PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 21:21:33 +00:00
Code Issues Projects Releases Wiki Activity

Fine tuning Cloudflare WAF script

Browse Source
This commit is contained in:
Miroslav Stampar
2018-08-30 16:00:40 +02:00
parent 287371337d
commit 014978cebc
3 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
waf/cloudflare.py
View File

@@ -17,12 +17,13 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if code >= 400:
retval |= re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= headers.get("cf-ray") is not None
retval |= re.search(r"CloudFlare Ray ID:|var CloudFlare=", page or "") is not None
retval |= all(_ in (page or "") for _ in ("Attention Required! | Cloudflare", "Please complete the security check to access"))
if retval:
break