Commit Graph

238 Commits

Author SHA1 Message Date
Miroslav Stampar
e7ed2bbcbb Fixes #3391) 2018-11-30 11:29:17 +01:00
Miroslav Stampar
abb911d741 Just for the sake of #3377 2018-11-19 09:53:09 +01:00
Miroslav Stampar
dc5edf1a86 Patch regarding #3377 2018-11-19 09:52:09 +01:00
Miroslav Stampar
f2035145fe Another update related to the #3316 2018-10-26 12:10:22 +02:00
Jennifer Torres
4466504f30 Lua-Nginx WAFs Bypass (#3316)
* Lua-Nginx WAFs Bypass

Lua-Nginx WAFs doesn't support processing for more than 100 parameters.
https://www.youtube.com/watch?v=JUvro7cqidY

* Update luanginxwafbypass.py

* Update luanginxwafbypass.py

* Update luanginxwafbypass.py

* Update luanginxwafbypass.py

Update header.

* Update luanginxwafbypass.py
2018-10-26 12:04:37 +02:00
Miroslav Stampar
03bbfdbc56 Can't work out of the box (too many unknowns) 2018-10-02 14:11:26 +02:00
Miroslav Stampar
1b6365b195 Minor cleanup 2018-10-02 14:07:14 +02:00
Miroslav Stampar
a8a7dee800 Fixes #3239 2018-09-15 21:36:21 +02:00
xxbing
db8bcd1d2e update xforwarder tamper (#3236) 2018-09-13 10:50:58 +02:00
Miroslav Stampar
1f9bf587b5 Implementation for an Issue #3108 2018-07-31 02:18:33 +02:00
Miroslav Stampar
f0e4c20004 First commit related to the #3108 2018-07-31 01:17:11 +02:00
Miroslav Stampar
cef416559a Minor update 2018-07-31 00:20:52 +02:00
Miroslav Stampar
c268663bd9 Minor code style updates 2018-06-09 23:38:00 +02:00
Miroslav Stampar
694b5bb5c0 New tamper script (per user request) 2018-05-30 15:48:16 +02:00
Miroslav Stampar
fa4c1c5251 Some more PEPing (I hope that I haven't broke anything) 2018-03-13 13:45:42 +01:00
Miroslav Stampar
365fa5a52a Fixes #2923 2018-02-10 11:06:31 +01:00
Miroslav Stampar
56a4e507e8 Minor refactoring 2018-02-08 16:49:16 +01:00
Miroslav Stampar
5b99180ffe Update for an Issue #806 2018-02-08 00:04:04 +01:00
Miroslav Stampar
061c8da36b Proper overlongutf8.py (Issue #806) 2018-02-07 23:59:36 +01:00
Miroslav Stampar
8a122401aa Update of copyright years 2018-01-02 00:48:10 +01:00
Miroslav Stampar
5326df1071 Minor grammar fix 2017-12-13 13:49:55 +01:00
Miroslav Stampar
bf8b2eb21e Minor update regarding #2791 2017-11-22 13:29:39 +01:00
Vitaly Salnikov
1436333960 Add new tamper script witch can Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END', it could be usefull for bypass some weak WAFs that filter the 'IFNULL' and 'IF' functions (#2791) 2017-11-22 13:27:49 +01:00
Miroslav Stampar
8c6b761044 Replacing doc/COPYING to LICENSE 2017-10-11 14:50:46 +02:00
Miroslav Stampar
b7db28a89b Minor refactoring (unused imports) 2017-10-10 16:14:39 +02:00
Miroslav Stampar
09ddb3bd8b Minor update for #2731 (--smoke-test failed) 2017-10-04 14:02:47 +02:00
europa
3fbe2f645a Added Unicode-escape tamper script 2017-10-04 12:22:31 +02:00
Miroslav Stampar
2496db9d96 Update for #2690 2017-09-08 11:59:26 +02:00
Miroslav Stampar
a3249019d9 Patch for an Issue #2690 2017-09-08 11:43:10 +02:00
Miroslav Stampar
d038d027f9 Minor updates 2017-07-05 13:51:48 +02:00
neargle
ca24509e19 append %A0 to space2mysqlblank 2017-06-19 22:39:09 +08:00
Miroslav Stampar
c198fd7939 Update for an Issue #13 2017-04-12 10:54:29 +02:00
Miroslav Stampar
98e449e38c Adding plus2fnconcat tamper script (Issue #2396) 2017-02-17 10:26:25 +01:00
Miroslav Stampar
9acf122ba6 Patch for an Issue #2396 2017-02-16 16:56:54 +01:00
Daniel Almeida
aa9989ff90 [add] new space 2 more comment bypass 2017-01-31 10:50:14 -02:00
Miroslav Stampar
55272f7a3b New version preparation 2017-01-02 14:19:18 +01:00
Miroslav Stampar
4ac319b074 Adding new tamper script plus2concat (thank you Luka Pusic) 2016-12-01 22:28:07 +01:00
Miroslav Stampar
b3b5bd267d Adding new tamper script (on request from @MilanGabor) 2016-09-15 17:59:01 +02:00
Miroslav Stampar
0c5965c7b8 Minor patches 2016-04-19 13:13:37 +02:00
Miroslav Stampar
074fbbcea5 Implementation for an Issue #1776 2016-03-23 15:45:49 +01:00
Miroslav Stampar
f190327da3 Minor update 2016-02-27 15:41:15 +01:00
Miroslav Stampar
cedfdc78f4 Adding escapequotes.py (utility tamper script) 2016-02-05 12:00:57 +01:00
Miroslav Stampar
d0d676ccce Update of copyright string 2016-01-06 00:06:12 +01:00
Miroslav Stampar
bae9db65ab Minor update 2015-10-31 16:33:48 +01:00
Miroslav Stampar
2642e453b5 New tamper script 2015-10-31 16:24:32 +01:00
Miroslav Stampar
12b9939baa Minor refactoring 2015-09-24 10:24:37 +02:00
