From 56f0b811a6f52623fd08cf0aee149f76ba7baf36 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 21 Sep 2015 13:23:56 +0200
Subject: [PATCH] Minor patch

---
 lib/controller/checks.py | 10 ++++++++++
 lib/core/settings.py     |  3 +++
 2 files changed, 13 insertions(+)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 2cb131ad3..bb2d62d6c 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -39,6 +39,7 @@ from lib.core.common import singleTimeWarnMessage
 from lib.core.common import urlencode
 from lib.core.common import wasLastResponseDBMSError
 from lib.core.common import wasLastResponseHTTPError
+from lib.core.defaults import defaults
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -68,6 +69,7 @@ from lib.core.settings import URI_HTTP_HEADER
 from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
 from lib.core.settings import IDS_WAF_CHECK_RATIO
+from lib.core.settings import IDS_WAF_CHECK_TIMEOUT
 from lib.core.threads import getCurrentThreadData
 from lib.request.connect import Connect as Request
 from lib.request.inject import checkBooleanExpression
@@ -1153,12 +1155,16 @@ def checkWaf():
     value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
     value += agent.addPayloadDelimiters("%s=%s" % (randomStr(), payload))
 
+    pushValue(conf.timeout)
+    conf.timeout = IDS_WAF_CHECK_TIMEOUT
+
     try:
         retVal = Request.queryPage(place=PLACE.GET, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO
     except SqlmapConnectionException:
         retVal = True
     finally:
         kb.matchRatio = None
+        conf.timeout = popValue()
 
     if retVal:
         warnMsg = "heuristics detected that the target "
@@ -1173,6 +1179,10 @@ def checkWaf():
             if output and output[0] in ("Y", "y"):
                 conf.identifyWaf = True
 
+        if conf.timeout == defaults.timeout:
+            logger.warning("dropping timeout to 5 seconds (i.e. '--timeout=5')")
+            conf.timeout = 5
+
     return retVal
 
 def identifyWaf():
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 303c10cf4..c18eb57dd 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -42,6 +42,9 @@ CONSTANT_RATIO = 0.9
 # Ratio used in heuristic check for WAF/IDS/IPS protected targets
 IDS_WAF_CHECK_RATIO = 0.5
 
+# Timeout used in heuristic check for WAF/IDS/IPS protected targets
+IDS_WAF_CHECK_TIMEOUT = 10
+
 # Lower and upper values for match ratio in case of stable page
 LOWER_RATIO_BOUND = 0.02
 UPPER_RATIO_BOUND = 0.98