SQLMap fails to use http basic auth credentials correctly

[mkauschi]

Hi Miroslav,
I have to reopen my bug report #4320 because I dug more into SQLMaps code and found the issue. It was introduced from version 1.3.5 to version 1.3.6. The issue is in the class lib/request/connect.py (see screenshot).

For some reason the Basic authentication header is of type bytes now. SQLMap iterates over every field in the header and deletes it first. Then it checks if the instance is of type str and adds it again. Because the Basic authentication header is of type byte it is skipped and therefore removed from the headers.

[stamparm]

@mkauschi thank you for your time :D. don't mind for it, but going to "patch" it myself

[stamparm]

once again, thank you very much. do you want me to put you into https://github.com/sqlmapproject/sqlmap/blob/master/doc/THANKS.md ?

[mkauschi]

My pleasure, I like your tool very much! You could add me to the thanks file if you like :) I'm Manuel Kauschinger manuel@crashtest-security.com ;-)