Thread: [sqlmap-users] sqlmap through proxy
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: David A. <dav...@gm...> - 2011-06-17 10:07:44
|
Hello, I am in a scenario where all web traffic is managed by a proxy, my local DNS is not able to resolve external domain names, so I have installed a local proxy to authenticate into the corporate proxy. The web browser uses my local proxy at 127.0.0.1:8080 sqlmap give me an error because it can't resolve the domain name, because it is using my local DNS, instead of ask to proxy: $>python sqlmap.py -u 'https://myserver/myapp/...?param1' -p param1 --proxy http://127.0.0.1:8080 sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 11:54:28 [11:54:29] [INFO] using 'path' as session file [11:54:29] [CRITICAL] host 'myserver' does not exist [*] shutting down at: 11:54:29 Is there an option to not try to resolve the domain name and send requests through the proxy?How could I resolve this problem? Thank you very much. Kind Regards, David Alvarez |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 11:45:10
|
hi David. you won't be able to redirect DNS requests through HTTP(s) proxy for sure. but, there are three ways how you can solve this problem of yours: 1) do the nslookup of the hosts ip address manually and just use the ip address instead or 2) find the hosts file for your platform (e.g. /etc/hosts or c:\Windows\System32\drivers\etc\hosts) and manually enter IP addresses of wanted servers or 3) use proxychains (http://proxychains.sourceforge.net/) - this is the best way if you want everything to be fully automated (e.g. proxychains python sqlmap.py -u ....). read the manual there, install it, configure it and use it. that's pretty it :) kr p.s. please, do the SVN update to upgrade to the latest v1.0-dev from our repository On Fri, Jun 17, 2011 at 12:07 PM, David Alvarez <dav...@gm...> wrote: > Hello, > I am in a scenario where all web traffic is managed by a proxy, my local DNS > is not able to resolve external domain names, so I have installed a local > proxy to authenticate into the corporate proxy. The web browser uses my > local proxy at 127.0.0.1:8080 > sqlmap give me an error because it can't resolve the domain name, because it > is using my local DNS, instead of ask to proxy: > $>python sqlmap.py -u 'https://myserver/myapp/...?param1' -p param1 --proxy > http://127.0.0.1:8080 > sqlmap/0.9 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > [*] starting at: 11:54:28 > [11:54:29] [INFO] using 'path' as session file > [11:54:29] [CRITICAL] host 'myserver' does not exist > [*] shutting down at: 11:54:29 > Is there an option to not try to resolve the domain name and send requests > through the proxy?How could I resolve this problem? > Thank you very much. > Kind Regards, > David Alvarez > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-17 13:42:14
|
Miroslav Stampar wrote: > hi David. > > you won't be able to redirect DNS requests through HTTP(s) proxy for sure. I think there is a misunderstanding here. If you configure an application to route its HTTP(s) requests through a proxy the application itself should not generate any DNS requests. The application will also not send DNS requests to the proxy. The application - in this case sqlmap - should just ask the proxy to send a HTTP request to example.com, the proxy will take care of DNS resolution. I just tried sqlmap with --proxy and this is in my opinion a bug because sqlmap issues DNS queries even if --proxy is used. This bug can be quite serious for the guys using --tor or --proxy http://localhost:8118 because sqlmap will leak DNS queries to the local DNS server. |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:11:28
|
hi buawig. well, sure there is a misunderstanding here :) http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy quote: "Even when connecting via a proxy your browser needs to get the IP address for the web site domain. Generally it will directly query the DNS servers. If you are using a Socks 5 proxy, you can have the DNS queries go through your proxy." there has to be a DNS request when dealing with HTTP proxy. about DNS leaks with TOR. we are aware of this issue and there is no easy way out of it. believe me. I've spent three days searching and implementing and there is NO easy way out of it. we can try to search and use things like "tor-resolve" but it will work just for minor number of cases (users which prepare environment for it). also, remember that solution I was doing for web based nslookup. i still have the code, but it would be a decision on a user to trust it or not. kr On Fri, Jun 17, 2011 at 3:41 PM, <bu...@gm...> wrote: > Miroslav Stampar wrote: >> hi David. >> >> you won't be able to redirect DNS requests through HTTP(s) proxy for sure. > > I think there is a misunderstanding here. > > If you configure an application to route its HTTP(s) requests through a > proxy the application itself should not generate any DNS requests. > The application will also not send DNS requests to the proxy. > > The application - in this case sqlmap - should just ask the proxy to > send a HTTP request to example.com, the proxy will take care of DNS > resolution. > > I just tried sqlmap with --proxy and this is in my opinion a bug because > sqlmap issues DNS queries even if --proxy is used. > > This bug can be quite serious for the guys using > --tor > or > --proxy http://localhost:8118 > because sqlmap will leak DNS queries to the local DNS server. > > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-17 14:26:17
