Skip to content
This repository was archived by the owner on Apr 17, 2021. It is now read-only.

Commit 5eb9776

Browse files
clouedocclouedoc
committed
Now, whatwaf will use our custom which are stored in tampers/whitelisted
1 parent 65b7e79 commit 5eb9776

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

57 files changed

+53
-4
lines changed

autosqli/wafdetect_stage.py

+42-2
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,48 @@
11
# Adapted to the new save system
22
from autosqli import log
3-
from autosqli.whatwaf_interface import whatwaf_target
3+
from autosqli.whatwaf_interface import whatwaf_target, set_whatwaf_path
44
from autosqli import save
55

6+
import shutil
7+
import tempfile
8+
9+
WHITELISTED_TAMPERS_PATH = './tampers/whitelisted'
10+
11+
12+
def init_whatwaf():
13+
"""copy WhatWaf in a tmp dir with tampers in ./tampers/whitelisted/*
14+
and returns WhatWaf's new path
15+
"""
16+
log.debug("Initializing WhatWaf")
17+
18+
# create a temporary directory
19+
tmp_dir = tempfile.mkdtemp()
20+
# always have a / at the end
21+
tmp_dir = tmp_dir + '/' if tmp_dir[-1] != '/' else ''
22+
tmp_whatwaf_dir = tmp_dir + 'WhatWaf/'
23+
log.debug("Tmp dir: {}".format(tmp_dir))
24+
25+
# copy ./WhatWaf to the temp directory ( without the tampers )
26+
shutil.copytree('./WhatWaf', tmp_whatwaf_dir)
27+
# remove the `content/tampers` dir
28+
shutil.rmtree(tmp_whatwaf_dir + 'content/tampers/')
29+
# copy the tampers
30+
shutil.copytree(
31+
WHITELISTED_TAMPERS_PATH,
32+
tmp_whatwaf_dir + 'content/tampers/'
33+
)
34+
35+
log.debug('tmp WhatWaf dir: {}'.format(tmp_whatwaf_dir))
36+
return tmp_whatwaf_dir
37+
638

739
def wafdetect_stage(args):
8-
""" add details of the targets of the save """
40+
"""init whatwaf with custom tampers and add details to the targets of the
41+
save
42+
"""
43+
set_whatwaf_path(
44+
init_whatwaf()
45+
)
946

1047
while True:
1148
target = save.getUnwaffedTarget()
@@ -16,3 +53,6 @@ def wafdetect_stage(args):
1653
else:
1754
log.debug("All targets got waffed !")
1855
break
56+
57+
58+
print(init_whatwaf())

autosqli/whatwaf_interface.py

+11-2
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,23 @@
66
from autosqli.strings import BANNED_TAMPERS
77
from autosqli.satanize import remove_thing_url
88
from autosqli.execute import execute
9-
from autosqli.consts import WHATWAF_VERIFY_NUM, WHATWAF_DEBUG, WHATWAF_DEBUG_REPORT
9+
from autosqli.consts import WHATWAF_VERIFY_NUM, WHATWAF_DEBUG, \
10+
WHATWAF_DEBUG_REPORT
11+
12+
13+
whatwaf_path = None
14+
15+
16+
def set_whatwaf_path(path):
17+
global whatwaf_path
18+
whatwaf_path = path
1019

1120

1221
def whatwaf_url(url):
1322
""" return WhatWaf's results for a specified url """
1423
log.debug("Launching WhatWaf on {}".format(url))
1524
return execute([
16-
"python2.7", paths.WHATWAF_NAME, "-u",
25+
"python2.7", whatwaf_path, "-u",
1726
remove_thing_url(url), "--ra", "--hide", "--json", "--verify-num",
1827
str(WHATWAF_VERIFY_NUM)
1928
], paths.WHATWAF_PATH, None, True)

