sqlmap/tamper/xforwardedfor.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

from lib.core.enums import PRIORITY
from random import sample
__priority__ = PRIORITY.NORMAL

def dependencies():
    pass

def randomIP():
    numbers = []
    while not numbers or numbers[0] in (10, 172, 192):
        numbers = sample(xrange(1, 255), 4)
    return '.'.join(str(_) for _ in numbers)

def tamper(payload, **kwargs):
    """
    Append a fake HTTP header 'X-Forwarded-For'
    """

    headers = kwargs.get("headers", {})
    headers["X-Forwarded-For"] = randomIP()
    headers["X-Clinet-Ip"] = randomIP()
    headers["X-Real-Ip"] = randomIP()
    return payload
Update for an Issue #835 2014-09-20 16:48:36 +04:00			`#!/usr/bin/env python`

			`"""`
Update of copyright years 2018-01-02 02:48:10 +03:00			`Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
Update for an Issue #835 2014-09-20 16:48:36 +04:00			`"""`

			`from lib.core.enums import PRIORITY`
			`from random import sample`
			`__priority__ = PRIORITY.NORMAL`

			`def dependencies():`
			`pass`

			`def randomIP():`
			`numbers = []`
			`while not numbers or numbers[0] in (10, 172, 192):`
			`numbers = sample(xrange(1, 255), 4)`
			`return '.'.join(str(_) for _ in numbers)`

			`def tamper(payload, **kwargs):`
			`"""`
Implementation for an Issue #3108 2018-07-31 03:18:33 +03:00			`Append a fake HTTP header 'X-Forwarded-For'`
Update for an Issue #835 2014-09-20 16:48:36 +04:00			`"""`

			`headers = kwargs.get("headers", {})`
			`headers["X-Forwarded-For"] = randomIP()`
update xforwarder tamper (#3236) 2018-09-13 11:50:58 +03:00			`headers["X-Clinet-Ip"] = randomIP()`
			`headers["X-Real-Ip"] = randomIP()`
Update for an Issue #835 2014-09-20 16:48:36 +04:00			`return payload`