From 46480d777ad9f20c8c6391ea115a6ff17fdbd1e0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 20 Sep 2014 14:48:36 +0200
Subject: [PATCH] Update for an Issue #835

---
 doc/THANKS.md             |  3 +++
 tamper/randomfakeproxy.py | 40 ---------------------------------------
 tamper/varnish.py         |  2 +-
 tamper/xforwardedfor.py   | 29 ++++++++++++++++++++++++++++
 4 files changed, 33 insertions(+), 41 deletions(-)
 delete mode 100644 tamper/randomfakeproxy.py
 create mode 100644 tamper/xforwardedfor.py

diff --git a/doc/THANKS.md b/doc/THANKS.md
index e90ff7f88..3878a18fb 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -226,6 +226,9 @@ Daniel Huckmann, <sanitybit@gmail.com>
 Daliev Ilya, <daliser@yandex.ru>
 * for reporting a bug
 
+Mehmet İnce, <mehmet@mehmetince.net>
+* for contributing a tamper script xforwardedfor.py
+
 Jovon Itwaru, <jovon.itwaru@gmail.com>
 * for reporting a minor bug
 
diff --git a/tamper/randomfakeproxy.py b/tamper/randomfakeproxy.py
deleted file mode 100644
index 65decde15..000000000
--- a/tamper/randomfakeproxy.py
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
-"""
-
-from lib.core.enums import PRIORITY
-from random import randrange
-__priority__ = PRIORITY.NORMAL
-
-def dependencies():
-    pass
-
-def generateIP():
-    blockOne = randrange(0, 255, 1)
-    blockTwo = randrange(0, 255, 1)
-    blockThree = randrange(0, 255, 1)
-    blockFour = randrange(0, 255, 1)
-    if blockOne == 10:
-        return generateIP()
-    elif blockOne == 172:
-        return generateIP()
-    elif blockOne == 192:
-        return generateIP()
-    else:
-        return str(blockOne) + '.' + str(blockTwo) + '.' + str(blockThree) + '.' + str(blockFour)
-
-def tamper(payload, **kwargs):
-    """
-    Append a HTTP Request Parameter to bypass
-    WAF (usually application based ) Ban
-    protection bypass.
-
-    Mehmet INCE
-    """
-
-    headers = kwargs.get("headers", {})
-    headers["X-Forwarded-For"] = generateIP()
-    return payload
diff --git a/tamper/varnish.py b/tamper/varnish.py
index 48e94b20b..14f4c6728 100644
--- a/tamper/varnish.py
+++ b/tamper/varnish.py
@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Append a HTTP Request Parameter to bypass
+    Append a HTTP header 'X-originating-IP' to bypass
     WAF Protection of Varnish Firewall
 
     Notes:
diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py
new file mode 100644
index 000000000..198c524ce
--- /dev/null
+++ b/tamper/xforwardedfor.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+from random import sample
+__priority__ = PRIORITY.NORMAL
+
+def dependencies():
+    pass
+
+def randomIP():
+    numbers = []
+    while not numbers or numbers[0] in (10, 172, 192):
+        numbers = sample(xrange(1, 255), 4)
+    return '.'.join(str(_) for _ in numbers)
+
+def tamper(payload, **kwargs):
+    """
+    Append a fake HTTP header 'X-Forwarded-For' to bypass
+    WAF (usually application based) protection
+    """
+
+    headers = kwargs.get("headers", {})
+    headers["X-Forwarded-For"] = randomIP()
+    return payload