search

Ekultek / WhatWaf

Detect and bypass web application firewalls and protection systems
Other
2.61k stars 443 forks source link

[FATAL] WhatWaf has caught an unhandled exception with the error message: ''>' not supported between instances of 'NoneType' and 'int''. #91

Closed ashok-nurture closed 6 years ago

ashok-nurture commented 6 years ago

Traceback:

  File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/whatwaf/main.py", line 210, in main
    request_type=request_type
  File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/content/__init__.py", line 452, in detection_main
    tamper_int=tamper_int, throttle=throttle, timeout=req_timeout, provided_headers=provided_headers
  File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/content/__init__.py", line 170, in get_working_tampers
    if max_successful_payloads > len(tampers):

CMD line: ./whatwaf.py -u ******************** Version: 0.8.3

Ekultek commented 6 years ago

Run again with the same URL in verbose and with the —traffic flag. Send me the traffic file to staysalty@protonmail.com and post the output of the verbose flag if you would please

ashok-nurture commented 6 years ago

[WARN] it is highly advised to use a proxy when using WhatWaf. do so by passing the proxy flag (IE --proxy http://127.0.0.1:9050) [INFO] using User-Agent 'whatwaf/0.8.3 (Language=3.6.1; Platform=Darwin)' [INFO] using default payloads [INFO] saving HTTP traffic to 'traffic.out' [INFO] running single web application 'https://github.com' [INFO] request type: GET [INFO] gathering HTTP responses [PAYLOAD] [DEBUG] trying: 'https://github.com/' [DEBUG] trying: https://github.com/home.html [PAYLOAD] AND 1=1 ORDERBY(1,2,3,4,5) --; [DEBUG] trying: 'https://github.com/ AND 1=1 ORDERBY(1,2,3,4,5) --;' [DEBUG] trying: https://github.com/Default.htm [PAYLOAD] > [DEBUG] trying: 'https://github.com/>' [DEBUG] trying: https://github.com/index.php [PAYLOAD] AND 1=1 UNION ALL SELECT 1,NULL,1,'',table_name FROM information_schema.tables WHERE 2>1--//; EXEC xp_cmdshell('cat ../../../etc/passwd')# [DEBUG] trying: 'https://github.com/ AND 1=1 UNION ALL SELECT 1,NULL,1,'',table_name FROM information_schema.tables WHERE 2>1--//; EXEC xp_cmdshell('cat ../../../etc/passwd')#' [DEBUG] trying: https://github.com/default.html [PAYLOAD] [DEBUG] trying: 'https://github.com/' [DEBUG] trying: https://github.com/home.html [PAYLOAD] '))) AND 1=1,SELECT FROM information_schema.tables (((' [DEBUG] trying: 'https://github.com/'))) AND 1=1,SELECT FROM information_schema.tables ((('' [DEBUG] trying: https://github.com/home.htm [PAYLOAD] ' )) AND 1=1 (( ' -- rgzd [DEBUG] trying: 'https://github.com/' )) AND 1=1 (( ' -- rgzd' [DEBUG] trying: https://github.com/Index.html [PAYLOAD] ;SELECT FROM information_schema.tables WHERE 2>1 AND 1=1 OR 2=2 -- qdEf ' [DEBUG] trying: 'https://github.com/;SELECT FROM information_schema.tables WHERE 2>1 AND 1=1 OR 2=2 -- qdEf '' [DEBUG] trying: https://github.com/Home.html [PAYLOAD] ' OR '1'=1 ' [DEBUG] trying: 'https://github.com/' OR '1'=1 '' [DEBUG] trying: https://github.com/index.php5.exe [PAYLOAD] OR 1=1 [DEBUG] trying: 'https://github.com/ OR 1=1' [DEBUG] trying: https://github.com/home.py [PAYLOAD] <script> [DEBUG] trying: 'https://github.com/<script>' [DEBUG] trying: https://github.com/index.php4.exe [INFO] gathering normal response to compare against [INFO] loading firewall detection scripts [DEBUG] loading plugin script '360' [DEBUG] loading plugin script 'airlock' [DEBUG] loading plugin script 'akamai' [DEBUG] loading plugin script 'anquanbao' [DEBUG] loading plugin script 'apache' [DEBUG] loading plugin script 'armor' [DEBUG] loading plugin script 'asm' [DEBUG] loading plugin script 'aspnetgeneric' [DEBUG] loading plugin script 'aws' [DEBUG] loading plugin script 'baidu' [DEBUG] loading plugin script 'barracuda' [DEBUG] loading plugin script 'bigip' [DEBUG] loading plugin script 'binarysec' [DEBUG] loading plugin script 'blockdos' [DEBUG] loading plugin script 'ciscoacexml' [DEBUG] loading plugin script 'cloudflare' [DEBUG] loading plugin script 'cloudfront' [DEBUG] loading plugin script 'codeigniter' [DEBUG] loading plugin script 'comodo' [DEBUG] loading plugin script 'configserver' [DEBUG] loading plugin script 'datapower' [DEBUG] loading plugin script 'denyall' [DEBUG] loading plugin script 'dodenterpriseprotection' [DEBUG] loading plugin script 'dosarrest' [DEBUG] loading plugin script 'dotdefender' [DEBUG] loading plugin script 'dw' [DEBUG] loading plugin script 'edgecast' [DEBUG] loading plugin script 'expressionengine' [DEBUG] loading plugin script 'fortigate' [DEBUG] loading plugin script 'gladius' [DEBUG] loading plugin script 'incapsula' [DEBUG] loading plugin script 'modsecurity' [DEBUG] loading plugin script 'modsecurityowasp' [DEBUG] loading plugin script 'nginx' [DEBUG] loading plugin script 'paloalto' [DEBUG] loading plugin script 'perimx' [DEBUG] loading plugin script 'pk' [DEBUG] loading plugin script 'powerful' [DEBUG] loading plugin script 'radware' [DEBUG] loading plugin script 'safedog' [DEBUG] loading plugin script 'siteguard' [DEBUG] loading plugin script 'sonicwall' [DEBUG] loading plugin script 'squid' [DEBUG] loading plugin script 'stingray' [DEBUG] loading plugin script 'sucuri' [DEBUG] loading plugin script 'teros' [DEBUG] loading plugin script 'unknown' [DEBUG] loading plugin script 'urlscan' [DEBUG] loading plugin script 'varnish' [DEBUG] loading plugin script 'wallarm' [DEBUG] loading plugin script 'webknight' [DEBUG] loading plugin script 'webseal' [DEBUG] loading plugin script 'west263' [DEBUG] loading plugin script 'wordfence' [DEBUG] loading plugin script 'yundun' [DEBUG] loading plugin script 'yunsuo' [INFO] running firewall detection checks [SUCCESS] multiple protections identified on target: [SUCCESS] #1 'Open Source Web Application Firewall (Modsecurity)' [SUCCESS] #2 'Apache generic website protection' [SUCCESS] #3 'IBM Security Access Manager (WebSEAL)' [INFO] searching for bypasses [INFO] loading payload tampering scripts [DEBUG] loading tamper script 'apostrephemask' [DEBUG] loading tamper script 'apostrephenullify' [DEBUG] loading tamper script 'appendnull' [DEBUG] loading tamper script 'base64encode' [DEBUG] loading tamper script 'booleanmask' [DEBUG] loading tamper script 'doubleurlencode' [DEBUG] loading tamper script 'enclosebrackets' [DEBUG] loading tamper script 'escapequotes' [DEBUG] loading tamper script 'lowercase' [DEBUG] loading tamper script 'lowlevelunicodecharencode' [DEBUG] loading tamper script 'maskenclosebrackets' [DEBUG] loading tamper script 'modsec' [DEBUG] loading tamper script 'modsecspace2comment' [DEBUG] loading tamper script 'obfuscatebyhtmlentity' [DEBUG] loading tamper script 'obfuscatebyordinal' [DEBUG] loading tamper script 'prependnull' [DEBUG] loading tamper script 'randomcase' [DEBUG] loading tamper script 'randomcomments' [DEBUG] loading tamper script 'randomunicode' [DEBUG] loading tamper script 'space2comment' [DEBUG] loading tamper script 'space2doubledash' [DEBUG] loading tamper script 'space2hash' [DEBUG] loading tamper script 'space2multicomment' [DEBUG] loading tamper script 'space2null' [DEBUG] loading tamper script 'space2plus' [DEBUG] loading tamper script 'space2randomblank' [DEBUG] loading tamper script 'tabifyspace' [DEBUG] loading tamper script 'tripleurlencode' [DEBUG] loading tamper script 'uppercase' [DEBUG] loading tamper script 'urlencode' [DEBUG] loading tamper script 'urlencodeall' [FATAL] WhatWaf has caught an unhandled exception with the error message: ''>' not supported between instances of 'NoneType' and 'int''. You can create an issue here: 'https://github.com/Ekultek/WhatWaf/issues/new' [WARN] you will need the following information to create an issue:

