Update for an Issue #290 (adding tamper-like scripts into (new) directory waf)

2025-12-30 11:29:02 +00:00 · 2013-02-21 11:14:57 +01:00
parent f593e1d30f
commit 6b2981ef4e
8 changed files with 93 additions and 0 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1037,6 +1037,37 @@ def checkWaf():

    return retVal

+def identifyWaf():
+    if not conf.identifyWaf:
+        return None
+
+    infoMsg = "using WAF scripts to detect "
+    infoMsg += "backend WAF/IPS/IDS protection"
+    logger.info(infoMsg)
+
+    retVal = False
+    page, headers, code = Request.getPage()
+
+    for function, product, request in kb.wafFunctions:
+        found = False
+        if not request:
+            found = function(page or "", headers or {}, code)
+        else:
+            pass
+        if found:
+            retVal = product
+            break
+
+    if retVal:
+        warnMsg = "WAF/IDS/IPS identified ('%s'). Please " % retVal
+        warnMsg += "consider usage of tamper scripts (option '--tamper')"
+        logger.critical(warnMsg)
+    else:
+        warnMsg = "no WAF/IDS/IPS were identified"
+        logger.warn(warnMsg)
+
+    return retVal
+
 def checkNullConnection():
    """
    Reference: http://www.wisec.it/sectou.php?id=472f952d79293
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -18,6 +18,7 @@ from lib.controller.checks import checkConnection
 from lib.controller.checks import checkNullConnection
 from lib.controller.checks import checkWaf
 from lib.controller.checks import heuristicCheckSqlInjection
+from lib.controller.checks import identifyWaf
 from lib.core.agent import agent
 from lib.core.common import extractRegexResult
 from lib.core.common import getFilteredPageContent
@@ -360,6 +361,9 @@ def start():
            if conf.checkWaf:
                checkWaf()

+            if conf.identifyWaf:
+                identifyWaf()
+
            if conf.nullConnection:
                checkNullConnection()