Adding a new WAF script (varnish.py)

stamparm · stamparm · commit abd76081e1a0 · 2013-11-11T09:25:42.000+01:00
diff --git a/doc/THANKS.md b/doc/THANKS.md
@@ -6,6 +6,9 @@ Andres Tarasco Acuna, <atarasco@gmail.com>
 Santiago Accurso, <saccurso@skygear.com.ar>
 * for reporting a bug
 
+Syed Afzal, <syed@syedafzal.in>
+* for contributing a WAF script varnish.py
+
 Zaki Akhmad, <zakiakhmad@gmail.com>
 * for suggesting a couple of features
 
@@ -303,7 +306,7 @@ Michael Majchrowicz, <mmajchrowicz@gmail.com>
 * for suggesting a lot of ideas and features
 
 Ahmad Maulana, <matdhule@gmail.com>
-* for contributing one tamper script, halfversionedmorekeywords.py
+* for contributing a tamper script halfversionedmorekeywords.py
 
 Ferruh Mavituna, <ferruh@mavituna.com>
 * for exchanging ideas on the implementation of a couple of features
diff --git a/waf/varnish.py b/waf/varnish.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Varnish FireWall (OWASP) "
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = headers.get("X-Varnish") is not None
+        retval |= re.search(r"varnish\Z", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval
