Minor patch (disable tamper script usage in WAF/IDS/IPS check phase)

This commit is contained in:
Miroslav Stampar 2018-04-11 14:48:54 +02:00
parent c634f0b0d6
commit a8cb14ed4a
4 changed files with 7 additions and 7 deletions

View File

@ -1359,7 +1359,7 @@ def checkWaf():
conf.timeout = IDS_WAF_CHECK_TIMEOUT
try:
retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO
retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, disableTampering=True)[1] < IDS_WAF_CHECK_RATIO
except SqlmapConnectionException:
retVal = True
finally:

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.4.12"
VERSION = "1.2.4.13"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -770,7 +770,7 @@ class Connect(object):
@staticmethod
@stackedmethod
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True, disableTampering=False):
"""
This method calls a function to get the target URL page content
and returns its page ratio (0 <= ratio <= 1) or a boolean value
@ -817,7 +817,7 @@ class Connect(object):
conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
if payload:
if kb.tamperFunctions:
if not disableTampering and kb.tamperFunctions:
for function in kb.tamperFunctions:
try:
payload = function(payload=payload, headers=auxHeaders)

View File

@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py
1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py
b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py
0f581182871148b0456a691ae85b04c0 lib/controller/action.py
5084b16b037ed8d29f594f6113fe78e3 lib/controller/checks.py
56d325f83671146c28ac300ff553420f lib/controller/checks.py
c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py
c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
16bc4ff0ccd5121f1b90016b5d759ef6 lib/core/settings.py
8a247c468eef23045b8537d4ff98d823 lib/core/settings.py
0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py
@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py
30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py
7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py
c0cabedead14b8a23353b606672cff42 lib/request/comparison.py
18052b8924b77eb2e772350b262aae88 lib/request/connect.py
1865164621eb94c9c231006765065c17 lib/request/connect.py
dd4598675027fae99f2e2475b05986da lib/request/direct.py
2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py
eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py