implementation of referer feature

lib/controller/checks.py

@@ -399,6 +399,8 @@ def checkSqlInjection(place, parameter, value):
                         if injection.place is None or injection.parameter is None:
                             if place == PLACE.UA:
                                 injection.parameter = conf.agent
+                            elif place == PLACE.REFERER:
+                                injection.parameter = conf.referer
                             else:
                                 injection.parameter = parameter
 

lib/core/agent.py

@@ -108,7 +108,7 @@ class Agent:
             retValue = ET.tostring(root)
         elif place == PLACE.URI:
             retValue = paramString.replace("%s%s" % (origValue, URI_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
-        elif place == PLACE.UA:
+        elif place in (PLACE.UA, PLACE.REFERER):
             retValue = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:
             retValue = paramString.replace("%s=%s" % (parameter, origValue),

lib/core/enums.py

@@ -41,6 +41,7 @@ class PLACE:
     URI     = "URI"
     COOKIE  = "Cookie"
     UA      = "User-Agent"
+    REFERER = "Referer"
 
 class HTTPMETHOD:
     GET     = "GET"

lib/core/target.py

@@ -123,6 +123,20 @@ def __setRequestParams():
                     conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue }
                     __testableParameters = True
 
+            elif httpHeader == PLACE.REFERER:
+                # No need for url encoding/decoding the referer
+                conf.parameters[PLACE.REFERER] = urldecode(headerValue)
+
+                condition  = not conf.testParameter
+                condition |= PLACE.REFERER in conf.testParameter
+                condition |= "referer" in conf.testParameter
+                condition |= "referrer" in conf.testParameter
+                condition |= "ref" in conf.testParameter
+
+                if condition:
+                    conf.paramDict[PLACE.REFERER] = { PLACE.REFERER: headerValue }
+                    __testableParameters = True
+
     if not conf.parameters:
         errMsg  = "you did not provide any GET, POST and Cookie "
         errMsg += "parameter, neither an User-Agent header"

lib/request/basic.py

@@ -30,9 +30,9 @@ from lib.core.settings import UNICODE_ENCODING
 from lib.parse.headers import headersParser
 from lib.parse.html import htmlParser
 
-def forgeHeaders(cookie, ua):
+def forgeHeaders(cookie, ua, referer):
     """
-    Prepare HTTP Cookie and HTTP User-Agent headers to use when performing
+    Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing
     the HTTP requests
     """
 
@@ -43,6 +43,8 @@ def forgeHeaders(cookie, ua):
             headers[header] = cookie
         elif ua and header == "User-Agent":
             headers[header] = ua
+        elif referer and header == "Referer":
+            headers[header] = referer
         else:
             headers[header] = value
 

lib/request/connect.py

@@ -82,6 +82,7 @@ class Connect:
         method          = kwargs.get('method',        None)
         cookie          = kwargs.get('cookie',        None)
         ua              = kwargs.get('ua',            None)
+        referer         = kwargs.get('referer',       None)
         direct          = kwargs.get('direct',        False)
         multipart       = kwargs.get('multipart',     False)
         silent          = kwargs.get('silent',        False)
@@ -139,7 +140,7 @@ class Connect:
             requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
 
             # Perform HTTP request
-            headers = forgeHeaders(cookie, ua)
+            headers = forgeHeaders(cookie, ua, referer)
 
             if conf.realTest:
                 headers["Referer"] = "%s://%s" % (conf.scheme, conf.hostname)
@@ -383,6 +384,7 @@ class Connect:
         post        = None
         cookie      = None
         ua          = None
+        referer     = None
         page        = None
         pageLength  = None
         uri         = None
@@ -424,6 +426,9 @@ class Connect:
         if PLACE.UA in conf.parameters:
             ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value
 
+        if PLACE.REFERER in conf.parameters:
+            referer = conf.parameters[PLACE.REFERER] if place != PLACE.REFERER or not value else value
+
         if PLACE.URI in conf.parameters:
             uri = conf.url if place != PLACE.URI or not value else value
         else:
@@ -443,7 +448,7 @@ class Connect:
         if conf.safUrl and conf.saFreq > 0:
             kb.queryCounter += 1
             if kb.queryCounter % conf.saFreq == 0:
-                Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua)
+                Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer)
 
         start = time.time()
 
@@ -456,7 +461,7 @@ class Connect:
 
                 auxHeaders["Range"] = "bytes=-1"
 
-            _, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
+            _, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
 
             if kb.nullConnection == NULLCONNECTION.HEAD and 'Content-Length' in headers:
                 pageLength = int(headers['Content-Length'])
@@ -464,7 +469,7 @@ class Connect:
                 pageLength = int(headers['Content-Range'][headers['Content-Range'].find('/') + 1:])
 
         if not pageLength:
-            page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
+            page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
 
         threadData.lastQueryDuration = calculateDeltaSeconds(start)