From 29ba43ee6c06cdf9f74aceb9a560f0ba4b94846e Mon Sep 17 00:00:00 2001
From: stamparm <miroslav.stampar@gmail.com>
Date: Thu, 21 Feb 2013 14:48:19 +0100
Subject: [PATCH] Unhidding switch '--identify-waf' (Issue #290)

---
 lib/controller/checks.py | 2 +-
 lib/parse/cmdline.py     | 9 +++++----
 sqlmap.conf              | 6 +++++-
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 520c926a8..e68c1d5f4 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -993,7 +993,7 @@ def checkWaf():
     if not conf.checkWaf:
         return False
 
-    infoMsg = "testing if the target is protected by "
+    infoMsg = "heuristic checking if the target is protected by "
     infoMsg += "some kind of WAF/IPS/IDS"
     logger.info(infoMsg)
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index ad578d73b..d2927b23b 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -614,7 +614,7 @@ def cmdLineParser():
 
         miscellaneous.add_option("--check-waf", dest="checkWaf",
                                   action="store_true",
-                                  help="Check for existence of WAF/IPS/IDS protection")
+                                  help="Heuristically check for WAF/IPS/IDS protection")
 
         miscellaneous.add_option("--cleanup", dest="cleanup",
                                   action="store_true",
@@ -636,6 +636,10 @@ def cmdLineParser():
                                   action="store_true",
                                   help="Use HTTP parameter pollution")
 
+        miscellaneous.add_option("--identify-waf", dest="identifyWaf",
+                                  action="store_true",
+                                  help="Make a through testing for a WAF/IPS/IDS protection")
+
         miscellaneous.add_option("--mobile", dest="mobile",
                                   action="store_true",
                                   help="Imitate smartphone through HTTP User-Agent header")
@@ -674,9 +678,6 @@ def cmdLineParser():
         parser.add_option("--force-dns", dest="forceDns", action="store_true",
                           help=SUPPRESS_HELP)
 
-        parser.add_option("--identify-waf", dest="identifyWaf", action="store_true",
-                          help=SUPPRESS_HELP)
-
         parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
                           help=SUPPRESS_HELP)
 
diff --git a/sqlmap.conf b/sqlmap.conf
index a4529089f..520a6ebd7 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -667,7 +667,7 @@ beep = False
 # Valid: True or False
 checkPayload = False
 
-# Check for existence of WAF/IPS/IDS protection.
+# Heuristically check for WAF/IPS/IDS protection.
 # Valid: True or False
 checkWaf = False
 
@@ -692,6 +692,10 @@ googlePage = 1
 # Valid: True or False
 hpp = False
 
+# Make a through testing for a WAF/IPS/IDS protection.
+# Valid: True or False
+identifyWaf = False
+
 # Imitate smartphone through HTTP User-Agent header.
 # Valid: True or False
 mobile = False