Finalizing implementation for an Issue #290

lib/core/enums.py

@@ -150,13 +150,9 @@ class HTTPHEADER:
     PROXY_CONNECTION = "Proxy-Connection"
     RANGE = "Range"
     REFERER = "Referer"
+    SERVER = "Server"
     USER_AGENT = "User-Agent"
 
-class WAF_REQUEST:
-    GET = 1
-    POST = 2
-    HEADERS = 3
-
 class EXPECTED:
     BOOL = "bool"
     INT = "int"

lib/core/option.py

@@ -905,6 +905,9 @@ def _setWafFunctions():
             dirname, filename = os.path.split(found)
             dirname = os.path.abspath(dirname)
 
+            if filename == "__init__.py":
+                continue
+
             debugMsg = "loading WAF script '%s'" % filename[:-3]
             logger.debug(debugMsg)
 

lib/core/settings.py

@@ -380,7 +380,15 @@ BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"
 BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"
 
 # Payload used for checking of existence of IDS/WAF (dummier the better)
-IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables"
+IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables WHERE 2>1"
+
+# Vectors used for provoking specific WAF/IDS/IPS behavior(s)
+WAF_ATTACK_VECTORS = (
+                        "search=<script>alert(1)</script>",
+                        "file=../../../../etc/passwd",
+                        "q=<invalid>foobar",
+                        "id=1 %s" % IDS_WAF_CHECK_PAYLOAD
+                     )
 
 # Used for status representation in dictionary attack phase
 ROTATING_CHARS = ('\\', '|', '|', '/', '-')