Making Keep-Alive on by default

2026-06-28 12:31:00 +00:00 · 2026-06-21 01:59:23 +02:00 · 2026-06-21 01:59:23 +02:00 · 9d653d2d50
commit 9d653d2d50
parent 6d306ba50d
8 changed files with 70 additions and 28 deletions
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@ -168,7 +168,7 @@ d69e84f1648cdb907f5d2dd454f03874a4613752b07867510145d51d84b3c56f  lib/controller
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/controller/__init__.py
 9da83429449d78797c18bb79ff425aa1eddf5b26b9987d25d042eb0998053675  lib/core/agent.py
 12d0f1f28796b6fbf5629a3fd335b4098eac0583f832d1aa650efa22bf52e782  lib/core/bigarray.py
-c6dee43458e55d4e20bbd04a63efd4cbe839f3fce1d60de2673d85462d0718bd  lib/core/common.py
+e55201cbaa05aac7091cccda361963a74635172bdd9d403feeadf400e09a14cf  lib/core/common.py
 8f1272487e1adfcc8c755a2f56f0c6d21eac5e685a73a9a159482f9dc9142bc5  lib/core/compat.py
 742bce10b97034966021ec60c7ac294db4af4fe7893613d63172a02c29f009f8  lib/core/convert.py
 c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6  lib/core/data.py
@ -181,26 +181,26 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6  lib/core/data.
 5387168e5dfedd94ae22af7bb255f27d6baaca50b24179c6b98f4f325f5cc7b4  lib/core/exception.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/core/__init__.py
 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad  lib/core/log.py
-31690232f12d0590c8cbea7245ded86875f63c078da99673af4ab7451f0fffcb  lib/core/optiondict.py
-598f48639bcc7bb665a2adc538e5349999de620ea9ed5a821f89a823dc5fa093  lib/core/option.py
+b5da34bba9ce71ede23349698988939501f5df07be151856007b9b8425a228db  lib/core/optiondict.py
+c1a9edb894033f1cef0a15a05cca196f816df3465444134af171870dedbe1538  lib/core/option.py
 ccc4a717e887652b1fcce073d9409d9c59a3b28548c703a9e453d15845f90cd7  lib/core/patch.py
 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec  lib/core/profiling.py
 03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04  lib/core/readlineng.py
 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-ab38bb42e8e2a7eda7380574f5083e0a65daa154fb345ef3385dbb2c128ed9df  lib/core/settings.py
+f47aed1aa1a986dc2d3789358a34f79aa1111e7ab8747c4fba4dfe3443f778a0  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6  lib/core/target.py
-2eb9e51bf6ecdc0f4aab4e0b4e2ba14bc5edaa04dbc6b9588e4ece6fc8483f3d  lib/core/testing.py
+d213562601682fd72603a22f35e5af4e3f41e23bfb143e1584a4fa212a232635  lib/core/testing.py
 e3e653364d08d04d7492aa40a2bd29c6a28f4d78fecdd6c10f21f6cb28b98b4c  lib/core/threads.py
 b9aacb840310173202f79c2ba125b0243003ee6b44c92eca50424f2bdfc83c02  lib/core/unescaper.py
 53e396902cb2546eaa09e77073fcba8be8827ee9ce055cfc899e81b0e6ad4d6d  lib/core/update.py
 2400e465fa4d13e4c32795910878c71ff212e4361b46428d57ce43983f5e997c  lib/core/wordlist.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/__init__.py
 54bfd31ebded3ffa5848df1c644f196eb704116517c7a3d860b5d081e984d821  lib/parse/banner.py
-18845fd56a87e02cdd847526185e500b6cb1f26a272c368b862217466b98db16  lib/parse/cmdline.py
+d0aa9559d1aa94f5c1a647997e9298eb03403a5800ffb739bb3ceba8b5a37da9  lib/parse/cmdline.py
 02d82e4069bd98c52755417f8b8e306d79945672656ac24f1a45e7a6eff4b158  lib/parse/configfile.py
 c5b258be7485089fac9d9cd179960e774fbd85e62836dc67cce76cc028bb6aeb  lib/parse/handler.py
 5c9a9caee948843d5537745640cc7b98d70a0412cc0949f59d4ebe8b2907c06c  lib/parse/headers.py
@ -218,7 +218,7 @@ cf019248253a5d7edb7bc474aa020b9e8625d73008a463c56ba2b539d7f2d8ec  lib/request/dn
 92c81cc31ff4a396723242058fb2152c9e9745f8412d01ea74480b048a53af6c  lib/request/httpshandler.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/request/__init__.py
 7a0ac2522213e756348fd871a7af74cc963bdc82f9d7ade57be5de42b5bf7cab  lib/request/inject.py
-ab3afa064a84029ef55804bfcc02e49c7f8f47aad51448b5b3adfda1dd59073e  lib/request/keepalive.py
+d55b67943d925e40f019920ac7805655217c1e8f893d71d855dce724225c8fb8  lib/request/keepalive.py
 ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4  lib/request/methodrequest.py
 43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568  lib/request/pkihandler.py
 b90feeb16e89a844427df42373b0139eb6f6cf3c48ccec32b3e3a3f540c2451e  lib/request/rangehandler.py
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -3614,7 +3614,7 @@ def setOptimize():
    """

