search

EnableSecurity / wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
https://www.enablesecurity.com/
BSD 3-Clause "New" or "Revised" License
5.27k stars 933 forks source link

AttributeError: 'NoneType' object has no attribute 'headers' #124

Closed m4ll0k closed 3 years ago

m4ll0k commented 3 years ago

$ wafw00f http://balancepayout.paypal.com

Traceback (most recent call last):
  File "/usr/local/bin/wafw00f", line 4, in <module>
    __import__('pkg_resources').run_script('wafw00f==2.1.0', 'wafw00f')
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 658, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1438, in run_script
    exec(code, namespace, namespace)
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/EGG-INFO/scripts/wafw00f", line 8, in <module>
    main.main()
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/wafw00f/main.py", line 442, in main
    if attacker.genericdetect():
  File "/usr/local/lib/python3.6/dist-packages/wafw00f-2.1.0-py3.6.egg/wafw00f/main.py", line 142, in genericdetect
    attackresponse_server = response.headers.get('Server')
AttributeError: 'NoneType' object has no attribute 'headers'
0xInfection commented 3 years ago

Verified that is a bug. Will shortly push a fix to this.

0xInfection commented 3 years ago

This was an interesting case, when using HTTPS, the error never came up, but on HTTP this behavior is reproducible. Was an important fix.

Thank you @m4ll0k for pulling this up!