Traceback:

  File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/whatwaf/main.py", line 210, in main
    request_type=request_type
  File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/content/__init__.py", line 452, in detection_main
    tamper_int=tamper_int, throttle=throttle, timeout=req_timeout, provided_headers=provided_headers
  File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/content/__init__.py", line 170, in get_working_tampers
    if max_successful_payloads > len(tampers):

CMD line: ./whatwaf.py -u ****************** --verbose --traffic traffic.out Version: 0.8.3

Ekultek commented 6 years ago

Cool, I have a pretty good idea what’s going on. All I need is to see the traffic file. I think the same concept will apply here using 2.7 may be a good work around for now.

Ekultek commented 6 years ago 
(venv2) TBG-a0216:whatwaf admin$ python whatwaf.py -u "*************"
                          ,------.  
                         '  .--.  ' 
,--.   .--.   ,--.   .--.|  |  |  | 
|  |   |  |   |  |   |  |'--'  |  | 
|  |   |  |   |  |   |  |    __.  | 
|  |.'.|  |   |  |.'.|  |   |   .'  
|         |   |         |   |___|   
|   ,'.   |hat|   ,'.   |af .---.   
'--'   '--'   '--'   '--'   '---'  
><script>alert("WhatWaf?<|>v0.8.3($dev)");</script>

[WARN] it is highly advised to use a proxy when using WhatWaf. do so by passing the proxy flag (IE `--proxy http://127.0.0.1:9050`)
[INFO] using User-Agent 'whatwaf/0.8.3 (Language=3.6.5; Platform=Darwin)'
[INFO] using default payloads
[INFO] running single web application 'https://github.com'
[INFO] request type: GET
[INFO] gathering HTTP responses
[INFO] gathering normal response to compare against
[INFO] loading firewall detection scripts
[INFO] running firewall detection checks
[SUCCESS] detected website protection identified as 'Open Source Web Application Firewall (Modsecurity)', searching for bypasses
[INFO] loading payload tampering scripts
[INFO] running tampering bypass checks
[WARN] no valid bypasses discovered with provided payloads
(venv2) TBG-a0216:whatwaf admin$ python --version
Python 3.6.5
(venv2) TBG-a0216:whatwaf admin$

Should be fixed via https://github.com/Ekultek/WhatWaf/commit/1611b710efa8f6fd53b3d4a3a54c78d8de82a12d