From 32af0b17b0803979790f31418e18e9d3580e35e3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 10 Jul 2014 08:49:20 +0200
Subject: [PATCH] Update for an Issue #760

---
 lib/request/connect.py |  8 +++-----
 tamper/varnish.py      | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 5 deletions(-)
 create mode 100644 tamper/varnish.py

diff --git a/lib/request/connect.py b/lib/request/connect.py
index f3d404885..b3e4bbfdf 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -621,6 +621,9 @@ class Connect(object):
         if not place:
             place = kb.injection.place or PLACE.GET
 
+        if not auxHeaders:
+            auxHeaders = {}
+
         raise404 = place != PLACE.URI if raise404 is None else raise404
 
         value = agent.adjustLateValues(value)
@@ -735,8 +738,6 @@ class Connect(object):
             uri = conf.url
 
         if value and place == PLACE.CUSTOM_HEADER:
-            if not auxHeaders:
-                auxHeaders = {}
             auxHeaders[value.split(',')[0]] = value.split(',', 1)[1]
 
         if conf.rParam:
@@ -873,9 +874,6 @@ class Connect(object):
             if kb.nullConnection == NULLCONNECTION.HEAD:
                 method = HTTPMETHOD.HEAD
             elif kb.nullConnection == NULLCONNECTION.RANGE:
-                if not auxHeaders:
-                    auxHeaders = {}
-
                 auxHeaders[HTTP_HEADER.RANGE] = "bytes=-1"
 
             _, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ))
diff --git a/tamper/varnish.py b/tamper/varnish.py
new file mode 100644
index 000000000..b5f90ffa2
--- /dev/null
+++ b/tamper/varnish.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.NORMAL
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Append a HTTP Request Parameter to ByPass
+    WAF Protection of Varnish Firewall.
+
+    You can tamper with different Parameters, like:
+    >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
+    >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
+    >> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)
+    >> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)
+    >> X-remote-IP: * or %00 or %0A
+
+        http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
+
+    """
+
+    headers = kwargs.get("headers", {})
+    headers["X-originating-IP"] = "127.0.0.1"
+    return payload