Closed ashok-nurture closed 6 years ago
Run again with the same URL in verbose and with the —traffic
flag. Send me the traffic file to staysalty@protonmail.com and post the output of the verbose flag if you would please
--proxy http://127.0.0.1:9050
)
[INFO] using User-Agent 'whatwaf/0.8.3 (Language=3.6.1; Platform=Darwin)'
[INFO] using default payloads
[INFO] saving HTTP traffic to 'traffic.out'
[INFO] running single web application 'https://github.com'
[INFO] request type: GET
[INFO] gathering HTTP responses
[PAYLOAD]
[DEBUG] trying: 'https://github.com/'
[DEBUG] trying: https://github.com/home.html
[PAYLOAD] AND 1=1 ORDERBY(1,2,3,4,5) --;
[DEBUG] trying: 'https://github.com/ AND 1=1 ORDERBY(1,2,3,4,5) --;'
[DEBUG] trying: https://github.com/Default.htm
[PAYLOAD] >
[DEBUG] trying: 'https://github.com/>'
[DEBUG] trying: https://github.com/index.php
[PAYLOAD] AND 1=1 UNION ALL SELECT 1,NULL,1,'',table_name FROM information_schema.tables WHERE 2>1--//; EXEC xp_cmdshell('cat ../../../etc/passwd')#
[DEBUG] trying: 'https://github.com/ AND 1=1 UNION ALL SELECT 1,NULL,1,'',table_name FROM information_schema.tables WHERE 2>1--//; EXEC xp_cmdshell('cat ../../../etc/passwd')#'
[DEBUG] trying: https://github.com/default.html
[PAYLOAD]
[DEBUG] trying: 'https://github.com/'
[DEBUG] trying: https://github.com/home.html
[PAYLOAD] '))) AND 1=1,SELECT FROM information_schema.tables ((('
[DEBUG] trying: 'https://github.com/'))) AND 1=1,SELECT FROM information_schema.tables (((''
[DEBUG] trying: https://github.com/home.htm
[PAYLOAD] ' )) AND 1=1 (( ' -- rgzd
[DEBUG] trying: 'https://github.com/' )) AND 1=1 (( ' -- rgzd'
[DEBUG] trying: https://github.com/Index.html
[PAYLOAD] ;SELECT FROM information_schema.tables WHERE 2>1 AND 1=1 OR 2=2 -- qdEf '
[DEBUG] trying: 'https://github.com/;SELECT FROM information_schema.tables WHERE 2>1 AND 1=1 OR 2=2 -- qdEf ''
[DEBUG] trying: https://github.com/Home.html
[PAYLOAD] ' OR '1'=1 '
[DEBUG] trying: 'https://github.com/' OR '1'=1 ''
[DEBUG] trying: https://github.com/index.php5.exe
[PAYLOAD] OR 1=1
[DEBUG] trying: 'https://github.com/ OR 1=1'
[DEBUG] trying: https://github.com/home.py
[PAYLOAD] <script>
[DEBUG] trying: 'https://github.com/<script>'
[DEBUG] trying: https://github.com/index.php4.exe
[INFO] gathering normal response to compare against
[INFO] loading firewall detection scripts
[DEBUG] loading plugin script '360'
[DEBUG] loading plugin script 'airlock'
[DEBUG] loading plugin script 'akamai'
[DEBUG] loading plugin script 'anquanbao'
[DEBUG] loading plugin script 'apache'
[DEBUG] loading plugin script 'armor'
[DEBUG] loading plugin script 'asm'
[DEBUG] loading plugin script 'aspnetgeneric'
[DEBUG] loading plugin script 'aws'
[DEBUG] loading plugin script 'baidu'
[DEBUG] loading plugin script 'barracuda'
[DEBUG] loading plugin script 'bigip'
[DEBUG] loading plugin script 'binarysec'
[DEBUG] loading plugin script 'blockdos'
[DEBUG] loading plugin script 'ciscoacexml'
[DEBUG] loading plugin script 'cloudflare'
[DEBUG] loading plugin script 'cloudfront'
[DEBUG] loading plugin script 'codeigniter'
[DEBUG] loading plugin script 'comodo'
[DEBUG] loading plugin script 'configserver'
[DEBUG] loading plugin script 'datapower'
[DEBUG] loading plugin script 'denyall'
[DEBUG] loading plugin script 'dodenterpriseprotection'
[DEBUG] loading plugin script 'dosarrest'
[DEBUG] loading plugin script 'dotdefender'
[DEBUG] loading plugin script 'dw'
[DEBUG] loading plugin script 'edgecast'
[DEBUG] loading plugin script 'expressionengine'
[DEBUG] loading plugin script 'fortigate'
[DEBUG] loading plugin script 'gladius'
[DEBUG] loading plugin script 'incapsula'
[DEBUG] loading plugin script 'modsecurity'
[DEBUG] loading plugin script 'modsecurityowasp'
[DEBUG] loading plugin script 'nginx'
[DEBUG] loading plugin script 'paloalto'
[DEBUG] loading plugin script 'perimx'
[DEBUG] loading plugin script 'pk'
[DEBUG] loading plugin script 'powerful'
[DEBUG] loading plugin script 'radware'
[DEBUG] loading plugin script 'safedog'
[DEBUG] loading plugin script 'siteguard'
[DEBUG] loading plugin script 'sonicwall'
[DEBUG] loading plugin script 'squid'
[DEBUG] loading plugin script 'stingray'
[DEBUG] loading plugin script 'sucuri'
[DEBUG] loading plugin script 'teros'
[DEBUG] loading plugin script 'unknown'
[DEBUG] loading plugin script 'urlscan'
[DEBUG] loading plugin script 'varnish'
[DEBUG] loading plugin script 'wallarm'
