|
6 | 6 | """ |
7 | 7 |
|
8 | 8 | import cookielib |
| 9 | +import glob |
9 | 10 | import inspect |
10 | 11 | import logging |
11 | 12 | import os |
@@ -894,6 +895,35 @@ def _setTamperingFunctions(): |
894 | 895 | for _, function in priorities: |
895 | 896 | kb.tamperFunctions.append(function) |
896 | 897 |
|
| 898 | +def _setWafFunctions(): |
| 899 | + """ |
| 900 | + Loads WAF/IDS/IPS detecting functions from script(s) |
| 901 | + """ |
| 902 | + |
| 903 | + if conf.identifyWaf: |
| 904 | + for found in glob.glob(os.path.join(paths.SQLMAP_WAF_PATH, "*.py")): |
| 905 | + dirname, filename = os.path.split(found) |
| 906 | + dirname = os.path.abspath(dirname) |
| 907 | + |
| 908 | + debugMsg = "loading WAF script '%s'" % filename[:-3] |
| 909 | + logger.debug(debugMsg) |
| 910 | + |
| 911 | + if dirname not in sys.path: |
| 912 | + sys.path.insert(0, dirname) |
| 913 | + |
| 914 | + try: |
| 915 | + module = __import__(filename[:-3]) |
| 916 | + except ImportError, msg: |
| 917 | + raise SqlmapSyntaxException("cannot import WAF script '%s' (%s)" % (filename[:-3], msg)) |
| 918 | + |
| 919 | + _ = dict(inspect.getmembers(module)) |
| 920 | + if "detect" not in _: |
| 921 | + errMsg = "missing function 'detect(page, headers, code)' " |
| 922 | + errMsg += "in WAF script '%s'" % found |
| 923 | + raise SqlmapGenericException(errMsg) |
| 924 | + else: |
| 925 | + kb.wafFunctions.append((_["detect"], _.get("__product__", filename[:-3]), _.get("__request__"))) |
| 926 | + |
897 | 927 | def _setThreads(): |
898 | 928 | if not isinstance(conf.threads, int) or conf.threads <= 0: |
899 | 929 | conf.threads = 1 |
@@ -1611,6 +1641,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): |
1611 | 1641 | kb.userAgents = None |
1612 | 1642 | kb.vainRun = True |
1613 | 1643 | kb.vulnHosts = set() |
| 1644 | + kb.wafFunctions = [] |
1614 | 1645 | kb.wordlists = None |
1615 | 1646 |
|
1616 | 1647 | def _useWizardInterface(): |
@@ -2080,6 +2111,7 @@ def init(): |
2080 | 2111 | _adjustLoggingFormatter() |
2081 | 2112 | _setMultipleTargets() |
2082 | 2113 | _setTamperingFunctions() |
| 2114 | + _setWafFunctions() |
2083 | 2115 | _setTrafficOutputFP() |
2084 | 2116 | _resolveCrossReferences() |
2085 | 2117 |
|
|
0 commit comments