mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-11 19:13:12 +00:00
Adding support for --timeless HTTP2 technique
This commit is contained in:
parent
b2a5283e9b
commit
f46c463eba
10 changed files with 858 additions and 7 deletions
|
|
@ -31,6 +31,15 @@ def action():
|
|||
if possible
|
||||
"""
|
||||
|
||||
# HTTP/2 timeless timing ('--timeless'): detection is done and the back-end DBMS is known, so engage
|
||||
# the oracle for this target's extraction (swaps the time-based vector for a tuned heavy one, so all
|
||||
# subsequent extraction reads bits by response order instead of delay). Guarded + calibrated - a no-op
|
||||
# unless '--timeless' is set and the target is usable; disengage() first clears any prior target's.
|
||||
from lib.request import timeless
|
||||
timeless.disengage()
|
||||
if not timeless.autoEngage(): # engages if '--timeless' was given and the target is usable
|
||||
timeless.hintTimeless() # otherwise nudge the user toward '--timeless' if the target fits
|
||||
|
||||
# First of all we have to identify the back-end database management
|
||||
# system to be able to go ahead with the injection
|
||||
# automatic WAF-bypass: if a WAF/IPS is present and the back-end DBMS is already indicated by the error
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue