PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Refactoring WAF scripts

Browse Source
This commit is contained in:
stamparm
2013-02-26 15:54:50 +01:00
parent e5835dc74f
commit be50192d8d
13 changed files with 115 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
waf/bigip.py
View File

@@ -13,14 +13,14 @@ from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "BIG-IP Application Security Manager (F5 Networks)"
def detect(get_page):
page, headers, code = get_page()
retval = re.search(r"\ATS[a-zA-Z0-9]{3,6}=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
retval = False
if not retval:
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = headers.get("X-Cnection", "").lower() == "close"
if retval:
break
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = headers.get("X-Cnection", "").lower() == "close"
retval |= re.search(r"\ATS[a-zA-Z0-9]{3,6}=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
if retval:
break
return retval