From 53d0d5bf8b42a519e97d9a38d9881fd94d0e35e1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 8 Sep 2014 14:33:13 +0200 Subject: [PATCH] Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved) --- lib/controller/checks.py | 3 ++- lib/core/option.py | 1 + lib/request/connect.py | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index d6a403afc..c8af38cdf 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -112,7 +112,7 @@ def checkSqlInjection(place, parameter, value): kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else ([conf.dbms]) title = test.title - stype = test.stype + kb.testType = stype = test.stype clause = test.clause unionExtended = False @@ -1175,6 +1175,7 @@ def identifyWaf(): infoMsg = "no WAF/IDS/IPS product has been identified" logger.info(infoMsg) + kb.testType = None kb.testMode = False return retVal diff --git a/lib/core/option.py b/lib/core/option.py index 5b5fec0cf..fa1029a58 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1741,6 +1741,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.technique = None kb.testMode = False kb.testQueryCount = 0 + kb.testType = None kb.threadContinue = True kb.threadException = False kb.tableExistsChoice = None diff --git a/lib/request/connect.py b/lib/request/connect.py index 021cdb196..99e6fa07b 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -533,6 +533,8 @@ class Connect(object): elif "forcibly closed" in tbMsg: warnMsg = "connection was forcibly closed by the target URL" elif "timed out" in tbMsg: + if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED): + singleTimeWarnMessage("there is a possibility that the target (or WAF) is dropping 'suspicious' requests") warnMsg = "connection timed out to the target URL" elif "URLError" in tbMsg or "error" in tbMsg: warnMsg = "unable to connect to the target URL"