    # conf.predictOutput = True
-    conf.keepAlive = True
+    # Note: persistent (Keep-Alive) connections are now used by default (see _setHTTPHandlers)
    conf.threads = 3 if conf.threads < 3 and cmdLineOptions.threads is None else conf.threads
    conf.nullConnection = not any((conf.data, conf.textOnly, conf.titles, conf.string, conf.notString, conf.regexp, conf.tor))

--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1241,23 +1241,22 @@ def _setHTTPHandlers():
            handlers.append(_urllib.request.HTTPCookieProcessor(conf.cj))

        # Reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html
-        if conf.keepAlive:
-            warnMsg = "persistent HTTP(s) connections, Keep-Alive, has "
-            warnMsg += "been disabled because of its incompatibility "
+        # Note: persistent (Keep-Alive) connections are used by default; '--no-keep-alive' opts out,
+        # and they are automatically disabled when incompatible (HTTP(s) proxy, authentication methods,
+        # or chunked transfer-encoding of the request body - handled by a dedicated, non-pooling handler)
+        conf.keepAlive = not conf.noKeepAlive and not conf.proxy and not conf.authType and not conf.chunked

-            if conf.proxy:
-                warnMsg += "with HTTP(s) proxy"
-                logger.warning(warnMsg)
-            elif conf.authType:
-                warnMsg += "with authentication methods"
-                logger.warning(warnMsg)
-            else:
-                # Note: persistent connections for both HTTP and HTTPS; the keep-alive
-                # HTTPS handler supersedes the regular one (reusing its SSL connection)
-                if httpsHandler in handlers:
-                    handlers.remove(httpsHandler)
-                handlers.append(keepAliveHandler)
-                handlers.append(keepAliveHandlerHTTPS)
+        if conf.keepAlive:
+            # persistent connections for both HTTP and HTTPS; the keep-alive HTTPS
+            # handler supersedes the regular one (reusing its SSL connection)
+            if httpsHandler in handlers:
+                handlers.remove(httpsHandler)
+            handlers.append(keepAliveHandler)
+            handlers.append(keepAliveHandlerHTTPS)
+        elif not conf.noKeepAlive and (conf.proxy or conf.authType or conf.chunked):
+            reason = "an HTTP(s) proxy" if conf.proxy else ("authentication methods" if conf.authType else "chunked transfer-encoding")
+            debugMsg = "persistent (Keep-Alive) connections were disabled (incompatible with %s)" % reason
+            logger.debug(debugMsg)

