fixed #46, implemented retry mechanism in case of URL error.. - Commit 8fb933c6 - STRLCPY/ghauri

fixed #46, implemented retry mechanism in case of URL error..
r0oth3x49 committed 1 year ago

8fb933c6

1 parent 49f956d9

Total 4 files Show one by one

■ ■ ■ ■ ■ ■

ghauri/common/config.py

		skipped 98 lines
99	99		self.fetch_using = None
100	100		self.rtom_warning = False
101	101		self.test_filter = None
	102	+	self.prioritize = False
	103	+	self._is_asked_for_priority = False
102	104
103	105		@property
104	106		def session_filepath(self):
		skipped 7 lines

■ ■ ■ ■ ■ ■ ■

ghauri/core/inject.py

		skipped 96 lines
97	97		logger.end("ending")
98	98		exit(0)
99	99		except URLError as e:
100		-	logger.critical(f"error: {e}")
101		-	logger.end("ending")
102		-	exit(0)
	100	+	tried = 1
	101	+	logger.critical(f"{e.reason}. Ghauri is going to retry..")
	102	+	response_ok = False
	103	+	while tried <= conf.retry:
	104	+	attack = inject_expression(
	105	+	url,
	106	+	data,
	107	+	proxy,
	108	+	delay=delay,
	109	+	timesec=timesec,
	110	+	timeout=timeout,
	111	+	headers=headers,
	112	+	parameter=parameter,
	113	+	expression=expression,
	114	+	is_multipart=is_multipart,
	115	+	injection_type=injection_type,
	116	+	)
	117	+	tried += 1
	118	+	if attack.ok:
	119	+	response_ok = True
	120	+	break
	121	+	if response_ok:
	122	+	return attack
	123	+	else:
	124	+	logger.end("ending")
	125	+	exit(0)
103	126		except ConnectionAbortedError as e:
104	127		raise e
105	128		except ConnectionRefusedError as e:
		skipped 5 lines
111	134		except TimeoutError as e:
112	135		raise e
113	136		except Exception as e:
	137	+	tried = 1
	138	+	logger.critical(f"{e.reason}. Ghauri is going to retry..")
	139	+	response_ok = False
	140	+	while tried <= conf.retry:
	141	+	attack = inject_expression(
	142	+	url,
	143	+	data,
	144	+	proxy,
	145	+	delay=delay,
	146	+	timesec=timesec,
	147	+	timeout=timeout,
	148	+	headers=headers,
	149	+	parameter=parameter,
	150	+	expression=expression,
	151	+	is_multipart=is_multipart,
	152	+	injection_type=injection_type,
	153	+	)
	154	+	tried += 1
	155	+	if attack.ok:
	156	+	response_ok = True
	157	+	break
	158	+	if response_ok:
	159	+	return attack
114	160		raise e
115	161		return attack
116	162

■ ■ ■ ■ ■ ■

ghauri/core/tests.py

		skipped 193 lines
194	194		)
195	195		if not conf.test_filter:
196	196		_tech = (
197		-	f"{mc}--technique='E{techniques}'{nc}"
	197	+	f'--technique="E{techniques}"'
198	198		if "E" not in techniques
199	199		else None
200	200		)
201		-	if _tech:
202		-	logger.notice(
203		-	f"Ghauri is going to set {_tech} as heuristic (basic) detected a possible DBMS '{possible_dbms}' from SQL error message"
	201	+	if _tech and not conf.prioritize:
	202	+	logger.debug(
	203	+	f"Ghauri is going ask to set {_tech} as heuristic (basic) detected a possible DBMS '{_possible_dbms}' from SQL error message"
204	204		)
	205	+	conf.prioritize = True
205	206		break
206	207		if attack.status_code != 400:
207	208		break
		skipped 2328 lines

■ ■ ■ ■ ■ ■

ghauri/ghauri.py

		skipped 344 lines
345	345		msg = f"testing for SQL injection on {injection_type} parameter '{param_name}'"
346	346		logger.info(msg)
347	347		if possible_dbms:
348		-	if not conf.test_filter:
349		-	techniques = f"E{techniques.upper()}"
350	348		if not dbms:
351	349		choice = logger.read_input(
352	350		f"it looks like the back-end DBMS is '{possible_dbms}'. Do you want to skip test payloads specific for other DBMSes? [Y/n] ",
		skipped 2 lines
355	353		)
356	354		if choice == "y":
357	355		dbms = possible_dbms
	356	+	if not conf.test_filter:
	357	+	if conf.prioritize and not conf._is_asked_for_priority:
	358	+	conf._is_asked_for_priority = True
	359	+	choice_priority = logger.read_input(
	360	+	f"it is suggested to set '--technique=E{techniques.upper()}'. Do you want Ghauri set it for you ? [Y/n] ",
	361	+	batch=batch,
	362	+	user_input="Y",
	363	+	)
	364	+	if choice_priority == "y":
	365	+	techniques = f"E{techniques.upper()}"
358	366		if dbms and possible_dbms == dbms:
359	367		if not is_remaining_tests_asked:
360	368		choice = logger.read_input(
		skipped 468 lines

Please wait...

Page is in error, reload to recover