|
Miroslav Stampar wrote: > hi buawig. > > well, sure there is a misunderstanding here :) > > http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy > > quote: > "Even when connecting via a proxy your browser needs to get the IP > address for the web site domain. Generally it will directly query the > DNS servers. If you are using a Socks 5 proxy, you can have the DNS > queries go through your proxy." > > there has to be a DNS request when dealing with HTTP proxy. This is only true if the HTTP Proxy is entered/specified as a hostname and not as an IP address. I just checked this for firefox. Firefox doesn't issue any DNS request when configured to use a HTTP proxy, so why should sqlmap need to issue a DNS request? > about DNS leaks with TOR. we are aware of this issue and there is no > easy way out of it. believe me. I've spent three days searching and > implementing and there is NO easy way out of it. we can try to search > and use things like "tor-resolve" but it will work just for minor > number of cases (users which prepare environment for it). Pidgin recently fixed a DNS leak in their implementation. I don't think this is 'unfixable'. |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:31:14
|
On Fri, Jun 17, 2011 at 4:25 PM, <bu...@gm...> wrote: > Miroslav Stampar wrote: >> hi buawig. >> >> well, sure there is a misunderstanding here :) >> >> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >> >> quote: >> "Even when connecting via a proxy your browser needs to get the IP >> address for the web site domain. Generally it will directly query the >> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >> queries go through your proxy." >> >> there has to be a DNS request when dealing with HTTP proxy. > > This is only true if the HTTP Proxy is entered/specified as a hostname > and not as an IP address. > > I just checked this for firefox. Firefox doesn't issue any DNS request > when configured to use a HTTP proxy, so why should sqlmap need to issue > a DNS request? first of all, sqlmap doesn't issue DNS requests. you have the code, it's open source after all, and you can check it yourself. second, are you using some plugins (like FoxyProxy) or just entered proxy address manually into settings? also, have you tried to issue some new random address like www.asdasdasdasdas.com (maybe your IP address was in DNS cache) > >> about DNS leaks with TOR. we are aware of this issue and there is no >> easy way out of it. believe me. I've spent three days searching and >> implementing and there is NO easy way out of it. we can try to search >> and use things like "tor-resolve" but it will work just for minor >> number of cases (users which prepare environment for it). > > Pidgin recently fixed a DNS leak in their implementation. I don't think > this is 'unfixable'. i like this one :) please, be so kind find the patch and adjust. we'll be more than happy to incorporate it. kr > > > > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-17 14:47:53
|
Miroslav Stampar wrote: > second, are you using some plugins (like FoxyProxy) or just entered > proxy address manually into settings? no plugins, manual settings used to configure proxy. Do you see DNS queries if you configure your browser to use a http proxy? > also, have you tried to issue > some new random address like www.asdasdasdasdas.com (maybe your IP > address was in DNS cache) I used a http://asdfasdfasdfas.com/ and i was surprised that it exists ;) >> Pidgin recently fixed a DNS leak in their implementation. I don't think >> this is 'unfixable'. > > i like this one :) > > please, be so kind find the patch and adjust. we'll be more than happy > to incorporate it. Well, after all it looks like you still don't believe me. I'll try to find some python proxy example code that doesn't leak DNS queries - so we can talk about facts instead of opinions. |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:54:40
|
hi buawig. thank you for this fight. it really appears that we can easily solve this one but "chocking" sockets getaddrinfo in case of proxy which will solve DNS requests in case of HTTP proxy and TOR leaks. this means that i was appereantly under wrong impression. i admit :) but, good luck in finding "python proxy example code that doesn't leak DNS queries". you'll need it :) will commit in a few. kr On Fri, Jun 17, 2011 at 4:47 PM, <bu...@gm...> wrote: > Miroslav Stampar wrote: >> second, are you using some plugins (like FoxyProxy) or just entered >> proxy address manually into settings? > > no plugins, manual settings used to configure proxy. > Do you see DNS queries if you configure your browser to use a http proxy? > >> also, have you tried to issue >> some new random address like www.asdasdasdasdas.com (maybe your IP >> address was in DNS cache) > > I used a http://asdfasdfasdfas.com/ and i was surprised that it exists ;) > >>> Pidgin recently fixed a DNS leak in their implementation. I don't think >>> this is 'unfixable'. >> >> i like this one :) >> >> please, be so kind find the patch and adjust. we'll be more than happy >> to incorporate it. > > Well, after all it looks like you still don't believe me. > I'll try to find some python proxy example code that doesn't leak DNS > queries - so we can talk about facts instead of opinions. > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 15:21:53
|
hi again. please retest it now. i hope that "leakage" is "plugged" now ;) kr On Fri, Jun 17, 2011 at 4:54 PM, Miroslav Stampar <mir...@gm...> wrote: > hi buawig. > > thank you for this fight. it really appears that we can easily solve > this one but "chocking" sockets getaddrinfo in case of proxy which > will solve DNS requests in case of HTTP proxy and TOR leaks. > > this means that i was appereantly under wrong impression. i admit :) > > but, good luck in finding "python proxy example code that doesn't leak > DNS queries". you'll need it :) > > will commit in a few. > > kr > > On Fri, Jun 17, 2011 at 4:47 PM, <bu...@gm...> wrote: >> Miroslav Stampar wrote: >>> second, are you using some plugins (like FoxyProxy) or just entered >>> proxy address manually into settings? >> >> no plugins, manual settings used to configure proxy. >> Do you see DNS queries if you configure your browser to use a http proxy? >> >>> also, have you tried to issue >>> some new random address like www.asdasdasdasdas.com (maybe your IP >>> address was in DNS cache) >> >> I used a http://asdfasdfasdfas.com/ and i was surprised that it exists ;) >> >>>> Pidgin recently fixed a DNS leak in their implementation. I don't think >>>> this is 'unfixable'. >>> >>> i like this one :) >>> >>> please, be so kind find the patch and adjust. we'll be more than happy >>> to incorporate it. >> >> Well, after all it looks like you still don't believe me. >> I'll try to find some python proxy example code that doesn't leak DNS >> queries - so we can talk about facts instead of opinions. >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-18 22:21:55
|
If the proxy returns 504 the hostname is probably not existing, but in anyway the response came not from the upstream target (specified in -u) and should not interpreted as such. http://tools.ietf.org/html/rfc2616#section-10.5.5 |
|
From: Miroslav S. <mir...@gm...> - 2011-06-18 22:42:51
|
quote from that same paragraph: " 10.5.5 504 Gateway Timeout The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request. " it clearly says that 504 is a general timeout without specific "cause". it says that it can be caused by remote server, DNS,... thing is that we don't know what's causing it (neither that 504 says the source as stated from that paragraph) and we need to treat it as any other timeout. also, i don't see any problems with that approach. if you have other idea you are more than welcome to share. kr On Sun, Jun 19, 2011 at 12:21 AM, <bu...@gm...> wrote: > > If the proxy returns 504 the hostname is probably not existing, > but in anyway the response came not from the upstream target (specified > in -u) and should not interpreted as such. > http://tools.ietf.org/html/rfc2616#section-10.5.5 > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: David A. <dav...@gm...> - 2011-06-20 08:05:37
|
Hi, @buawig Thank you for your help. You understood me! @Miroslav Thank you very much for the patch kind regards From: Miroslav Stampar <miroslav.stampar@...