        opener = _urllib.request.build_opener(*handlers)
        opener.addheaders = []  # Note: clearing default "User-Agent: Python-urllib/X.Y"
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -79,6 +79,7 @@ optDict = {
        "optimize": "boolean",
        "predictOutput": "boolean",
        "keepAlive": "boolean",
+        "noKeepAlive": "boolean",
        "nullConnection": "boolean",
        "threads": "integer",
    },
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -20,7 +20,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.6.133"
+VERSION = "1.10.6.134"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@ -64,7 +64,7 @@ def vulnTest():
        ("-u <url> -p id --flush-session --proof", ("sqlmap proved exploitation of the following injection point", "Parameter: id (GET)", "Technique: boolean-based blind", "TRUE (5/5)", "repeatably", "Retrieved: back-end DBMS banner '3.")),   # --proof: report-grade proof in the injection-point style - forces the boolean technique (so a multi-technique point still proves), and actively reads a value out as the strongest proof
        ("-r <request> --flush-session -v 5 --test-skip=\"heavy\" --save=<config>", ("CloudFlare", "web application technology: Express", "possible DBMS: 'SQLite'", "User-Agent: foobar", "~Type: time-based blind", "saved command line options to the configuration file")),
        ("-c <config>", ("CloudFlare", "possible DBMS: 'SQLite'", "User-Agent: foobar", "~Type: time-based blind")),
-        ("-l <log> --flush-session --keep-alive --skip-waf -vvvvv --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),
+        ("-l <log> --flush-session --skip-waf -vvvvv --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),
        ("-l <log> --offline --banner -v 5", ("banner: '3.", "~[TRAFFIC OUT]")),
        ("-u <base> --flush-session --data=\"id=1&_=Eewef6oh\" --chunked --randomize=_ --random-agent --banner", ("fetched random HTTP User-Agent header value", "Parameter: id (POST)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")),
        ("-u <base64> -p id --base64=id --data=\"base64=true\" --flush-session --banner --technique=B", ("banner: '3.",)),
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -315,8 +315,9 @@ def cmdLineParser(argv=None):
        optimization.add_argument("--predict-output", dest="predictOutput", action="store_true",
            help="Predict common queries output")

-        optimization.add_argument("--keep-alive", dest="keepAlive", action="store_true",
-            help="Use persistent HTTP(s) connections")
+        # Note: persistent (Keep-Alive) connections are used by default; this opts out
+        optimization.add_argument("--no-keep-alive", dest="noKeepAlive", action="store_true",
+            help="Disable persistent HTTP(s) connections (Keep-Alive)")

        optimization.add_argument("--null-connection", dest="nullConnection", action="store_true",
            help="Retrieve page length without actual HTTP response body")
--- a/lib/request/keepalive.py
+++ b/lib/request/keepalive.py
@ -144,6 +144,12 @@ class _KeepAliveHandler(object):
        if not hasattr(response, "getcode"):
            response.getcode = lambda response=response: response.status

+        # Note: Python 2's httplib.HTTPResponse lacks readline()/readlines(), which urllib2's
+        # error wrapping (addinfourl, for any non-2xx response) requires; provide them over read()
+        if not hasattr(response, "readline"):
+            response.readline = _makeReadline(response)
+            response.readlines = _makeReadlines(response)
+
        # Note: must come last as on Python 3 'msg' initially aliases the headers
        response.msg = response.reason

@ -264,3 +270,38 @@ def _sendRequest(conn, req):

    if data is not None:
        conn.send(data)
+
+def _makeReadline(response):
+    """
+    A buffered readline() over response.read() (Python 2 httplib.HTTPResponse lacks one)
+    """
+
+    buffer = {"data": b""}
+
+    def readline(*args, **kwargs):
+        while b"\n" not in buffer["data"]:
+            chunk = response.read(8192)
+            if not chunk:
+                break
+            buffer["data"] += chunk
+        data = buffer["data"]
+        index = data.find(b"\n")
+        if index == -1:
+            buffer["data"] = b""
+            return data
+        buffer["data"] = data[index + 1:]
+        return data[:index + 1]
+
+    return readline
+
+def _makeReadlines(response):
+    def readlines(*args, **kwargs):
+        result = []
+        while True:
+            line = response.readline()
+            if not line:
+                break
+            result.append(line)
+        return result
+
+    return readlines