(url, params, headers, GET, delay, timeout)
| 9 | |
| 10 | |
| 11 | def wafDetector(url, params, headers, GET, delay, timeout): |
| 12 | with open(sys.path[0] + '/db/wafSignatures.json', 'r') as file: |
| 13 | wafSignatures = json.load(file) |
| 14 | # a payload which is noisy enough to provoke the WAF |
| 15 | noise = '<script>alert("XSS")</script>' |
| 16 | params['xss'] = noise |
| 17 | # Opens the noise injected payload |
| 18 | response = requester(url, params, headers, GET, delay, timeout) |
| 19 | page = response.text |
| 20 | code = str(response.status_code) |
| 21 | headers = str(response.headers) |
| 22 | logger.debug('Waf Detector code: {}'.format(code)) |
| 23 | logger.debug_json('Waf Detector headers:', response.headers) |
| 24 | |
| 25 | if int(code) >= 400: |
| 26 | bestMatch = [0, None] |
| 27 | for wafName, wafSignature in wafSignatures.items(): |
| 28 | score = 0 |
| 29 | pageSign = wafSignature['page'] |
| 30 | codeSign = wafSignature['code'] |
| 31 | headersSign = wafSignature['headers'] |
| 32 | if pageSign: |
| 33 | if re.search(pageSign, page, re.I): |
| 34 | score += 1 |
| 35 | if codeSign: |
| 36 | if re.search(codeSign, code, re.I): |
| 37 | score += 0.5 # increase the overall score by a smaller amount because http codes aren't strong indicators |
| 38 | if headersSign: |
| 39 | if re.search(headersSign, headers, re.I): |
| 40 | score += 1 |
| 41 | # if the overall score of the waf is higher than the previous one |
| 42 | if score > bestMatch[0]: |
| 43 | del bestMatch[:] # delete the previous one |
| 44 | bestMatch.extend([score, wafName]) # and add this one |
| 45 | if bestMatch[0] != 0: |
| 46 | return bestMatch[1] |
| 47 | else: |
| 48 | return None |
| 49 | else: |
| 50 | return None |
no test coverage detected