Miroslav Stampar
158ae501c1 Bug fix for tamper script equaltolike (has been doing problems when used with MsSQL) 2015-09-22 14:32:52 +02:00
Miroslav Stampar
5ce3306114 Adding new tamper script (Issue #1247) 2015-09-13 14:47:27 +02:00
Miroslav Stampar
f494004f44 Switching to the getSafeExString (where it can be used) 2015-09-10 15:51:33 +02:00
Miroslav Stampar
87b5262ef7 Minor patch 2015-06-01 14:18:21 +02:00
Miroslav Stampar
515ba5fb31 Minor patch for an Issue #1252 2015-06-01 11:13:02 +02:00
Miroslav Stampar
c62b0f7e68 New tamper script 2015-05-28 23:49:44 +02:00
Miroslav Stampar
e3130c1ba1 Implements #1207 2015-03-26 11:57:51 +01:00
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
cf3b02ee04 Proper fix for #1053 2014-12-19 09:26:01 +01:00
Miroslav Stampar
35ed668a85 Minor improvement of the randomcase tamper script 2014-10-07 13:09:37 +02:00
Miroslav Stampar
46480d777a Update for an Issue #835 2014-09-20 14:48:36 +02:00
Mehmet INCE
d34a57041e Add random X-Forwarded-For to bypass IP Ban. 2014-09-19 20:59:33 +03:00
Miroslav Stampar
fa1cfa21e6 Improvement to BlueCoat's tamper script 2014-08-28 12:34:15 +02:00
Miroslav Stampar
13bf338f86 Implementation for an Issue #806 2014-08-28 11:58:22 +02:00
Miroslav Stampar
5d10bae31f Removing trailing blank lines 2014-08-20 21:07:19 +02:00
Miroslav Stampar
6c4c82758d Fix for an Issue #768 2014-07-29 13:26:58 +02:00
Miroslav Stampar
305ec45fc6 Update for an Issue #760 2014-07-10 08:52:32 +02:00
Miroslav Stampar
32af0b17b0 Update for an Issue #760 2014-07-10 08:49:20 +02:00
securitygeneration
5659eeec10 Modified regex to be case insensitive
Changed the regular expression to be case insensitive so that it works with the randomcase.py tamper script.
2014-06-08 19:14:38 +01:00
Miroslav Stampar
dac386735a Patch for an Issue #713 2014-06-08 12:34:12 +02:00
Miroslav Stampar
efa3c3e451 Minor improvement of between tamper script 2014-04-22 11:04:28 +02:00
Miroslav Stampar
6fd3c27f70 Update for an Issue #672 2014-04-22 08:48:12 +02:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
3ff01f5777 Adding new tamper script 2013-11-09 00:23:34 +01:00
Miroslav Stampar
099e931a15 Minor fix 2013-09-21 12:24:49 +02:00
Miroslav Stampar
7725695f26 Fix for an Issue #511 2013-08-21 11:25:41 +02:00
Miroslav Stampar
02da417b23 Fix for a tamper script (in some cases comments were not inserted) 2013-07-31 09:52:10 +02:00
Miroslav Stampar
92dfb0f817 Minor patch 2013-06-16 12:35:20 +02:00
Miroslav Stampar
351c70b390 Locale module screws string.letters, etc. in some cases (e.g. IDLE run) 2013-06-01 14:06:58 +02:00
Miroslav Stampar
b8ab37651c Minor update (tested against LAMP - %A0 makes problems) 2013-05-12 15:21:56 +02:00
Miroslav Stampar
4cb378ce3e Another update for an Issue #352 and couple of fixes 2013-03-13 21:57:09 +01:00
stamparm
ba015608c6 Update for special cases 2013-02-19 10:12:47 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
55a9f91bbf Refactoring between.py script 2013-01-29 16:22:19 +01:00
Miroslav Stampar
e150316d97 Slight update for a greatest.py (more general approach) 2013-01-25 10:37:45 +01:00
Miroslav Stampar
90daef0b9c Update of a doc/THANKS 2013-01-25 10:27:57 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
8b7cbe03b0 Replacing CRLF with LF in rest of files 2012-12-26 17:12:17 +01:00
Miroslav Stampar
c41618416c Removing trailing blanks 2012-12-14 12:00:45 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
42a8234c6f Update for an Issue #12 2012-12-03 14:27:01 +01:00
Miroslav Stampar
6ea07f7ba9 Fix of false statement (bluecoat.py was not meant to be used only against MySQL - Issue #261) 2012-11-29 15:53:54 +01:00
Miroslav Stampar
bdd819d7f2 Improvement of a between.py tamper script 2012-11-29 14:41:07 +01:00
Miroslav Stampar
5352b3ebd9 Refactoring code in tamper/bluecoat.py 2012-11-05 13:09:53 +01:00
Thanatos
60aa7a7cd0 Tamper for BlueCoat SGos WAF 2012-11-03 19:15:22 +01:00
Miroslav Stampar
12fc9442b9 Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 10:10:23 +02:00
Miroslav Stampar
9451bfccaf Update for Issue #163 2012-09-06 13:14:20 +02:00
Bernardo Damele
d492291744 working on issue #12 2012-07-26 23:11:07 +01:00
Miroslav Stampar
7f4fa7c27d Minor refactoring 2012-07-24 01:21:32 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
982fcde1c0 Fix for Issue #62 2012-07-06 12:24:55 +02:00