Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)

lib/controller/checks.py

@@ -112,7 +112,7 @@ def checkSqlInjection(place, parameter, value):
                 kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else ([conf.dbms])
 
             title = test.title
-            stype = test.stype
+            kb.testType = stype = test.stype
             clause = test.clause
             unionExtended = False
 
@@ -1175,6 +1175,7 @@ def identifyWaf():
         infoMsg = "no WAF/IDS/IPS product has been identified"
         logger.info(infoMsg)
 
+    kb.testType = None
     kb.testMode = False
 
     return retVal

lib/core/option.py

@@ -1741,6 +1741,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.technique = None
     kb.testMode = False
     kb.testQueryCount = 0
+    kb.testType = None
     kb.threadContinue = True
     kb.threadException = False
     kb.tableExistsChoice = None

lib/request/connect.py

@@ -533,6 +533,8 @@ class Connect(object):
             elif "forcibly closed" in tbMsg:
                 warnMsg = "connection was forcibly closed by the target URL"
             elif "timed out" in tbMsg:
+                if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
+                    singleTimeWarnMessage("there is a possibility that the target (or WAF) is dropping 'suspicious' requests")
                 warnMsg = "connection timed out to the target URL"
             elif "URLError" in tbMsg or "error" in tbMsg:
                 warnMsg = "unable to connect to the target URL"