<http://gmane.org/get-address.php?address=miroslav.stampar%2dRe5JQEeQqe8AvxtiuMwx3w%40public.gmane.org> > Subject: Re: sqlmap through proxy<http://news.gmane.org/find-root.php?message_id=%3cBANLkTinzosjQ04uiRX3x0srZFPGrUCmouw%40mail.gmail.com%3e> Newsgroups: gmane.comp.security.sqlmap<http://news.gmane.org/gmane.comp.security.sqlmap> Date: 2011-06-19 09:54:19 GMT (22 hours and 4 minutes ago) hi buawig. find it "patched" in the latest commit. kind regards On Sun, Jun 19, 2011 at 1:33 AM, <buawig@... <http://gmane.org/get-address.php?address=buawig%2dRe5JQEeQqe8AvxtiuMwx3w%40public.gmane.org>> wrote: > Miroslav Stampar wrote: >> quote from that same paragraph: >> >> " >> 10.5.5 504 Gateway Timeout >> >> The server, while acting as a gateway or proxy, did not receive a >> timely response from the upstream server specified by the URI (e.g. >> HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed >> to access in attempting to complete the request. >> " >> >> it clearly says that 504 is a general timeout without specific >> "cause". it says that it can be caused by remote server, DNS,... > > Yes I read the paragraph that I linked. ;) > > >> thing is that we don't know what's causing it (neither that 504 says >> the source as stated from that paragraph) and we need to treat it as >> any other timeout. also, i don't see any problems with that approach. > > You probably misunderstood me or I was not clear enough. > The important thing was > "the response came not from the upstream target specified in -u and > should not interpreted as such" > > If sqlmap would treat 504 'as any other timeout' then I wouldn't have > posted the link because that is what I'm expecting - sqlmap should treat > 504 like timeouts, but it does not seam to treat it as a timeout at all: > > test on a _*non*_ existing domain with proxy while the proxy returns 504 > +html page (status page): > > [INFO] testing connection to the target url > [INFO] heuristics detected web page charset 'ascii' > [WARNING] the web server responded with an HTTP error code which could > interfere with the results of the tests > [INFO] testing if the url is stable, wait a few seconds > [WARNING] url is not stable, sqlmap will base the page comparison on a > sequence matcher. If no dynamic nor injectable parameters are detected, > or in case of junk results, refer to user's manual paragraph 'Page > comparison' and provide a string or regular expression to match on > how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] > > >From this output I guess sqlmap interprets the html page from the proxy > (504 status page) as if it were the page from the target and starts > testing. The question is, why does it start testing when it doesn't > reach the target? > > It probably should look like this: > > [INFO] testing connection to the target url > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout), > sqlmap is going to retry the request > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout, > sqlmap is going to retry the request > > [*] shutting down... > > sqlmap should not interpret the html page from the proxy as an html page > from a target if the proxy returns 504 (the reason does not really matter). > > > In future everyone will return 504 to avoid sqlmap scans ;) > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@... <http://gmane.org/get-address.php?address=sqlmap%2dusers%2d5NWGOfrQmneRv%2bLV9MX5uipxlwaOVQ5f%40public.gmane.org> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar On Fri, Jun 17, 2011 at 4:11 PM, Miroslav Stampar < mir...@gm...> wrote: > hi buawig. > > well, sure there is a misunderstanding here :) > > http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy > > quote: > "Even when connecting via a proxy your browser needs to get the IP > address for the web site domain. Generally it will directly query the > DNS servers. If you are using a Socks 5 proxy, you can have the DNS > queries go through your proxy." > > there has to be a DNS request when dealing with HTTP proxy. > > about DNS leaks with TOR. we are aware of this issue and there is no > easy way out of it. believe me. I've spent three days searching and > implementing and there is NO easy way out of it. we can try to search > and use things like "tor-resolve" but it will work just for minor > number of cases (users which prepare environment for it). > > also, remember that solution I was doing for web based nslookup. i > still have the code, but it would be a decision on a user to trust it > or not. > > kr > > On Fri, Jun 17, 2011 at 3:41 PM, <bu...@gm...> wrote: > > Miroslav Stampar wrote: > >> hi David. > >> > >> you won't be able to redirect DNS requests through HTTP(s) proxy for > sure. > > > > I think there is a misunderstanding here. > > > > If you configure an application to route its HTTP(s) requests through a > > proxy the application itself should not generate any DNS requests. > > The application will also not send DNS requests to the proxy. > > > > The application - in this case sqlmap - should just ask the proxy to > > send a HTTP request to example.com, the proxy will take care of DNS > > resolution. > > > > I just tried sqlmap with --proxy and this is in my opinion a bug because > > sqlmap issues DNS queries even if --proxy is used. > > > > This bug can be quite serious for the guys using > > --tor > > or > > --proxy http://localhost:8118 > > because sqlmap will leak DNS queries to the local DNS server. > > > > > > > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:37:28
|
minor clarification: "first of all, sqlmap doesn't issue DNS requests." this means that we don't do it manually. socket module does it. kr On Fri, Jun 17, 2011 at 4:31 PM, Miroslav Stampar <mir...@gm...> wrote: > On Fri, Jun 17, 2011 at 4:25 PM, <bu...@gm...> wrote: >> Miroslav Stampar wrote: >>> hi buawig. >>> >>> well, sure there is a misunderstanding here :) >>> >>> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >>> >>> quote: >>> "Even when connecting via a proxy your browser needs to get the IP >>> address for the web site domain. Generally it will directly query the >>> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >>> queries go through your proxy." >>> >>> there has to be a DNS request when dealing with HTTP proxy. >> >> This is only true if the HTTP Proxy is entered/specified as a hostname >> and not as an IP address. >> >> I just checked this for firefox. Firefox doesn't issue any DNS request >> when configured to use a HTTP proxy, so why should sqlmap need to issue >> a DNS request? > > first of all, sqlmap doesn't issue DNS requests. > > you have the code, it's open source after all, and you can check it yourself. > > second, are you using some plugins (like FoxyProxy) or just entered > proxy address manually into settings? also, have you tried to issue > some new random address like www.asdasdasdasdas.com (maybe your IP > address was in DNS cache) > >> >>> about DNS leaks with TOR. we are aware of this issue and there is no >>> easy way out of it. believe me. I've spent three days searching and >>> implementing and there is NO easy way out of it. we can try to search >>> and use things like "tor-resolve" but it will work just for minor >>> number of cases (users which prepare environment for it). >> >> Pidgin recently fixed a DNS leak in their implementation. I don't think >> this is 'unfixable'. > > i like this one :) > > please, be so kind find the patch and adjust. we'll be more than happy > to incorporate it. > > kr > >> >> >> >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:44:52
|
ok. i'll try to make a little experiment and kill off the automatic socket DNS requests in case of proxying. i really can't find this moment what the RFCs tell about this issue. kr On Fri, Jun 17, 2011 at 4:37 PM, Miroslav Stampar <mir...@gm...> wrote: > minor clarification: > "first of all, sqlmap doesn't issue DNS requests." > > this means that we don't do it manually. socket module does it. > > kr > > On Fri, Jun 17, 2011 at 4:31 PM, Miroslav Stampar > <mir...@gm...> wrote: >> On Fri, Jun 17, 2011 at 4:25 PM, <bu...@gm...> wrote: >>> Miroslav Stampar wrote: >>>> hi buawig. >>>> >>>> well, sure there is a misunderstanding here :) >>>> >>>> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >>>> >>>> quote: >>>> "Even when connecting via a proxy your browser needs to get the IP >>>> address for the web site domain. Generally it will directly query the >>>> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >>>> queries go through your proxy." >>>> >>>> there has to be a DNS request when dealing with HTTP proxy. >>> >>> This is only true if the HTTP Proxy is entered/specified as a hostname >>> and not as an IP address. >>> >>> I just checked this for firefox. Firefox doesn't issue any DNS request >>> when configured to use a HTTP proxy, so why should sqlmap need to issue >>> a DNS request? >> >> first of all, sqlmap doesn't issue DNS requests. >> >> you have the code, it's open source after all, and you can check it yourself. >> >> second, are you using some plugins (like FoxyProxy) or just entered >> proxy address manually into settings? also, have you tried to issue >> some new random address like www.asdasdasdasdas.com (maybe your IP >> address was in DNS cache) >> >>> >>>> about DNS leaks with TOR. we are aware of this issue and there is no >>>> easy way out of it. believe me. I've spent three days searching and >>>> implementing and there is NO easy way out of it. we can try to search >>>> and use things like "tor-resolve" but it will work just for minor >>>> number of cases (users which prepare environment for it). >>> >>> Pidgin recently fixed a DNS leak in their implementation. I don't think >>> this is 'unfixable'. >> >> i like this one :) >> >> please, be so kind find the patch and adjust. we'll be more than happy >> to incorporate it. >> >> kr >> >>> >>> >>> >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-18 23:33:29
|
Miroslav Stampar wrote: > quote from that same paragraph: > > " > 10.5.5 504 Gateway Timeout > > The server, while acting as a gateway or proxy, did not receive a > timely response from the upstream server specified by the URI (e.g. > HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed > to access in attempting to complete the request. > " > > it clearly says that 504 is a general timeout without specific > "cause". it says that it can be caused by remote server, DNS,... Yes I read the paragraph that I linked. ;) > thing is that we don't know what's causing it (neither that 504 says > the source as stated from that paragraph) and we need to treat it as > any other timeout. also, i don't see any problems with that approach. You probably misunderstood me or I was not clear enough. The important thing was "the response came not from the upstream target specified in -u and should not interpreted as such" If sqlmap would treat 504 'as any other timeout' then I wouldn't have posted the link because that is what I'm expecting - sqlmap should treat 504 like timeouts, but it does not seam to treat it as a timeout at all: test on a _non_ existing domain with proxy while the proxy returns 504 +html page (status page): [INFO] testing connection to the target url [INFO] heuristics detected web page charset 'ascii' [WARNING] the web server responded with an HTTP error code which could interfere with the results of the tests [INFO] testing if the url is stable, wait a few seconds [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] >From this output I guess sqlmap interprets the html page from the proxy (504 status page) as if it were the page from the target and starts testing. The question is, why does it start testing when it doesn't reach the target? It probably should look like this: [INFO] testing connection to the target url [CRITICAL] unable to connect to the target url (504 - Gateway Timeout), sqlmap is going to retry the request [CRITICAL] unable to connect to the target url (504 - Gateway Timeout, sqlmap is going to retry the request [*] shutting down... sqlmap should not interpret the html page from the proxy as an html page from a target if the proxy returns 504 (the reason does not really matter). In future everyone will return 504 to avoid sqlmap scans ;) |
|
From: Miroslav S. <mir...@gm...> - 2011-06-19 09:54:28
|
hi buawig. find it "patched" in the latest commit. kind regards On Sun, Jun 19, 2011 at 1:33 AM, <bu...@gm...> wrote: > Miroslav Stampar wrote: >> quote from that same paragraph: >> >> " >> 10.5.5 504 Gateway Timeout >> >> The server, while acting as a gateway or proxy, did not receive a >> timely response from the upstream server specified by the URI (e.g. >> HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed >> to access in attempting to complete the request. >> " >> >> it clearly says that 504 is a general timeout without specific >> "cause". it says that it can be caused by remote server, DNS,... > > Yes I read the paragraph that I linked. ;) > > >> thing is that we don't know what's causing it (neither that 504 says >> the source as stated from that paragraph) and we need to treat it as >> any other timeout. also, i don't see any problems with that approach. > > You probably misunderstood me or I was not clear enough. > The important thing was > "the response came not from the upstream target specified in -u and > should not interpreted as such" > > If sqlmap would treat 504 'as any other timeout' then I wouldn't have > posted the link because that is what I'm expecting - sqlmap should treat > 504 like timeouts, but it does not seam to treat it as a timeout at all: > > test on a _non_ existing domain with proxy while the proxy returns 504 > +html page (status page): > > [INFO] testing connection to the target url > [INFO] heuristics detected web page charset 'ascii' > [WARNING] the web server responded with an HTTP error code which could > interfere with the results of the tests > [INFO] testing if the url is stable, wait a few seconds > [WARNING] url is not stable, sqlmap will base the page comparison on a > sequence matcher. If no dynamic nor injectable parameters are detected, > or in case of junk results, refer to user's manual paragraph 'Page > comparison' and provide a string or regular expression to match on > how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] > > >From this output I guess sqlmap interprets the html page from the proxy > (504 status page) as if it were the page from the target and starts > testing. The question is, why does it start testing when it doesn't > reach the target? > > It probably should look like this: > > [INFO] testing connection to the target url > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout), > sqlmap is going to retry the request > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout, > sqlmap is going to retry the request > > [*] shutting down... > > sqlmap should not interpret the html page from the proxy as an html page > from a target if the proxy returns 504 (the reason does not really matter). > > > In future everyone will return 504 to avoid sqlmap scans ;) > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X