From 574b3a79aa569f57d5a9e41fc7453213c71f5b64 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 21 Jan 2016 10:16:23 +0100
Subject: [PATCH] Adding support for detection of CloudFlare responses

---
 lib/controller/checks.py | 7 ++++++-
 lib/core/settings.py     | 3 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index f3167a41f..52a980ba5 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -62,6 +62,7 @@ from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapUserQuitException
+from lib.core.settings import CLOUDFLARE_SERVER_HEADER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
@@ -1363,7 +1364,7 @@ def checkConnection(suppressOutput=False):
 
     try:
         kb.originalPageTime = time.time()
-        page, _ = Request.queryPage(content=True, noteResponseTime=False)
+        page, headers = Request.queryPage(content=True, noteResponseTime=False)
         kb.originalPage = kb.pageTemplate = page
 
         kb.errorIsNone = False
@@ -1382,6 +1383,10 @@ def checkConnection(suppressOutput=False):
         else:
             kb.errorIsNone = True
 
+        if headers and headers.get("Server", "") == CLOUDFLARE_SERVER_HEADER:
+            warnMsg = "CloudFlare response detected"
+            logger.warn(warnMsg)
+
     except SqlmapConnectionException, ex:
         if conf.ipv6:
             warnMsg = "check connection to a provided "
diff --git a/lib/core/settings.py b/lib/core/settings.py
index a882893d7..9dfd83c16 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -309,6 +309,9 @@ BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s(.+?)\s={10,}"
 # Regex used for parsing XML Burp saved history items
 BURP_XML_HISTORY_REGEX = r'<port>(\d+)</port>.+?<request base64="true"><!\[CDATA\[([^]]+)'
 
+# Server header in CloudFlare responses
+CLOUDFLARE_SERVER_HEADER = "cloudflare-nginx"
+
 # Encoding used for Unicode data
 UNICODE_ENCODING = "utf8"