental). # Valid: True or False http2 = False From dc89ddcfabf30ecfee5202e1930f9e47008e2436 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 18 Aug 2025 12:14:17 +0200 Subject: [PATCH 2/2] Fixes #5942 --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/utils/har.py | 3 +++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index a93be373d73..245623ef981 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -5287d1abed7f2e71a610f9563ec32f71e5177cd5886eefee003d2716cca61dc3 lib/core/settings.py +135bcf03e88c81d2cb553088c8e7a488467188267ad7940f205509f897515057 lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py @@ -246,7 +246,7 @@ af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16 lib/utils/brut 828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55 lib/utils/crawler.py 56b93ba38f127929346f54aa75af0db5f46f9502b16acfe0d674a209de6cad2d lib/utils/deps.py 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437 lib/utils/getch.py -e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636 lib/utils/har.py +4979120bbbc030eaef97147ee9d7d564d9683989059b59be317153cdaa23d85b lib/utils/har.py 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d lib/utils/hashdb.py d1b4cea5658c0936e2003f01fbf7a9e6f6d6cd8503815cb2c358ed0c0e2f147f lib/utils/hash.py ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543 lib/utils/httpd.py diff --git a/lib/core/settings.py b/lib/core/settings.py index db1d6fbf1ac..af990ee4370 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.9.8.6" +VERSION = "1.9.8.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/har.py b/lib/utils/har.py index 47eb7526912..0135082519f 100644 --- a/lib/utils/har.py +++ b/lib/utils/har.py @@ -162,6 +162,9 @@ def parse(cls, raw): response = _http_client.HTTPResponse(FakeSocket(altered)) response.begin() + # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5942 + response.length = len(raw[raw.find(b"\r\n\r\n") + 4:]) + try: content = response.read() except _http_client.IncompleteRead: