Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse
()
| 1335 | |
| 1336 | @stackedmethod |
| 1337 | def checkWaf(): |
| 1338 | """ |
| 1339 | Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse |
| 1340 | """ |
| 1341 | |
| 1342 | if any((conf.string, conf.notString, conf.regexp, conf.dummy, conf.offline, conf.skipWaf)): |
| 1343 | return None |
| 1344 | |
| 1345 | if kb.originalCode == _http_client.NOT_FOUND: |
| 1346 | return None |
| 1347 | |
| 1348 | _ = hashDBRetrieve(HASHDB_KEYS.CHECK_WAF_RESULT, True) |
| 1349 | if _ is not None: |
| 1350 | if _: |
| 1351 | warnMsg = "previous heuristics detected that the target " |
| 1352 | warnMsg += "is protected by some kind of WAF/IPS" |
| 1353 | logger.critical(warnMsg) |
| 1354 | return _ |
| 1355 | |
| 1356 | if not kb.originalPage: |
| 1357 | return None |
| 1358 | |
| 1359 | infoMsg = "checking if the target is protected by " |
| 1360 | infoMsg += "some kind of WAF/IPS" |
| 1361 | logger.info(infoMsg) |
| 1362 | |
| 1363 | retVal = False |
| 1364 | payload = "%d %s" % (randomInt(), IPS_WAF_CHECK_PAYLOAD) |
| 1365 | |
| 1366 | place = PLACE.GET |
| 1367 | if PLACE.URI in conf.parameters: |
| 1368 | value = "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) |
| 1369 | else: |
| 1370 | value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER |
| 1371 | value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) |
| 1372 | |
| 1373 | pushValue(kb.choices.redirect) |
| 1374 | pushValue(kb.resendPostOnRedirect) |
| 1375 | pushValue(conf.timeout) |
| 1376 | |
| 1377 | kb.choices.redirect = REDIRECTION.YES |
| 1378 | kb.resendPostOnRedirect = False |
| 1379 | conf.timeout = IPS_WAF_CHECK_TIMEOUT |
| 1380 | |
| 1381 | try: |
| 1382 | retVal = (Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, raise404=False, disableTampering=True)[1] or 0) < IPS_WAF_CHECK_RATIO |
| 1383 | except SqlmapConnectionException: |
| 1384 | retVal = True |
| 1385 | finally: |
| 1386 | kb.matchRatio = None |
| 1387 | |
| 1388 | conf.timeout = popValue() |
| 1389 | kb.resendPostOnRedirect = popValue() |
| 1390 | kb.choices.redirect = popValue() |
| 1391 | |
| 1392 | hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True) |
| 1393 | |
| 1394 | if retVal: |
no test coverage detected
searching dependent graphs…