Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))

2025-11-04 01:47:37 +03:00 · 2013-02-01 10:03:06 +01:00 · 2013-02-01 10:03:06 +01:00 · 6d942f92b5
commit 6d942f92b5
parent 68e507ea9f
6 changed files with 1 additions and 66 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -974,7 +974,6 @@ def setPaths():
    paths.SMALL_DICT = os.path.join(paths.SQLMAP_TXT_PATH, "smalldict.txt")
    paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt")
    paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.zip")
-    paths.PHPIDS_RULES_XML = os.path.join(paths.SQLMAP_XML_PATH, "phpids_rules.xml")
    paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
    paths.PAYLOADS_XML = os.path.join(paths.SQLMAP_XML_PATH, "payloads.xml")
    paths.INJECTIONS_XML = os.path.join(paths.SQLMAP_XML_PATH, "injections.xml")
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@ -205,6 +205,7 @@ POST_HINT_CONTENT_TYPES = {
 DEPRECATED_OPTIONS = {
                        "--replicate": "use '--dump-format=SQLITE' instead",
                        "--no-unescape": "use '--no-escape' instead",
+                        "--check-payload": None,
                     }

 DUMP_DATA_PREPROCESS = {
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -195,7 +195,6 @@ optDict = {
                               "alert":             "string",
                               "answers":           "string",
                               "beep":              "boolean",
-                               "checkPayload":      "boolean",
                               "checkWaf":          "boolean",
                               "cleanup":           "boolean",
                               "dependencies":      "boolean",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -612,10 +612,6 @@ def cmdLineParser():
        miscellaneous.add_option("--beep", dest="beep", action="store_true",
                                  help="Make a beep sound when SQL injection is found")

-        miscellaneous.add_option("--check-payload", dest="checkPayload",
-                                  action="store_true",
-                                  help="Offline WAF/IPS/IDS payload detection testing")
-
        miscellaneous.add_option("--check-waf", dest="checkWaf",
                                  action="store_true",
                                  help="Check for existence of WAF/IPS/IDS protection")
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -79,7 +79,6 @@ from lib.request.basic import processResponse
 from lib.request.direct import direct
 from lib.request.comparison import comparison
 from lib.request.methodrequest import MethodRequest
-from lib.utils.checkpayload import checkPayload
 from thirdparty.socks.socks import ProxyError
 from thirdparty.multipart import multipartpost

@ -658,9 +657,6 @@ class Connect(object):
        if place:
            value = agent.removePayloadDelimiters(value)

-        if conf.checkPayload:
-            checkPayload(value)
-
        if PLACE.GET in conf.parameters:
            get = conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value

--- a/lib/utils/checkpayload.py
+++ b/lib/utils/checkpayload.py
@ -1,56 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
-"""
-
-import re
-
-from lib.core.common import readXmlFile
-from lib.core.common import urldecode
-from lib.core.data import paths
-from lib.core.data import logger
-
-rules = None
-
-def _adjustGrammar(string):
-    string = re.sub('\ADetects', 'Detected', string)
-    string = re.sub('\Afinds', 'Found', string)
-    string = re.sub('attempts\Z', 'attempt', string)
-    string = re.sub('injections\Z', 'injection', string)
-    string = re.sub('attacks\Z', 'attack', string)
-
-    return string
-
-def checkPayload(payload):
-    """
-    This method checks if the generated payload is detectable by the
-    PHPIDS filter rules
-    """
-
-    if not payload:
-        return
-
-    global rules
-
-    detected = False
-    payload = urldecode(payload, convall=True)
-
-    if not rules:
-        xmlrules = readXmlFile(paths.PHPIDS_RULES_XML)
-        rules = []
-
-        for xmlrule in xmlrules.getElementsByTagName("filter"):
-            rule = "(?i)%s" % xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue
-            desc = _adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue)
-            rules.append((rule, desc))
-
-    if payload:
-        for rule, desc in rules:
-            if re.search(rule, payload):
-                detected = True
-                logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload))
-
-    if not detected:
-        logger.warn("payload '%s' possibly gone undetected" % payload)