[DEBUG] loading plugin script 'webknight'
[DEBUG] loading plugin script 'webseal'
[DEBUG] loading plugin script 'west263'
[DEBUG] loading plugin script 'wordfence'
[DEBUG] loading plugin script 'yundun'
[DEBUG] loading plugin script 'yunsuo'
[INFO] running firewall detection checks
[SUCCESS] multiple protections identified on target:
[SUCCESS] #1 'Open Source Web Application Firewall (Modsecurity)'
[SUCCESS] #2 'Apache generic website protection'
[SUCCESS] #3 'IBM Security Access Manager (WebSEAL)'
[INFO] searching for bypasses
[INFO] loading payload tampering scripts
[DEBUG] loading tamper script 'apostrephemask'
[DEBUG] loading tamper script 'apostrephenullify'
[DEBUG] loading tamper script 'appendnull'
[DEBUG] loading tamper script 'base64encode'
[DEBUG] loading tamper script 'booleanmask'
[DEBUG] loading tamper script 'doubleurlencode'
[DEBUG] loading tamper script 'enclosebrackets'
[DEBUG] loading tamper script 'escapequotes'
[DEBUG] loading tamper script 'lowercase'
[DEBUG] loading tamper script 'lowlevelunicodecharencode'
[DEBUG] loading tamper script 'maskenclosebrackets'
[DEBUG] loading tamper script 'modsec'
[DEBUG] loading tamper script 'modsecspace2comment'
[DEBUG] loading tamper script 'obfuscatebyhtmlentity'
[DEBUG] loading tamper script 'obfuscatebyordinal'
[DEBUG] loading tamper script 'prependnull'
[DEBUG] loading tamper script 'randomcase'
[DEBUG] loading tamper script 'randomcomments'
[DEBUG] loading tamper script 'randomunicode'
[DEBUG] loading tamper script 'space2comment'
[DEBUG] loading tamper script 'space2doubledash'
[DEBUG] loading tamper script 'space2hash'
[DEBUG] loading tamper script 'space2multicomment'
[DEBUG] loading tamper script 'space2null'
[DEBUG] loading tamper script 'space2plus'
[DEBUG] loading tamper script 'space2randomblank'
[DEBUG] loading tamper script 'tabifyspace'
[DEBUG] loading tamper script 'tripleurlencode'
[DEBUG] loading tamper script 'uppercase'
[DEBUG] loading tamper script 'urlencode'
[DEBUG] loading tamper script 'urlencodeall'
[FATAL] WhatWaf has caught an unhandled exception with the error message: ''>' not supported between instances of 'NoneType' and 'int''. You can create an issue here: 'https://github.com/Ekultek/WhatWaf/issues/new'
[WARN] you will need the following information to create an issue:Traceback:
File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/whatwaf/main.py", line 210, in main
request_type=request_type
File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/content/__init__.py", line 452, in detection_main
tamper_int=tamper_int, throttle=throttle, timeout=req_timeout, provided_headers=provided_headers
File "/Users/Ashok/Desktop/bahrain_dev/trials/whatwaf/content/__init__.py", line 170, in get_working_tampers
if max_successful_payloads > len(tampers):
./whatwaf.py -u ****************** --verbose --traffic traffic.out
Version: 0.8.3
Cool, I have a pretty good idea what’s going on. All I need is to see the traffic file. I think the same concept will apply here using 2.7 may be a good work around for now.
(venv2) TBG-a0216:whatwaf admin$ python whatwaf.py -u "*************"
,------.
' .--. '
,--. .--. ,--. .--.| | | |
| | | | | | | |'--' | |
| | | | | | | | __. |
| |.'.| | | |.'.| | | .'
| | | | |___|
| ,'. |hat| ,'. |af .---.
'--' '--' '--' '--' '---'
><script>alert("WhatWaf?<|>v0.8.3($dev)");</script>
[WARN] it is highly advised to use a proxy when using WhatWaf. do so by passing the proxy flag (IE `--proxy http://127.0.0.1:9050`)
[INFO] using User-Agent 'whatwaf/0.8.3 (Language=3.6.5; Platform=Darwin)'
[INFO] using default payloads
[INFO] running single web application 'https://github.com'
[INFO] request type: GET
[INFO] gathering HTTP responses
[INFO] gathering normal response to compare against
[INFO] loading firewall detection scripts
[INFO] running firewall detection checks
[SUCCESS] detected website protection identified as 'Open Source Web Application Firewall (Modsecurity)', searching for bypasses
[INFO] loading payload tampering scripts
[INFO] running tampering bypass checks
[WARN] no valid bypasses discovered with provided payloads
(venv2) TBG-a0216:whatwaf admin$ python --version
Python 3.6.5
(venv2) TBG-a0216:whatwaf admin$
Should be fixed via https://github.com/Ekultek/WhatWaf/commit/1611b710efa8f6fd53b3d4a3a54c78d8de82a12d
Traceback:
CMD line:
./whatwaf.py -u ********************
Version:0.8.3