2018-10-27 18:58:52 +05:30
|
|
|
import re
|
2018-11-14 23:19:57 +05:30
|
|
|
import json
|
2018-10-27 18:58:52 +05:30
|
|
|
from core.requester import requester
|
|
|
|
|
|
2018-11-10 17:33:48 +05:30
|
|
|
def wafDetector(url, params, headers, GET, delay, timeout):
|
2018-11-14 23:19:57 +05:30
|
|
|
with open('./db/wafSignatures.json', 'r') as file:
|
|
|
|
|
wafSignatures = json.load(file)
|
2018-11-10 17:33:48 +05:30
|
|
|
noise = '<script>alert("XSS")</script>' #a payload which is noisy enough to provoke the WAF
|
2018-10-27 18:58:52 +05:30
|
|
|
params['xss'] = noise
|
2018-11-10 17:33:48 +05:30
|
|
|
response = requester(url, params, headers, GET, delay, timeout) # Opens the noise injected payload
|
2018-11-14 23:19:57 +05:30
|
|
|
page = response.text
|
2018-10-27 18:58:52 +05:30
|
|
|
code = str(response.status_code)
|
2018-11-14 23:19:57 +05:30
|
|
|
headers = str(response.headers)
|
|
|
|
|
if int(code) >= 400:
|
|
|
|
|
bestMatch = [0, None]
|
|
|
|
|
for wafName, wafSignature in wafSignatures.items():
|
|
|
|
|
score = 0
|
|
|
|
|
pageSign = wafSignature['page']
|
|
|
|
|
codeSign = wafSignature['code']
|
|
|
|
|
headersSign = wafSignature['headers']
|
|
|
|
|
if pageSign:
|
|
|
|
|
if re.search(pageSign, page, re.I):
|
|
|
|
|
score += 1
|
|
|
|
|
if codeSign:
|
|
|
|
|
if re.search(codeSign, code, re.I):
|
|
|
|
|
score += 0.5
|
|
|
|
|
if headersSign:
|
|
|
|
|
if re.search(headersSign, headers, re.I):
|
|
|
|
|
score += 1
|
|
|
|
|
if score > bestMatch[0]:
|
|
|
|
|
del bestMatch[:]
|
|
|
|
|
bestMatch.extend([score, wafName])
|
|
|
|
|
if bestMatch[0] != 0:
|
|
|
|
|
return bestMatch[1]
|
|
|
|
|
else:
|
|
|
|
|
return None
|
|
|
|
|
else:
|
|
|
|
|
return None
|
