Unable to connect to URL/Proxy with binary data in request file for HTTP PUT file uploads #4010
Description
Describe the bug
I have HTTP PUT file upload for images only and want to use sqlmap to fuzz the name and filename in the Content-Disposition as well as the Content-Type.
I've saved the request from Burp as a file and use sqlmap with -r upload.req.
With this file, sqlmap prints the error below and then exits.
I don't ever see a request in the proxy (Burp Pro or mitmproxy).
For regular requests (i.e. GET w/ URL parameters) saved as a request from the same web application and using the same proxy, sqlmap connects just fine and does its work.
To Reproduce
PUT /api/upload/picture HTTP/1.1
Host: <redacted>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------QH19WztXHvgHKsqgcEn7CgVopZj0L7mf
Content-Length: 313
Connection: close
Cookie: <redacted>
-----------------------------QH19WztXHvgHKsqgcEn7CgVopZj0L7mf
Content-Disposition: form-data; name="name*"; filename="file.name*"
Content-Type: filetype*
‰PNG
<binary image data here>
-----------------------------QH19WztXHvgHKsqgcEn7CgVopZj0L7mf--
This shows the HTTP PUT request to the target web application. Unfortunately the target is not freely available and I couldn't find a quick solution on how to reproduce a HTTP PUT binary data upload like this. Scanning with sqlmap using HTTP POST to a local python webserver works like a charm with the same file in the upload.
Expected behavior
Scan the web application via the proxy targeting the marked parameters (name, filename and content-type).
Running environment:
- sqlmap version: 1.3.11.36#dev AND 1.3.10#stable
- Installation method: git AND kali deb repository
- Operating system: Kali GNU/Linux Rolling
- Python versions: 2.7.17 AND 3.7.5
Target details:
- Used command:
./sqlmap.py --proxy="http://127.0.0.1:8080" --force-ssl -r upload.req --random-agent --method=PUT - Relevant console output:
[09:20:42] [INFO] parsing HTTP request from 'upload.req'
[09:20:42] [INFO] fetched random HTTP User-Agent header value 'Opera/8.54 (Windows 98; U; en)' from file '/root/<redacted>/user-agents.txt'
[09:20:44] [INFO] testing connection to the target URLprocess it? [Y/n/q]
[09:20:44] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request(s)
[09:20:44] [WARNING] if the problem persists please check that the provided target URL is reachable. In case that it is, you can try to rerun with proxy switches ('--ignore-proxy', '--proxy',...)
[09:20:44] [CRITICAL] unable to connect to the target URL or proxy
Additional context
I've tried other requests via the same proxy towards the same web application without any issues. I've also tried to upload the same file to a locally hosted python web server. However this upload was done with HTTP POST and sqlmap had no issues.