Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 32af0b1

Browse files
stamparmstamparm
committed
Update for an Issue #760 
1 parent 33b6d18 commit 32af0b1

2 files changed

Lines changed: 36 additions & 5 deletions

File tree

lib/request/connect.py

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -621,6 +621,9 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
621621
if not place:
622622
place = kb.injection.place or PLACE.GET
623623

624+
if not auxHeaders:
625+
auxHeaders = {}
626+
624627
raise404 = place != PLACE.URI if raise404 is None else raise404
625628

626629
value = agent.adjustLateValues(value)
@@ -735,8 +738,6 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
735738
uri = conf.url
736739

737740
if value and place == PLACE.CUSTOM_HEADER:
738-
if not auxHeaders:
739-
auxHeaders = {}
740741
auxHeaders[value.split(',')[0]] = value.split(',', 1)[1]
741742

742743
if conf.rParam:
@@ -873,9 +874,6 @@ def _randomizeParameter(paramString, randomParameter):
873874
if kb.nullConnection == NULLCONNECTION.HEAD:
874875
method = HTTPMETHOD.HEAD
875876
elif kb.nullConnection == NULLCONNECTION.RANGE:
876-
if not auxHeaders:
877-
auxHeaders = {}
878-
879877
auxHeaders[HTTP_HEADER.RANGE] = "bytes=-1"
880878

881879
_, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ))

tamper/varnish.py

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
5+
See the file 'doc/COPYING' for copying permission
6+
"""
7+
8+
from lib.core.enums import PRIORITY
9+
10+
__priority__ = PRIORITY.NORMAL
11+
12+
def dependencies():
13+
pass
14+
15+
def tamper(payload, **kwargs):
16+
"""
17+
Append a HTTP Request Parameter to ByPass
18+
WAF Protection of Varnish Firewall.
19+
20+
You can tamper with different Parameters, like:
21+
>> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
22+
>> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
23+
>> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)
24+
>> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)
25+
>> X-remote-IP: * or %00 or %0A
26+
27+
http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
28+
29+
"""
30+
31+
headers = kwargs.get("headers", {})
32+
headers["X-originating-IP"] = "127.0.0.1"
33+
return payload

0 commit comments

Comments
 (0)