2727import re
2828
2929from xml .sax import parse
30- from xml .sax .handler import ContentHandler
3130
3231from lib .core .common import checkFile
33- from lib .core .common import sanitizeStr
3432from lib .core .data import kb
3533from lib .core .data import paths
36-
37-
38- class HeadersHandler (ContentHandler ):
39- """
40- This class defines methods to parse and extract information from
41- the given HTTP header based upon the data in XML file
42- """
43-
44- def __init__ (self , header ):
45- self .__header = sanitizeStr (header )
46-
47- self .__regexp = None
48- self .__match = None
49- self .__techVersion = None
50-
51-
52- def __feedInfo (self , key , value ):
53- value = sanitizeStr (value )
54-
55- if value in ( None , "None" ):
56- return
57-
58- if key == "techVersion" :
59- kb .headersFp [key ] = value
60- else :
61- if key not in kb .headersFp .keys ():
62- kb .headersFp [key ] = set ()
63-
64- kb .headersFp [key ].add (value )
65-
66-
67- def startElement (self , name , attrs ):
68- if name == "regexp" :
69- self .__regexp = sanitizeStr (attrs .get ("value" ))
70- self .__match = re .search (self .__regexp , self .__header , re .I | re .M )
71-
72- if name == "info" and self .__match :
73- self .__feedInfo ("type" , attrs .get ("type" ))
74- self .__feedInfo ("distrib" , attrs .get ("distrib" ))
75- self .__feedInfo ("release" , attrs .get ("release" ))
76- self .__feedInfo ("codename" , attrs .get ("codename" ))
77- self .__feedInfo ("technology" , attrs .get ("codename" ))
78-
79- self .__techVersion = sanitizeStr (attrs .get ("tech_version" ))
80- self .__sp = sanitizeStr (attrs .get ("sp" ))
81-
82- if self .__techVersion .isdigit ():
83- self .__feedInfo ("techVersion" , self .__match .group (int (self .__techVersion )))
84-
85- if self .__sp .isdigit ():
86- self .__feedInfo ("sp" , "Service Pack %s" % self .__match .group (int (self .__sp )))
87-
88- self .__regexp = None
89- self .__match = None
90- self .__techVersion = None
34+ from lib .parse .handler import FingerprintHandler
9135
9236
9337def headersParser (headers ):
@@ -97,11 +41,16 @@ def headersParser(headers):
9741 and the web application technology
9842 """
9943
44+ if kb .headersCount > 3 :
45+ return
46+
47+ kb .headersCount += 1
48+
10049 # TODO: ahead here
10150 topHeaders = {
10251 #"cookie": "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH,
10352 #"microsoftsharepointteamservices": "%s/microsoftsharepointteamservices.xml" % paths.SQLMAP_XML_BANNER_PATH,
104- # "server": "%s/server.xml" % paths.SQLMAP_XML_BANNER_PATH,
53+ "server" : "%s/server.xml" % paths .SQLMAP_XML_BANNER_PATH ,
10554 #"servlet-engine": "%s/servlet-engine.xml" % paths.SQLMAP_XML_BANNER_PATH,
10655 #"set-cookie": "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH,
10756 #"www-authenticate": "%s/www-authenticate.xml" % paths.SQLMAP_XML_BANNER_PATH,
@@ -114,6 +63,6 @@ def headersParser(headers):
11463 value = headers [header ]
11564 xmlfile = topHeaders [header ]
11665 checkFile (xmlfile )
117- handler = HeadersHandler (value )
66+ handler = FingerprintHandler (value , kb . headersFp )
11867 parse (xmlfile , handler )
11968 parse (paths .GENERIC_XML , handler )
0 commit comments