tampers/sqlmap_tampers/apostrophemask.pyc

1.17 KB
Binary file not shown.

tampers/sqlmap_tampers/apostrophenullencode.pyc

921 Bytes
Binary file not shown.

tampers/sqlmap_tampers/appendnullbyte.pyc

1.44 KB
Binary file not shown.

tampers/sqlmap_tampers/base64encode.pyc

970 Bytes
Binary file not shown.

tampers/sqlmap_tampers/between.pyc

1.96 KB
Binary file not shown.

tampers/sqlmap_tampers/bluecoat.pyc

1.88 KB
Binary file not shown.

tampers/sqlmap_tampers/chardoubleencode.pyc

1.49 KB
Binary file not shown.

tampers/sqlmap_tampers/charencode.pyc

1.65 KB
Binary file not shown.

tampers/sqlmap_tampers/charunicodeencode.pyc

2 KB
Binary file not shown.

tampers/sqlmap_tampers/charunicodeescape.pyc

1.3 KB
Binary file not shown.

tampers/sqlmap_tampers/commalesslimit.pyc

1.45 KB
Binary file not shown.

tampers/sqlmap_tampers/commalessmid.pyc

1.7 KB
Binary file not shown.

tampers/sqlmap_tampers/commentbeforeparentheses.pyc

1.15 KB
Binary file not shown.

tampers/sqlmap_tampers/concat2concatws.pyc

1.44 KB
Binary file not shown.

tampers/sqlmap_tampers/equaltolike.pyc

1.59 KB
Binary file not shown.

tampers/sqlmap_tampers/escapequotes.pyc

859 Bytes
Binary file not shown.

tampers/sqlmap_tampers/greatest.pyc

1.49 KB
Binary file not shown.

tampers/sqlmap_tampers/halfversionedmorekeywords.pyc

2.61 KB
Binary file not shown.

tampers/sqlmap_tampers/htmlencode.pyc

1.08 KB
Binary file not shown.

tampers/sqlmap_tampers/ifnull2casewhenisnull.pyc

1.78 KB
Binary file not shown.

tampers/sqlmap_tampers/ifnull2ifisnull.pyc

1.69 KB
Binary file not shown.

tampers/sqlmap_tampers/informationschemacomment.pyc

932 Bytes
Binary file not shown.

tampers/sqlmap_tampers/lowercase.pyc

1.37 KB
Binary file not shown.

tampers/sqlmap_tampers/modsecurityversioned.pyc

1.66 KB
Binary file not shown.

tampers/sqlmap_tampers/modsecurityzeroversioned.pyc

1.57 KB
Binary file not shown.

tampers/sqlmap_tampers/multiplespaces.pyc

1.65 KB
Binary file not shown.

tampers/sqlmap_tampers/nonrecursivereplacement.pyc

1.46 KB
Binary file not shown.

tampers/sqlmap_tampers/overlongutf8.pyc

1.62 KB
Binary file not shown.

tampers/sqlmap_tampers/overlongutf8more.pyc

1.67 KB
Binary file not shown.

tampers/sqlmap_tampers/percentage.pyc

1.7 KB
Binary file not shown.

tampers/sqlmap_tampers/plus2concat.pyc

2.48 KB
Binary file not shown.

tampers/sqlmap_tampers/plus2fnconcat.pyc

2.77 KB
Binary file not shown.

tampers/sqlmap_tampers/randomcase.pyc

1.76 KB
Binary file not shown.

tampers/sqlmap_tampers/randomcomments.pyc

1.32 KB
Binary file not shown.

tampers/sqlmap_tampers/securesphere.pyc

986 Bytes
Binary file not shown.

tampers/sqlmap_tampers/sp_password.pyc

1.24 KB
Binary file not shown.

tampers/sqlmap_tampers/space2comment.pyc

1.43 KB
Binary file not shown.

tampers/sqlmap_tampers/space2dash.pyc

1.59 KB
Binary file not shown.

tampers/sqlmap_tampers/space2hash.pyc

2.09 KB
Binary file not shown.

tampers/sqlmap_tampers/space2morecomment.pyc

1.36 KB
Binary file not shown.

tampers/sqlmap_tampers/space2morehash.pyc

3.14 KB
Binary file not shown.

tampers/sqlmap_tampers/space2mssqlblank.pyc

2.25 KB
Binary file not shown.

tampers/sqlmap_tampers/space2mssqlhash.pyc

1.06 KB
Binary file not shown.

tampers/sqlmap_tampers/space2mysqlblank.pyc

1.91 KB
Binary file not shown.

tampers/sqlmap_tampers/space2mysqldash.pyc

1.54 KB
Binary file not shown.

tampers/sqlmap_tampers/space2plus.pyc

1.37 KB
Binary file not shown.

tampers/sqlmap_tampers/space2randomblank.pyc

1.64 KB
Binary file not shown.

tampers/sqlmap_tampers/symboliclogical.pyc

1007 Bytes
Binary file not shown.

tampers/sqlmap_tampers/unionalltounion.pyc

893 Bytes
Binary file not shown.

tampers/sqlmap_tampers/unmagicquotes.pyc

1.68 KB
Binary file not shown.

tampers/sqlmap_tampers/uppercase.pyc

1.42 KB
Binary file not shown.

tampers/sqlmap_tampers/varnish.pyc

1.3 KB
Binary file not shown.

tampers/sqlmap_tampers/versionedkeywords.pyc

2.33 KB
Binary file not shown.

tampers/sqlmap_tampers/versionedmorekeywords.pyc

2.48 KB
Binary file not shown.

tampers/sqlmap_tampers/xforwardedfor.pyc

1.42 KB
Binary file not shown.

0 commit comments

Comments
 (0)