Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 46480d7

Browse files
stamparmstamparm
committed
Update for an Issue #835 
1 parent 78965b8 commit 46480d7

4 files changed

Lines changed: 33 additions & 41 deletions

File tree

doc/THANKS.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -226,6 +226,9 @@ Daniel Huckmann, <[email protected]>
226226
Daliev Ilya, <[email protected]>
227227
* for reporting a bug
228228

229+
Mehmet İnce, <[email protected]>
230+
* for contributing a tamper script xforwardedfor.py
231+
229232
Jovon Itwaru, <[email protected]>
230233
* for reporting a minor bug
231234

tamper/randomfakeproxy.py

Lines changed: 0 additions & 40 deletions
This file was deleted.

tamper/varnish.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ def dependencies():
1414

1515
def tamper(payload, **kwargs):
1616
"""
17-
Append a HTTP Request Parameter to bypass
17+
Append a HTTP header 'X-originating-IP' to bypass
1818
WAF Protection of Varnish Firewall
1919
2020
Notes:

tamper/xforwardedfor.py

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
5+
See the file 'doc/COPYING' for copying permission
6+
"""
7+
8+
from lib.core.enums import PRIORITY
9+
from random import sample
10+
__priority__ = PRIORITY.NORMAL
11+
12+
def dependencies():
13+
pass
14+
15+
def randomIP():
16+
numbers = []
17+
while not numbers or numbers[0] in (10, 172, 192):
18+
numbers = sample(xrange(1, 255), 4)
19+
return '.'.join(str(_) for _ in numbers)
20+
21+
def tamper(payload, **kwargs):
22+
"""
23+
Append a fake HTTP header 'X-Forwarded-For' to bypass
24+
WAF (usually application based) protection
25+
"""
26+
27+
headers = kwargs.get("headers", {})
28+
headers["X-Forwarded-For"] = randomIP()
29+
return payload

0 commit comments

Comments
 (0)