sqlmap/lib/utils/checkpayload.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

import re

from lib.core.common import getCompiledRegex
from lib.core.common import readXmlFile
from lib.core.convert import urldecode
from lib.core.data import conf
from lib.core.data import paths
from lib.core.data import logger


rules = None

def __adjustGrammar(string):
    string = re.sub('\ADetects', 'Detected', string)
    string = re.sub('\Afinds', 'Found', string)
    string = re.sub('attempts\Z', 'attempt', string)
    string = re.sub('injections\Z', 'injection', string)
    string = re.sub('attacks\Z', 'attack', string)

    return string

def checkPayload(payload):
    """
    This method checks if the generated payload is detectable by the
    PHPIDS filter rules
    """

    global rules

    payload = urldecode(payload)

    if not rules:
        xmlrules = readXmlFile(paths.PHPIDS_RULES_XML)
        rules = []

        for xmlrule in xmlrules.getElementsByTagName("filter"):
            rule = "(?i)%s" % xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue
            desc = __adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue)
            rules.append((rule, desc))

    if payload:
        for rule, desc in rules:
            regObj = getCompiledRegex(rule)
            if regObj.search(payload):
                logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload))
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`#!/usr/bin/env python`

			`"""`
Added svn keyword 2010-01-25 12:21:39 +03:00			$Id$
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00
large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`"""`
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 14:10:28 +04:00
			`import re`

introducing regex caching mechanism 2010-05-21 18:42:59 +04:00			`from lib.core.common import getCompiledRegex`
further updates 2010-10-07 02:43:04 +04:00			`from lib.core.common import readXmlFile`
added IDS payload testing 2010-10-25 19:37:43 +04:00			`from lib.core.convert import urldecode`
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 14:10:28 +04:00			`from lib.core.data import conf`
update of IDS checking method 2010-01-25 13:06:52 +03:00			`from lib.core.data import paths`
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`from lib.core.data import logger`

added IDS payload testing 2010-10-25 19:37:43 +04:00
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`rules = None`

update of IDS checking method 2010-01-25 13:06:52 +03:00			`def __adjustGrammar(string):`
			`string = re.sub('\ADetects', 'Detected', string)`
			`string = re.sub('\Afinds', 'Found', string)`
			`string = re.sub('attempts\Z', 'attempt', string)`
			`string = re.sub('injections\Z', 'injection', string)`
			`string = re.sub('attacks\Z', 'attack', string)`
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 14:10:28 +04:00
update of IDS checking method 2010-01-25 13:06:52 +03:00			`return string`

added IDS payload testing 2010-10-25 19:37:43 +04:00			`def checkPayload(payload):`
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`"""`
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 14:10:28 +04:00			`This method checks if the generated payload is detectable by the`
			`PHPIDS filter rules`
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`"""`
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 14:10:28 +04:00
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`global rules`

added IDS payload testing 2010-10-25 19:37:43 +04:00			`payload = urldecode(payload)`

contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`if not rules:`
refactoring regarding --check-payload 2010-10-25 22:38:54 +04:00			`xmlrules = readXmlFile(paths.PHPIDS_RULES_XML)`
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`rules = []`
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 14:10:28 +04:00
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 03:25:58 +03:00			`for xmlrule in xmlrules.getElementsByTagName("filter"):`
added IDS payload testing 2010-10-25 19:37:43 +04:00			`rule = "(?i)%s" % xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue`
			`desc = __adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue)`
			`rules.append((rule, desc))`

			`if payload:`
			`for rule, desc in rules:`
some fixes regarding --check-payload 2010-10-29 15:00:23 +04:00			`regObj = getCompiledRegex(rule)`
			`if regObj.search(payload):`
			`logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload))`