Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)

2025-01-23 15:54:24 +03:00 · 2014-09-08 14:33:13 +02:00 · 2014-09-08 14:33:13 +02:00 · 53d0d5bf8b
commit 53d0d5bf8b
parent 055b759145
3 changed files with 5 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -112,7 +112,7 @@ def checkSqlInjection(place, parameter, value):
                kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else ([conf.dbms])

            title = test.title
-            stype = test.stype
+            kb.testType = stype = test.stype
            clause = test.clause
            unionExtended = False

@ -1175,6 +1175,7 @@ def identifyWaf():
        infoMsg = "no WAF/IDS/IPS product has been identified"
        logger.info(infoMsg)

+    kb.testType = None
    kb.testMode = False

    return retVal
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1741,6 +1741,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.technique = None
    kb.testMode = False
    kb.testQueryCount = 0
+    kb.testType = None
    kb.threadContinue = True
    kb.threadException = False
    kb.tableExistsChoice = None
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -533,6 +533,8 @@ class Connect(object):
            elif "forcibly closed" in tbMsg:
                warnMsg = "connection was forcibly closed by the target URL"
            elif "timed out" in tbMsg:
+                if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
+                    singleTimeWarnMessage("there is a possibility that the target (or WAF) is dropping 'suspicious' requests")
                warnMsg = "connection timed out to the target URL"
            elif "URLError" in tbMsg or "error" in tbMsg:
                warnMsg = "unable to connect to the target URL"