Well, the waf stage is mostly finished !

Author: clouedoc

WhatWaf

@@ -1,9 +1,24 @@
+# From AutoSQLi
 import subprocess
 
 
-def execute(command, cwd=None, timeout=None):
+def execute(command, cwd=None, timeout=None, yes=None):
     """ must be an array """
     """ returns the stdout of command """
-    print(cwd)
-    result = subprocess.run(command, stdout=subprocess.PIPE, cwd=cwd, timeout=timeout)
+    """ command is an array of args """
+    """ cwd is the current directory in which the command shall be executed """
+    """ Timeout is the timeout of the command """
+    """ yes = True: constantly feed stdin with a "y" """
+    """ yes = False: constantly feed stdin with a "n" """
+    finalCommand = []
+
+    if yes != None:
+        finalCommand.append("yes |" if yes else "yes n |")
+
+    for arg in command:
+        finalCommant.append(arg)
+
+    result = subprocess.run(finalCommand, stdout=subprocess.PIPE, cwd=cwd,
+                            timeout=timeout,
+                            shell=True if yes != None else None)
     return result.stdout.decode('utf-8')

googler

@@ -0,0 +1,5 @@
+# From AutoSQLi
+
+
+# tampers we shouldn't use because they're too specifics
+BANNED_TAMPERS = ["base64encode"]

src/execute.py

@@ -5,6 +5,7 @@ class Target:
     url = ""
     waf_detection_done = False
     is_protected_by_waf = False
+    waf_name = ""
     working_tampers = []
     sqlmap_exploitation_done = False
     is_vulnerable = False
@@ -13,10 +14,6 @@ def __init__(self, url):
         """ create a new Target """
         self.url = url
 
-    def setWaf(self, isProtectedByWaf):
-        """ specify if the target is protected by a WAF """
-        self.is_protected_by_waf = isProtectedByWaf
-
 
 def urls_to_targets(urls):
     """ convert an url array to a Target array """

src/string.py

@@ -1,9 +1,11 @@
 from .execute import execute
 from . import paths
+import json
+from .strings import BANNED_TAMPERS
 
 
 # this specifies the time that whatwaf is allowed to use to scan a target
-WHATWAF_TIMEOUT = 60
+# WHATWAF_TIMEOUT = 60
 
 
 # def isProtectedByWaf(url):
@@ -19,14 +21,38 @@
 # # if "no protection identified on target" in whatwafResponse:
 #    # return False  # no protection
 
+def satanize_url(url):
+    """ satanize a url to be used with bash """
+    return "'" + url.replace("'", "\\'")
+
+
 def whatwaf_url(url):
     """ return WhatWaf's results for a specified url """
-    return execute(["python2.7", paths.WHATWAF_NAME, "-u", url, "--ra",
-                    "--hide"], paths.WHATWAF_PATH, WHATWAF_TIMEOUT)
+    return execute(["python2.7", paths.WHATWAF_NAME, "-u", satanize_url(url),
+                    "--ra", "--hide"],
+                   paths.WHATWAF_PATH, None, True)
 
 
 def whatwaf_target(target):
     """ add whatwaf details to a target and returns it """
+
     whatwaf_report = whatwaf_url(target.url)
-    # TODO: analyse the report to return the target
+    if "no protection identified on target" in whatwaf_report:
+        target.is_protected_by_waf = False
+    elif '-'*30 in whatwaf_report:
+        # extract the json part ( using those " - " )
+        gorgeous_report = whatwaf_report.split('-'*30 + '\n')[1].split(
+            '\n' + '-'*30)[0]
+
+        # load the json
+        json_report = json.loads(gorgeous_report)
+        # assign the json to the target
+        target.is_protected_by_waf = json_report["is protected"]
+        target.waf_name = json_report["identified firewall"]
+        for tamper in json_report["apparent working tampers"]:
+            if tamper not in BANNED_TAMPERS:
+                target.working_tamper.append(tamper)
+
+    # TODO: analyze the report to return the target
+    target.waf_detection_done = True
     return target