sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-26 20:03:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update for an Issue #760

Browse Source
This commit is contained in:
Miroslav Stampar 2014-07-10 08:52:32 +02:00
parent 32af0b17b0
commit 305ec45fc6
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tamper/varnish.py
View File

@ -14,18 +14,18 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Append a HTTP Request Parameter to ByPass Append a HTTP Request Parameter to bypass
WAF Protection of Varnish Firewall. WAF Protection of Varnish Firewall
You can tamper with different Parameters, like: Notes:
Reference: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
Examples:
>> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X) >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
>> X-remote-IP: TARGET_PROXY_IP (184.189.250.X) >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
>> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1) >> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)
>> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X) >> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)
>> X-remote-IP: * or %00 or %0A >> X-remote-IP: * or %00 or %0A
http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
""" """
headers = kwargs.get("headers", {}) headers = kwargs.get("headers", {})